Avira hlásí virus - nedaří se ho zlikvidovat Vyřešeno
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Nijak to tam vložit nejde.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Na disku C se ti vytvoří adresář/složka pojmenovaná Qoobox a v ní bude další adresář Quarantine a v ní najdeš archiv v podobném tvaru [4]-Submit a_2012-04-16@14.14.zip kde čísla za @ znamenají aktuální čas vytvoření souboru. Pošli mi ho jako přílohu přes SZ. Dík.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
KillAll::
Suspect::
C:WINDOWSsystem32\Drivers\PROCEXP113.SYS
C:\windows\system32\DRIVERS\i8042prt.sys
C:\windows\system32\Drivers\a7xlsjs1.SYS
C:\windows\system32\Drivers\a7xlsjs1.SYS
Quit::Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Na disku C se ti vytvoří adresář/složka pojmenovaná Qoobox a v ní bude další adresář Quarantine a v ní najdeš archiv v podobném tvaru [4]-Submit a_2012-04-16@14.14.zip kde čísla za @ znamenají aktuální čas vytvoření souboru. Pošli mi ho jako přílohu přes SZ. Dík.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Tady je log z ComboFix:
ComboFix 12-08-14.05 - Pavel 15.08.2012 7:05.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1167 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\windows\system32\drivers\i8042prt.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-15 do 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 04:52 . 2012-08-15 04:52 -------- d-----w- c:\program files\ESET
2012-08-15 04:52 . 2012-08-15 04:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-08-12 11:40 . 2012-08-12 11:44 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\SpeedBIT
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SpeedBit
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\program files\Common Files\SpeedBit
2012-08-12 11:40 . 2012-08-12 11:39 90824 ----a-w- c:\windows\system32\EasyHook32.dll
2012-08-12 11:40 . 2012-08-12 11:39 109256 ----a-w- c:\windows\system32\EasyHook64.dll
2012-08-12 10:19 . 2012-08-12 10:19 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\BabylonToolbar
2012-08-12 10:19 . 2012-08-12 10:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Browser Manager
2012-08-12 10:18 . 2012-08-12 10:19 -------- d-----w- c:\program files\YourFileDownloader
2012-08-12 10:18 . 2012-08-12 10:18 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\YourFileDownloader
2012-08-12 08:37 . 2012-08-12 08:48 -------- d-----w- c:\program files\RAR Password Unlocker
2012-08-11 13:13 . 2012-08-11 13:13 -------- d--h--w- c:\windows\msdownld.tmp
2012-08-11 13:13 . 2012-08-11 13:13 -------- d-----w- C:\Games
2012-08-11 05:45 . 2012-08-11 05:45 388096 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-11 05:45 . 2012-08-11 05:45 -------- d-----w- c:\program files\Trend Micro
2012-08-10 19:25 . 2012-08-10 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 17:18 . 2012-08-10 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\ESET
2012-08-10 13:03 . 2012-08-10 13:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2012-08-10 13:01 . 2012-08-10 17:04 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\FileDoumi
2012-08-10 13:01 . 2012-08-10 17:20 -------- d-----w- c:\program files\Daum
2012-08-10 13:00 . 2012-08-11 05:02 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\AppIs
2012-08-10 12:58 . 2012-08-10 12:58 -------- d-----w- c:\program files\PANDORA.TV
2012-08-06 07:36 . 2012-08-06 13:43 -------- d-----w- c:\program files\Safari
2012-08-06 07:26 . 2012-05-10 15:34 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-08-06 07:26 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-08-06 07:26 . 2012-05-11 12:14 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-07-30 17:35 . 2012-07-30 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\IObit
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\winrm
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\GroupPolicy
2012-07-30 11:39 . 2012-07-30 11:39 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-30 11:37 . 2012-05-24 08:48 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-22 19:52 . 2012-07-22 19:52 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\2K Sports
2012-07-22 19:33 . 2012-07-22 19:33 -------- d-----w- c:\program files\2K Sports
2012-07-16 16:36 . 2012-07-17 09:45 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Epson
2012-07-16 16:29 . 2012-07-16 16:29 -------- d-----w- c:\program files\Common Files\EPSON
2012-07-16 16:29 . 2012-07-16 16:23 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-07-16 16:29 . 2012-07-16 16:23 93696 ----a-w- c:\windows\system32\E_TLBHTU.DLL
2012-07-16 16:29 . 2012-07-16 16:23 81408 ----a-w- c:\windows\system32\E_TD4BHTU.DLL
2012-07-16 16:27 . 2012-07-16 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UDL
2012-07-16 16:24 . 2012-07-16 16:24 -------- d-----w- c:\program files\EpsonNet
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\ensppui.dll
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\enppui.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\ensppmon.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\enppmon.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enspres.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enpres.dll
2012-07-16 16:24 . 2012-07-16 16:27 -------- d-----w- c:\program files\EPSON Software
2012-07-16 16:24 . 2012-07-16 16:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EPSON
2012-07-16 16:24 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-07-16 16:24 . 2009-10-15 22:00 12800 ----a-w- c:\windows\system32\escdev.dll
2012-07-16 16:24 . 2009-09-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2012-07-16 16:23 . 2012-07-16 16:23 -------- d-----w- c:\program files\epson
2012-07-16 08:18 . 2012-07-16 08:18 2409872 ----a-w- c:\windows\system32\DaumActiveX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 19:11 . 2012-06-01 17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 19:11 . 2011-08-28 07:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 15:35 . 2009-04-27 12:45 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 15:35 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-30 13:38 . 2009-04-27 12:20 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-30 13:38 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-03 11:46 . 2011-08-28 13:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 14:54 . 2008-09-30 12:50 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 12:00 . 2008-09-30 12:50 20065936 ----a-w- c:\windows\RTHDCPL.EXE
2012-06-05 15:49 . 2008-04-14 03:21 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-09-30 14:25 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-09-30 12:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-09-30 12:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-09-30 14:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-09-30 14:25 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-09-30 12:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-09-30 12:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-09-30 12:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2011-02-15 13:17 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2011-02-15 13:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-02-15 13:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 16:06 . 2008-09-30 12:50 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-07-21 16:29 . 2012-05-27 11:57 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE" [2012-07-16 219008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" [2012-06-20 405832]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Content Manager Assistant for PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-01-08 11:00 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSIAfterburner]
2012-06-20 03:55 405832 ----a-w- c:\program files\MSI Afterburner\MSIAfterburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-11-25 07:43 2781000 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"=c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" /s
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Midway Games\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Call of duty 6 MW 2\\iw4mp.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2008 18:52 691696]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [26.6.2011 15:06 149376]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [30.9.2008 14:47 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 104160]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [30.7.2012 13:14 913792]
R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [12.8.2012 12:19 1697312]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [17.3.2012 12:13 21992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.3.2012 15:40 913144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [16.7.2012 12:19 1262400]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.11.2010 9:44 2404168]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [9.5.2012 18:23 185856]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [30.9.2008 18:42 57152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16.5.2011 8:13 197224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.6.2012 19:45 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.5.2011 20:05 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.5.2012 13:57 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.2.2011 16:10 47360]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 5:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 3:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 3:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 19:11]
.
2012-01-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAVEL-A5C71F66F-Pavel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-08 11:00]
.
2012-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-14 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.speedbit.com/?s=C8Ca105
mStart Page = hxxp://home.sweetim.com/?crg=4.0002002
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 10.152.101.1
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\hymsdyhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?s=C8Ca106&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 07:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a6,5c,bf,f2,7d,ae,eb,af,9a,7c,3f,9c,a6,19,6d,10,19,f8,12,87,fd,af,41,
46,26,c6,dd,82,a9,91,02,3e,cf,6c,3f,8d,ee,a6,81,fe,cf,d0,3b,30,80,7f,fd,d9,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,47,ff,61,d2,00,f9,3e,72,70,c9,7c,c0,71,80,97,2e,27,58,48,01,
1a,6a,a5,b8,fc,23,ff,cc,f8,63,36,6e,81,5f,77,60,90,42,f1,58,d2,5b,eb,96,9c,\
"rkeysecu"=hex:a8,a3,cb,3b,9e,10,da,4f,e6,ec,6c,62,8a,a7,84,85
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="D09F0BD1FCE4EA6926C5AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DA6A0AC4980AC79330FF22269962B6B7B30AA622D866412E0AB355EB2997D84238D1685C0500C4772A55F2CB46D2C5A563A858E91D75E1D8A9449141849F68359DA2CF6F4519D1C93B075267324D9618F3ACB8851BBB260BDDB5C8813C7DCACCAD88A6D70EEF928CF38BF8A4FDE648E98FCBABCCDAC13E57431FA33DB0681A818BFB08D672F33CF9015CECC16D8BF28C5A013088DB9F36F0D1A36FDD38579D4CB1723F03229213028F635D1B65DA422519B18BCB9048E71496E26497BDEA2424E3E66A14B0ADF174B610C70C64E8FABD73313A1A0436015CF5BE2E8FA3D9636716585A05591CD851129EDF701A1BFA1DB84516F35C0AAB4ABE20A211EDF3BAAE6150FE011938DB3F5FBFBA9C060B899C17FA3D50BD971644A57BD2FD21A354EC72416CB6778070B5BD5D63886A6445954675DF35E027FE400E32441AAD16D020FC1313DE5BEE4AB850BA84EF7A66EDC3F53D8E20BBFE131800465FA5F83145A1BEFFB043A7217E69C421D895EA506549431F12C942D68F4E788AFF24ABE1AA1AF0413653ABB4F432CF562F8A57DA023CA3E09CB9F77A910B49635B36AA637D474A89A99DC5186FB26F3AD235F1B16DF391002B577E27D98C7A6ABBDE2F0E227F45938CABCFEF67D5DE13680BFFE81571F8D474F89C30256E9864C02F9EB5E7B20E9181B1C269FED8B33B6FEA0BFC3889CF1C4F267859745C3D4D4E91B74A8EDC97FE71D5D3A44A04CB4EEFDFD8501A6B84FEA6EC526E3176309074E557E0B4AA914D95A89C36B222005A3D3F88D22995B07AE830138D02EBCE92800DA910E92D9F5A44D4BDE602FEB959CC9572AD1FC52D108E895E00AA6A59403C084C8FE7CDBC404E6F2BC32BB782F249B023F81204FBB74C6A55B024958FAE3C74AD271711178360AF4A0B4ED70EA8AFA0448640667A4F4BDF7F56C19F2DF9CC0CC733B8F425BFC9068E27E206638240D8FCFF26714BE0D5FF41344C9F75E834A4F83F527990820458970EAE04C5AC7EAF9F8692FB2934530AA29C4444E61F1F6B7EA013EA7736969B9481873FCE750213B7848FC847F2B2BCB427024BFAAC54F122CFC8FDE6228AEF9016A4DB34A1FB07117D3A42F2FCFBDAE7B8BBAFA4F60CC0C59510797EDAF3FF340891910411710DCB393ACBBA946CA4B08208B1337A7DE7898A6460D84D4B674C3603618609FA5E0BDD3D09945A82842AE7BD0FC9E05E8CFA6EC23DD67F2A3E85C9BB5338D25D1093BA40217AD921F5249AD751498E5C1AB5256280EADE98C67ECB160AE8416E180C55A62EAE2A5EE64C50D1B17873C344B7FD61305BE1A6827EDD72EB9D2671E190B"
"OODEFRAG14.00.00.01PROFESSIONAL"="FB3F09A3A449E0D2AC3B733FE83942528C8CFCA69F670285440D2D980C7F316CA1F2FAD18BAE6DBF539FF02A3C3A2297F77A9BC2EB9CA3257857C74361BA96F6B57617AD6D2A294E848A5F36537A9A87F8D5D9377AA0961285D3A3AB71E5D8F064708F4046682BD7D7DA45EFA831A84EB3D7343460555BE7B9AFD1C28DA79F0749A8A8DBC3FB60B857913C28E6F81E98BED9B92BE67C48445A41F4BA3E8C6468F48C3B13CA5887D17F53F375EFCE9E17A4DA0ED18BBD86CB20FDC78ABB05F5C9EC2C36BFF1593588C3EB2CAE56172380657E682200FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B5558EDD5E5BE2F6E667091403F7B7A5E29C4A6E90072E6CD2B90972CB5A7E82D56C9F68DB09C2F2ACC7E3AFE92F5B0E1D5B7F4B0D370716E16C48B739790E45A5793C16CC27F817950F7E202309E2EE7E6B6DF4BB09CD06F873C12FF3108DAB2C78424FC533C5D5984809F128AD6F84F71ACF5BEBB2FA6AABB8D94BBB03F07A3D8D602C985EB32A68771883F9BD471B3E6644C26EE0AE0950D6D6D7D1AACF0AEF95241D974E751FFE53268A9EC8D596CB854DC518312CB6FEA16572FED2E6461F1F04649A1C60D797C6100D1E56A66BDBDF51CEC33759DF181F130D8B3C9630E86AD6187E546B09B17297E7055FEB2671929AA04EF9C283BC8655EB4819E0DA33EF5AA421F7B5FB91A9614AE3D27DE3506D584F1A749634534782AA06136E6F225AAE4766FCFE8D40F3F8B8CE92535603769B430C95261A058155369C460C2AA3065693B7CBAB2F898DC88ADFF38C45D563DB390EC06A71C10D6E50E6C0285B6408BC707EC0C5667DE3A36AB241690AD9A273C28ECC7D08BAF0510FC288586758A5AC182C2D794CF01CBF59E7B9D193E4D59FC4FD041E40E5EB645B9316D3C5B75AD619B357180F7B8EB42BA50ECE628ECE84F5D226AF14FD6F7374BED27504FC534FD78B7696EDF744028712648D8E3697A6E58666B88C80202EEA30213E4166738E09B1B90DC0097E076A5B5661C1FAED7274966B644BB058A72556535232F7D172B8A4C039EE11B10BA2B273BFBA433F35D40451010192A658DCA3B3F89F79B8B8C567207B7639823654CABDC14BB8B2A091D5A40276F24B1A1F0E7C9EE374A607618161D9686CCE96F7DE2926D8C69F4C0794EB7F85DD3B2C4F11DD52713A4D669401027B695C251D59A9A14EDF9F13B2E5CE9AB19FA6A034A1ABFB48CCDB95433873722E34FB4A1F97EB0440EC38CD3133161EF84663D9B6205F6FD88C31976C7CEB186315043456266BA226A2C9430BC67F54D811ED77A1A934C37FDCD5A298E3044CAE6DEF8EDFCEEFC4CE36511C664F2590F62C64BEC2EEB3795D0029B9DEC3D5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2824)
c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Sony\Content Manager Assistant\CMAWatcher.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-08-15 07:15:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-15 05:15
.
Před spuštěním: Volných bajtů: 57 088 159 744
Po spuštění: Volných bajtů: 56 927 440 896
.
- - End Of File - - C56413A392E79DC4C5E30459C39DB7FA
Nahr nˇ probŘhlo ŁspŘçnŘ
ComboFix 12-08-14.05 - Pavel 15.08.2012 7:05.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1167 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
file zipped: c:\windows\system32\drivers\i8042prt.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-15 do 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 04:52 . 2012-08-15 04:52 -------- d-----w- c:\program files\ESET
2012-08-15 04:52 . 2012-08-15 04:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-08-12 11:40 . 2012-08-12 11:44 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\SpeedBIT
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SpeedBit
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\program files\Common Files\SpeedBit
2012-08-12 11:40 . 2012-08-12 11:39 90824 ----a-w- c:\windows\system32\EasyHook32.dll
2012-08-12 11:40 . 2012-08-12 11:39 109256 ----a-w- c:\windows\system32\EasyHook64.dll
2012-08-12 10:19 . 2012-08-12 10:19 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\BabylonToolbar
2012-08-12 10:19 . 2012-08-12 10:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Browser Manager
2012-08-12 10:18 . 2012-08-12 10:19 -------- d-----w- c:\program files\YourFileDownloader
2012-08-12 10:18 . 2012-08-12 10:18 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\YourFileDownloader
2012-08-12 08:37 . 2012-08-12 08:48 -------- d-----w- c:\program files\RAR Password Unlocker
2012-08-11 13:13 . 2012-08-11 13:13 -------- d--h--w- c:\windows\msdownld.tmp
2012-08-11 13:13 . 2012-08-11 13:13 -------- d-----w- C:\Games
2012-08-11 05:45 . 2012-08-11 05:45 388096 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-11 05:45 . 2012-08-11 05:45 -------- d-----w- c:\program files\Trend Micro
2012-08-10 19:25 . 2012-08-10 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 17:18 . 2012-08-10 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\ESET
2012-08-10 13:03 . 2012-08-10 13:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2012-08-10 13:01 . 2012-08-10 17:04 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\FileDoumi
2012-08-10 13:01 . 2012-08-10 17:20 -------- d-----w- c:\program files\Daum
2012-08-10 13:00 . 2012-08-11 05:02 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\AppIs
2012-08-10 12:58 . 2012-08-10 12:58 -------- d-----w- c:\program files\PANDORA.TV
2012-08-06 07:36 . 2012-08-06 13:43 -------- d-----w- c:\program files\Safari
2012-08-06 07:26 . 2012-05-10 15:34 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-08-06 07:26 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-08-06 07:26 . 2012-05-11 12:14 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-07-30 17:35 . 2012-07-30 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\IObit
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\winrm
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\GroupPolicy
2012-07-30 11:39 . 2012-07-30 11:39 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-30 11:37 . 2012-05-24 08:48 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-22 19:52 . 2012-07-22 19:52 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\2K Sports
2012-07-22 19:33 . 2012-07-22 19:33 -------- d-----w- c:\program files\2K Sports
2012-07-16 16:36 . 2012-07-17 09:45 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Epson
2012-07-16 16:29 . 2012-07-16 16:29 -------- d-----w- c:\program files\Common Files\EPSON
2012-07-16 16:29 . 2012-07-16 16:23 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-07-16 16:29 . 2012-07-16 16:23 93696 ----a-w- c:\windows\system32\E_TLBHTU.DLL
2012-07-16 16:29 . 2012-07-16 16:23 81408 ----a-w- c:\windows\system32\E_TD4BHTU.DLL
2012-07-16 16:27 . 2012-07-16 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UDL
2012-07-16 16:24 . 2012-07-16 16:24 -------- d-----w- c:\program files\EpsonNet
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\ensppui.dll
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\enppui.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\ensppmon.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\enppmon.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enspres.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enpres.dll
2012-07-16 16:24 . 2012-07-16 16:27 -------- d-----w- c:\program files\EPSON Software
2012-07-16 16:24 . 2012-07-16 16:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EPSON
2012-07-16 16:24 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-07-16 16:24 . 2009-10-15 22:00 12800 ----a-w- c:\windows\system32\escdev.dll
2012-07-16 16:24 . 2009-09-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2012-07-16 16:23 . 2012-07-16 16:23 -------- d-----w- c:\program files\epson
2012-07-16 08:18 . 2012-07-16 08:18 2409872 ----a-w- c:\windows\system32\DaumActiveX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 19:11 . 2012-06-01 17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 19:11 . 2011-08-28 07:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 15:35 . 2009-04-27 12:45 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 15:35 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-30 13:38 . 2009-04-27 12:20 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-30 13:38 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-03 11:46 . 2011-08-28 13:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 14:54 . 2008-09-30 12:50 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 12:00 . 2008-09-30 12:50 20065936 ----a-w- c:\windows\RTHDCPL.EXE
2012-06-05 15:49 . 2008-04-14 03:21 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-09-30 14:25 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-09-30 12:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-09-30 12:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-09-30 14:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-09-30 14:25 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-09-30 12:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-09-30 12:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-09-30 12:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2011-02-15 13:17 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2011-02-15 13:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-02-15 13:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 16:06 . 2008-09-30 12:50 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-07-21 16:29 . 2012-05-27 11:57 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE" [2012-07-16 219008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" [2012-06-20 405832]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Content Manager Assistant for PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-01-08 11:00 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSIAfterburner]
2012-06-20 03:55 405832 ----a-w- c:\program files\MSI Afterburner\MSIAfterburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-11-25 07:43 2781000 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"=c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" /s
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Midway Games\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Call of duty 6 MW 2\\iw4mp.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2008 18:52 691696]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [26.6.2011 15:06 149376]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [30.9.2008 14:47 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 104160]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [30.7.2012 13:14 913792]
R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [12.8.2012 12:19 1697312]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [17.3.2012 12:13 21992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.3.2012 15:40 913144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [16.7.2012 12:19 1262400]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.11.2010 9:44 2404168]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [9.5.2012 18:23 185856]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [30.9.2008 18:42 57152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16.5.2011 8:13 197224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.6.2012 19:45 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.5.2011 20:05 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.5.2012 13:57 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.2.2011 16:10 47360]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 5:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 3:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 3:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 19:11]
.
2012-01-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAVEL-A5C71F66F-Pavel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-08 11:00]
.
2012-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-14 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.speedbit.com/?s=C8Ca105
mStart Page = hxxp://home.sweetim.com/?crg=4.0002002
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 10.152.101.1
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\hymsdyhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?s=C8Ca106&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 07:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a6,5c,bf,f2,7d,ae,eb,af,9a,7c,3f,9c,a6,19,6d,10,19,f8,12,87,fd,af,41,
46,26,c6,dd,82,a9,91,02,3e,cf,6c,3f,8d,ee,a6,81,fe,cf,d0,3b,30,80,7f,fd,d9,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,47,ff,61,d2,00,f9,3e,72,70,c9,7c,c0,71,80,97,2e,27,58,48,01,
1a,6a,a5,b8,fc,23,ff,cc,f8,63,36,6e,81,5f,77,60,90,42,f1,58,d2,5b,eb,96,9c,\
"rkeysecu"=hex:a8,a3,cb,3b,9e,10,da,4f,e6,ec,6c,62,8a,a7,84,85
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="D09F0BD1FCE4EA6926C5AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DA6A0AC4980AC79330FF22269962B6B7B30AA622D866412E0AB355EB2997D84238D1685C0500C4772A55F2CB46D2C5A563A858E91D75E1D8A9449141849F68359DA2CF6F4519D1C93B075267324D9618F3ACB8851BBB260BDDB5C8813C7DCACCAD88A6D70EEF928CF38BF8A4FDE648E98FCBABCCDAC13E57431FA33DB0681A818BFB08D672F33CF9015CECC16D8BF28C5A013088DB9F36F0D1A36FDD38579D4CB1723F03229213028F635D1B65DA422519B18BCB9048E71496E26497BDEA2424E3E66A14B0ADF174B610C70C64E8FABD73313A1A0436015CF5BE2E8FA3D9636716585A05591CD851129EDF701A1BFA1DB84516F35C0AAB4ABE20A211EDF3BAAE6150FE011938DB3F5FBFBA9C060B899C17FA3D50BD971644A57BD2FD21A354EC72416CB6778070B5BD5D63886A6445954675DF35E027FE400E32441AAD16D020FC1313DE5BEE4AB850BA84EF7A66EDC3F53D8E20BBFE131800465FA5F83145A1BEFFB043A7217E69C421D895EA506549431F12C942D68F4E788AFF24ABE1AA1AF0413653ABB4F432CF562F8A57DA023CA3E09CB9F77A910B49635B36AA637D474A89A99DC5186FB26F3AD235F1B16DF391002B577E27D98C7A6ABBDE2F0E227F45938CABCFEF67D5DE13680BFFE81571F8D474F89C30256E9864C02F9EB5E7B20E9181B1C269FED8B33B6FEA0BFC3889CF1C4F267859745C3D4D4E91B74A8EDC97FE71D5D3A44A04CB4EEFDFD8501A6B84FEA6EC526E3176309074E557E0B4AA914D95A89C36B222005A3D3F88D22995B07AE830138D02EBCE92800DA910E92D9F5A44D4BDE602FEB959CC9572AD1FC52D108E895E00AA6A59403C084C8FE7CDBC404E6F2BC32BB782F249B023F81204FBB74C6A55B024958FAE3C74AD271711178360AF4A0B4ED70EA8AFA0448640667A4F4BDF7F56C19F2DF9CC0CC733B8F425BFC9068E27E206638240D8FCFF26714BE0D5FF41344C9F75E834A4F83F527990820458970EAE04C5AC7EAF9F8692FB2934530AA29C4444E61F1F6B7EA013EA7736969B9481873FCE750213B7848FC847F2B2BCB427024BFAAC54F122CFC8FDE6228AEF9016A4DB34A1FB07117D3A42F2FCFBDAE7B8BBAFA4F60CC0C59510797EDAF3FF340891910411710DCB393ACBBA946CA4B08208B1337A7DE7898A6460D84D4B674C3603618609FA5E0BDD3D09945A82842AE7BD0FC9E05E8CFA6EC23DD67F2A3E85C9BB5338D25D1093BA40217AD921F5249AD751498E5C1AB5256280EADE98C67ECB160AE8416E180C55A62EAE2A5EE64C50D1B17873C344B7FD61305BE1A6827EDD72EB9D2671E190B"
"OODEFRAG14.00.00.01PROFESSIONAL"="FB3F09A3A449E0D2AC3B733FE83942528C8CFCA69F670285440D2D980C7F316CA1F2FAD18BAE6DBF539FF02A3C3A2297F77A9BC2EB9CA3257857C74361BA96F6B57617AD6D2A294E848A5F36537A9A87F8D5D9377AA0961285D3A3AB71E5D8F064708F4046682BD7D7DA45EFA831A84EB3D7343460555BE7B9AFD1C28DA79F0749A8A8DBC3FB60B857913C28E6F81E98BED9B92BE67C48445A41F4BA3E8C6468F48C3B13CA5887D17F53F375EFCE9E17A4DA0ED18BBD86CB20FDC78ABB05F5C9EC2C36BFF1593588C3EB2CAE56172380657E682200FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B5558EDD5E5BE2F6E667091403F7B7A5E29C4A6E90072E6CD2B90972CB5A7E82D56C9F68DB09C2F2ACC7E3AFE92F5B0E1D5B7F4B0D370716E16C48B739790E45A5793C16CC27F817950F7E202309E2EE7E6B6DF4BB09CD06F873C12FF3108DAB2C78424FC533C5D5984809F128AD6F84F71ACF5BEBB2FA6AABB8D94BBB03F07A3D8D602C985EB32A68771883F9BD471B3E6644C26EE0AE0950D6D6D7D1AACF0AEF95241D974E751FFE53268A9EC8D596CB854DC518312CB6FEA16572FED2E6461F1F04649A1C60D797C6100D1E56A66BDBDF51CEC33759DF181F130D8B3C9630E86AD6187E546B09B17297E7055FEB2671929AA04EF9C283BC8655EB4819E0DA33EF5AA421F7B5FB91A9614AE3D27DE3506D584F1A749634534782AA06136E6F225AAE4766FCFE8D40F3F8B8CE92535603769B430C95261A058155369C460C2AA3065693B7CBAB2F898DC88ADFF38C45D563DB390EC06A71C10D6E50E6C0285B6408BC707EC0C5667DE3A36AB241690AD9A273C28ECC7D08BAF0510FC288586758A5AC182C2D794CF01CBF59E7B9D193E4D59FC4FD041E40E5EB645B9316D3C5B75AD619B357180F7B8EB42BA50ECE628ECE84F5D226AF14FD6F7374BED27504FC534FD78B7696EDF744028712648D8E3697A6E58666B88C80202EEA30213E4166738E09B1B90DC0097E076A5B5661C1FAED7274966B644BB058A72556535232F7D172B8A4C039EE11B10BA2B273BFBA433F35D40451010192A658DCA3B3F89F79B8B8C567207B7639823654CABDC14BB8B2A091D5A40276F24B1A1F0E7C9EE374A607618161D9686CCE96F7DE2926D8C69F4C0794EB7F85DD3B2C4F11DD52713A4D669401027B695C251D59A9A14EDF9F13B2E5CE9AB19FA6A034A1ABFB48CCDB95433873722E34FB4A1F97EB0440EC38CD3133161EF84663D9B6205F6FD88C31976C7CEB186315043456266BA226A2C9430BC67F54D811ED77A1A934C37FDCD5A298E3044CAE6DEF8EDFCEEFC4CE36511C664F2590F62C64BEC2EEB3795D0029B9DEC3D5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2824)
c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Sony\Content Manager Assistant\CMAWatcher.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-08-15 07:15:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-15 05:15
.
Před spuštěním: Volných bajtů: 57 088 159 744
Po spuštění: Volných bajtů: 56 927 440 896
.
- - End Of File - - C56413A392E79DC4C5E30459C39DB7FA
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: Avira hlásí virus - nedaří se ho zlikvidovat
A tady je log z HJT:
A v SZ máš tu přílohu ze složky Qoobox.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:18:44, on 15.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE
C:\Program Files\Sony\Content Manager Assistant\CMA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?s=C8Ca105
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0002002
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files\MSI Afterburner\MSIAfterburner.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU"
O4 - HKUS\S-1-5-21-2025429265-606747145-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Content Manager Assistant for PlayStation(R).lnk = C:\Program Files\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2784641250
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
--
End of file - 13354 bytes
A v SZ máš tu přílohu ze složky Qoobox.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:18:44, on 15.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE
C:\Program Files\Sony\Content Manager Assistant\CMA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?s=C8Ca105
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0002002
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files\MSI Afterburner\MSIAfterburner.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX535WD" /EF "HKCU"
O4 - HKUS\S-1-5-21-2025429265-606747145-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Content Manager Assistant for PlayStation(R).lnk = C:\Program Files\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2784641250
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Manager - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
--
End of file - 13354 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Dík.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
KillAll::
File::
C:WINDOWSsystem32\Drivers\PROCEXP113.SYS
C:\windows\system32\Drivers\a7xlsjs1.SYS
C:\windows\system32\Drivers\a7xlsjs1.SYS
Folder::
c:\windows\msdownld.tmp
Firefox::
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\hymsdyhc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?s=C8Ca106&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Tady je ten log:
ComboFix 12-08-14.05 - Pavel 15.08.2012 14:08:43.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1111 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\system32\Drivers\a7xlsjs1.SYS"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-15 do 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 04:52 . 2012-08-15 04:52 -------- d-----w- c:\program files\ESET
2012-08-15 04:52 . 2012-08-15 04:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-08-12 11:40 . 2012-08-12 11:44 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\SpeedBIT
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SpeedBit
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\program files\Common Files\SpeedBit
2012-08-12 11:40 . 2012-08-12 11:39 90824 ----a-w- c:\windows\system32\EasyHook32.dll
2012-08-12 11:40 . 2012-08-12 11:39 109256 ----a-w- c:\windows\system32\EasyHook64.dll
2012-08-12 10:19 . 2012-08-12 10:19 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\BabylonToolbar
2012-08-12 10:19 . 2012-08-12 10:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Browser Manager
2012-08-12 10:18 . 2012-08-12 10:19 -------- d-----w- c:\program files\YourFileDownloader
2012-08-12 10:18 . 2012-08-12 10:18 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\YourFileDownloader
2012-08-12 08:37 . 2012-08-12 08:48 -------- d-----w- c:\program files\RAR Password Unlocker
2012-08-11 13:13 . 2012-08-11 13:13 -------- d-----w- C:\Games
2012-08-11 05:45 . 2012-08-11 05:45 388096 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-11 05:45 . 2012-08-11 05:45 -------- d-----w- c:\program files\Trend Micro
2012-08-10 19:25 . 2012-08-10 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 17:18 . 2012-08-10 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\ESET
2012-08-10 13:03 . 2012-08-10 13:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2012-08-10 13:01 . 2012-08-10 17:04 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\FileDoumi
2012-08-10 13:01 . 2012-08-10 17:20 -------- d-----w- c:\program files\Daum
2012-08-10 13:00 . 2012-08-11 05:02 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\AppIs
2012-08-10 12:58 . 2012-08-10 12:58 -------- d-----w- c:\program files\PANDORA.TV
2012-08-06 07:36 . 2012-08-06 13:43 -------- d-----w- c:\program files\Safari
2012-08-06 07:26 . 2012-05-10 15:34 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-08-06 07:26 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-08-06 07:26 . 2012-05-11 12:14 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-07-30 17:35 . 2012-07-30 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\IObit
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\winrm
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\GroupPolicy
2012-07-30 11:39 . 2012-07-30 11:39 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-30 11:37 . 2012-05-24 08:48 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-22 19:52 . 2012-07-22 19:52 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\2K Sports
2012-07-22 19:33 . 2012-07-22 19:33 -------- d-----w- c:\program files\2K Sports
2012-07-16 16:36 . 2012-07-17 09:45 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Epson
2012-07-16 16:29 . 2012-07-16 16:29 -------- d-----w- c:\program files\Common Files\EPSON
2012-07-16 16:29 . 2012-07-16 16:23 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-07-16 16:29 . 2012-07-16 16:23 93696 ----a-w- c:\windows\system32\E_TLBHTU.DLL
2012-07-16 16:29 . 2012-07-16 16:23 81408 ----a-w- c:\windows\system32\E_TD4BHTU.DLL
2012-07-16 16:27 . 2012-07-16 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UDL
2012-07-16 16:24 . 2012-07-16 16:24 -------- d-----w- c:\program files\EpsonNet
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\ensppui.dll
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\enppui.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\ensppmon.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\enppmon.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enspres.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enpres.dll
2012-07-16 16:24 . 2012-07-16 16:27 -------- d-----w- c:\program files\EPSON Software
2012-07-16 16:24 . 2012-07-16 16:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EPSON
2012-07-16 16:24 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-07-16 16:24 . 2009-10-15 22:00 12800 ----a-w- c:\windows\system32\escdev.dll
2012-07-16 16:24 . 2009-09-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2012-07-16 16:23 . 2012-07-16 16:23 -------- d-----w- c:\program files\epson
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 19:11 . 2012-06-01 17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 19:11 . 2011-08-28 07:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 15:35 . 2009-04-27 12:45 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 15:35 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-30 13:38 . 2009-04-27 12:20 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-30 13:38 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-16 08:18 . 2012-07-16 08:18 2409872 ----a-w- c:\windows\system32\DaumActiveX.dll
2012-07-03 11:46 . 2011-08-28 13:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 14:54 . 2008-09-30 12:50 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 12:00 . 2008-09-30 12:50 20065936 ----a-w- c:\windows\RTHDCPL.EXE
2012-06-05 15:49 . 2008-04-14 03:21 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-09-30 14:25 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-09-30 12:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-09-30 12:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-09-30 14:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-09-30 14:25 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-09-30 12:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-09-30 12:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-09-30 12:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2011-02-15 13:17 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2011-02-15 13:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-02-15 13:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 16:06 . 2008-09-30 12:50 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-07-21 16:29 . 2012-05-27 11:57 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_05.10.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-15 12:13 . 2012-08-15 12:13 16384 c:\windows\temp\Perflib_Perfdata_730.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE" [2012-07-16 219008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" [2012-06-20 405832]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Content Manager Assistant for PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-01-08 11:00 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSIAfterburner]
2012-06-20 03:55 405832 ----a-w- c:\program files\MSI Afterburner\MSIAfterburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-11-25 07:43 2781000 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"=c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" /s
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Midway Games\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Call of duty 6 MW 2\\iw4mp.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2008 18:52 691696]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [26.6.2011 15:06 149376]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [30.9.2008 14:47 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 104160]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [30.7.2012 13:14 913792]
R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [12.8.2012 12:19 1697312]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [17.3.2012 12:13 21992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.3.2012 15:40 913144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [16.7.2012 12:19 1262400]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.11.2010 9:44 2404168]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [9.5.2012 18:23 185856]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [30.9.2008 18:42 57152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16.5.2011 8:13 197224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.6.2012 19:45 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.5.2011 20:05 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.5.2012 13:57 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.2.2011 16:10 47360]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 5:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 3:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 3:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 19:11]
.
2012-01-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAVEL-A5C71F66F-Pavel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-08 11:00]
.
2012-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-15 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.speedbit.com/?s=C8Ca105
mStart Page = hxxp://home.sweetim.com/?crg=4.0002002
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 10.152.101.1
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\hymsdyhc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 14:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a6,5c,bf,f2,7d,ae,eb,af,9a,7c,3f,9c,a6,19,6d,10,19,f8,12,87,fd,af,41,
46,26,c6,dd,82,a9,91,02,3e,cf,6c,3f,8d,ee,a6,81,fe,cf,d0,3b,30,80,7f,fd,d9,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,47,ff,61,d2,00,f9,3e,72,70,c9,7c,c0,71,80,97,2e,27,58,48,01,
1a,6a,a5,b8,fc,23,ff,cc,f8,63,36,6e,81,5f,77,60,90,42,f1,58,d2,5b,eb,96,9c,\
"rkeysecu"=hex:a8,a3,cb,3b,9e,10,da,4f,e6,ec,6c,62,8a,a7,84,85
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="D09F0BD1FCE4EA6926C5AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DA6A0AC4980AC79330FF22269962B6B7B30AA622D866412E0AB355EB2997D84238D1685C0500C4772A55F2CB46D2C5A563A858E91D75E1D8A9449141849F68359DA2CF6F4519D1C93B075267324D9618F3ACB8851BBB260BDDB5C8813C7DCACCAD88A6D70EEF928CF38BF8A4FDE648E98FCBABCCDAC13E57431FA33DB0681A818BFB08D672F33CF9015CECC16D8BF28C5A013088DB9F36F0D1A36FDD38579D4CB1723F03229213028F635D1B65DA422519B18BCB9048E71496E26497BDEA2424E3E66A14B0ADF174B610C70C64E8FABD73313A1A0436015CF5BE2E8FA3D9636716585A05591CD851129EDF701A1BFA1DB84516F35C0AAB4ABE20A211EDF3BAAE6150FE011938DB3F5FBFBA9C060B899C17FA3D50BD971644A57BD2FD21A354EC72416CB6778070B5BD5D63886A6445954675DF35E027FE400E32441AAD16D020FC1313DE5BEE4AB850BA84EF7A66EDC3F53D8E20BBFE131800465FA5F83145A1BEFFB043A7217E69C421D895EA506549431F12C942D68F4E788AFF24ABE1AA1AF0413653ABB4F432CF562F8A57DA023CA3E09CB9F77A910B49635B36AA637D474A89A99DC5186FB26F3AD235F1B16DF391002B577E27D98C7A6ABBDE2F0E227F45938CABCFEF67D5DE13680BFFE81571F8D474F89C30256E9864C02F9EB5E7B20E9181B1C269FED8B33B6FEA0BFC3889CF1C4F267859745C3D4D4E91B74A8EDC97FE71D5D3A44A04CB4EEFDFD8501A6B84FEA6EC526E3176309074E557E0B4AA914D95A89C36B222005A3D3F88D22995B07AE830138D02EBCE92800DA910E92D9F5A44D4BDE602FEB959CC9572AD1FC52D108E895E00AA6A59403C084C8FE7CDBC404E6F2BC32BB782F249B023F81204FBB74C6A55B024958FAE3C74AD271711178360AF4A0B4ED70EA8AFA0448640667A4F4BDF7F56C19F2DF9CC0CC733B8F425BFC9068E27E206638240D8FCFF26714BE0D5FF41344C9F75E834A4F83F527990820458970EAE04C5AC7EAF9F8692FB2934530AA29C4444E61F1F6B7EA013EA7736969B9481873FCE750213B7848FC847F2B2BCB427024BFAAC54F122CFC8FDE6228AEF9016A4DB34A1FB07117D3A42F2FCFBDAE7B8BBAFA4F60CC0C59510797EDAF3FF340891910411710DCB393ACBBA946CA4B08208B1337A7DE7898A6460D84D4B674C3603618609FA5E0BDD3D09945A82842AE7BD0FC9E05E8CFA6EC23DD67F2A3E85C9BB5338D25D1093BA40217AD921F5249AD751498E5C1AB5256280EADE98C67ECB160AE8416E180C55A62EAE2A5EE64C50D1B17873C344B7FD61305BE1A6827EDD72EB9D2671E190B"
"OODEFRAG14.00.00.01PROFESSIONAL"="FB3F09A3A449E0D2AC3B733FE83942528C8CFCA69F670285440D2D980C7F316CA1F2FAD18BAE6DBF539FF02A3C3A2297F77A9BC2EB9CA3257857C74361BA96F6B57617AD6D2A294E848A5F36537A9A87F8D5D9377AA0961285D3A3AB71E5D8F064708F4046682BD7D7DA45EFA831A84EB3D7343460555BE7B9AFD1C28DA79F0749A8A8DBC3FB60B857913C28E6F81E98BED9B92BE67C48445A41F4BA3E8C6468F48C3B13CA5887D17F53F375EFCE9E17A4DA0ED18BBD86CB20FDC78ABB05F5C9EC2C36BFF1593588C3EB2CAE56172380657E682200FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B5558EDD5E5BE2F6E667091403F7B7A5E29C4A6E90072E6CD2B90972CB5A7E82D56C9F68DB09C2F2ACC7E3AFE92F5B0E1D5B7F4B0D370716E16C48B739790E45A5793C16CC27F817950F7E202309E2EE7E6B6DF4BB09CD06F873C12FF3108DAB2C78424FC533C5D5984809F128AD6F84F71ACF5BEBB2FA6AABB8D94BBB03F07A3D8D602C985EB32A68771883F9BD471B3E6644C26EE0AE0950D6D6D7D1AACF0AEF95241D974E751FFE53268A9EC8D596CB854DC518312CB6FEA16572FED2E6461F1F04649A1C60D797C6100D1E56A66BDBDF51CEC33759DF181F130D8B3C9630E86AD6187E546B09B17297E7055FEB2671929AA04EF9C283BC8655EB4819E0DA33EF5AA421F7B5FB91A9614AE3D27DE3506D584F1A749634534782AA06136E6F225AAE4766FCFE8D40F3F8B8CE92535603769B430C95261A058155369C460C2AA3065693B7CBAB2F898DC88ADFF38C45D563DB390EC06A71C10D6E50E6C0285B6408BC707EC0C5667DE3A36AB241690AD9A273C28ECC7D08BAF0510FC288586758A5AC182C2D794CF01CBF59E7B9D193E4D59FC4FD041E40E5EB645B9316D3C5B75AD619B357180F7B8EB42BA50ECE628ECE84F5D226AF14FD6F7374BED27504FC534FD78B7696EDF744028712648D8E3697A6E58666B88C80202EEA30213E4166738E09B1B90DC0097E076A5B5661C1FAED7274966B644BB058A72556535232F7D172B8A4C039EE11B10BA2B273BFBA433F35D40451010192A658DCA3B3F89F79B8B8C567207B7639823654CABDC14BB8B2A091D5A40276F24B1A1F0E7C9EE374A607618161D9686CCE96F7DE2926D8C69F4C0794EB7F85DD3B2C4F11DD52713A4D669401027B695C251D59A9A14EDF9F13B2E5CE9AB19FA6A034A1ABFB48CCDB95433873722E34FB4A1F97EB0440EC38CD3133161EF84663D9B6205F6FD88C31976C7CEB186315043456266BA226A2C9430BC67F54D811ED77A1A934C37FDCD5A298E3044CAE6DEF8EDFCEEFC4CE36511C664F2590F62C64BEC2EEB3795D0029B9DEC3D5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3956)
c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Sony\Content Manager Assistant\CMAWatcher.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-08-15 14:19:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-15 12:19
.
Před spuštěním: Volných bajtů: 56 558 137 344
Po spuštění: Volných bajtů: 56 534 585 344
.
- - End Of File - - 62CA2975BFC27A9EDF542F0781F0EEED
ComboFix 12-08-14.05 - Pavel 15.08.2012 14:08:43.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1111 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\system32\Drivers\a7xlsjs1.SYS"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-15 do 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 04:52 . 2012-08-15 04:52 -------- d-----w- c:\program files\ESET
2012-08-15 04:52 . 2012-08-15 04:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-08-12 11:40 . 2012-08-12 11:44 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\SpeedBIT
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SpeedBit
2012-08-12 11:40 . 2012-08-12 11:40 -------- d-----w- c:\program files\Common Files\SpeedBit
2012-08-12 11:40 . 2012-08-12 11:39 90824 ----a-w- c:\windows\system32\EasyHook32.dll
2012-08-12 11:40 . 2012-08-12 11:39 109256 ----a-w- c:\windows\system32\EasyHook64.dll
2012-08-12 10:19 . 2012-08-12 10:19 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\BabylonToolbar
2012-08-12 10:19 . 2012-08-12 10:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Browser Manager
2012-08-12 10:18 . 2012-08-12 10:19 -------- d-----w- c:\program files\YourFileDownloader
2012-08-12 10:18 . 2012-08-12 10:18 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\YourFileDownloader
2012-08-12 08:37 . 2012-08-12 08:48 -------- d-----w- c:\program files\RAR Password Unlocker
2012-08-11 13:13 . 2012-08-11 13:13 -------- d-----w- C:\Games
2012-08-11 05:45 . 2012-08-11 05:45 388096 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-11 05:45 . 2012-08-11 05:45 -------- d-----w- c:\program files\Trend Micro
2012-08-10 19:25 . 2012-08-10 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 17:18 . 2012-08-10 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\ESET
2012-08-10 13:03 . 2012-08-10 13:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2012-08-10 13:01 . 2012-08-10 17:04 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\FileDoumi
2012-08-10 13:01 . 2012-08-10 17:20 -------- d-----w- c:\program files\Daum
2012-08-10 13:00 . 2012-08-11 05:02 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\AppIs
2012-08-10 12:58 . 2012-08-10 12:58 -------- d-----w- c:\program files\PANDORA.TV
2012-08-06 07:36 . 2012-08-06 13:43 -------- d-----w- c:\program files\Safari
2012-08-06 07:26 . 2012-05-10 15:34 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-08-06 07:26 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-08-06 07:26 . 2012-05-11 12:14 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-07-30 17:35 . 2012-07-30 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\IObit
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\winrm
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\GroupPolicy
2012-07-30 11:39 . 2012-07-30 11:39 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-30 11:37 . 2012-05-24 08:48 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-22 19:52 . 2012-07-22 19:52 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\2K Sports
2012-07-22 19:33 . 2012-07-22 19:33 -------- d-----w- c:\program files\2K Sports
2012-07-16 16:36 . 2012-07-17 09:45 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Epson
2012-07-16 16:29 . 2012-07-16 16:29 -------- d-----w- c:\program files\Common Files\EPSON
2012-07-16 16:29 . 2012-07-16 16:23 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-07-16 16:29 . 2012-07-16 16:23 93696 ----a-w- c:\windows\system32\E_TLBHTU.DLL
2012-07-16 16:29 . 2012-07-16 16:23 81408 ----a-w- c:\windows\system32\E_TD4BHTU.DLL
2012-07-16 16:27 . 2012-07-16 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UDL
2012-07-16 16:24 . 2012-07-16 16:24 -------- d-----w- c:\program files\EpsonNet
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\ensppui.dll
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\enppui.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\ensppmon.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\enppmon.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enspres.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enpres.dll
2012-07-16 16:24 . 2012-07-16 16:27 -------- d-----w- c:\program files\EPSON Software
2012-07-16 16:24 . 2012-07-16 16:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EPSON
2012-07-16 16:24 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-07-16 16:24 . 2009-10-15 22:00 12800 ----a-w- c:\windows\system32\escdev.dll
2012-07-16 16:24 . 2009-09-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2012-07-16 16:23 . 2012-07-16 16:23 -------- d-----w- c:\program files\epson
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 19:11 . 2012-06-01 17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 19:11 . 2011-08-28 07:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 15:35 . 2009-04-27 12:45 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 15:35 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-30 13:38 . 2009-04-27 12:20 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-30 13:38 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-16 08:18 . 2012-07-16 08:18 2409872 ----a-w- c:\windows\system32\DaumActiveX.dll
2012-07-03 11:46 . 2011-08-28 13:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 14:54 . 2008-09-30 12:50 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 12:00 . 2008-09-30 12:50 20065936 ----a-w- c:\windows\RTHDCPL.EXE
2012-06-05 15:49 . 2008-04-14 03:21 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-09-30 14:25 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-09-30 12:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-09-30 12:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-09-30 14:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-09-30 14:25 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-09-30 12:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-09-30 12:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-09-30 12:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2011-02-15 13:17 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2011-02-15 13:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-02-15 13:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 16:06 . 2008-09-30 12:50 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-07-21 16:29 . 2012-05-27 11:57 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_05.10.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-15 12:13 . 2012-08-15 12:13 16384 c:\windows\temp\Perflib_Perfdata_730.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE" [2012-07-16 219008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" [2012-06-20 405832]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Content Manager Assistant for PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-01-08 11:00 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSIAfterburner]
2012-06-20 03:55 405832 ----a-w- c:\program files\MSI Afterburner\MSIAfterburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-11-25 07:43 2781000 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"=c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" /s
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Midway Games\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Call of duty 6 MW 2\\iw4mp.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2008 18:52 691696]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [26.6.2011 15:06 149376]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [30.9.2008 14:47 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 104160]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [30.7.2012 13:14 913792]
R2 Browser Manager;Browser Manager;c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [12.8.2012 12:19 1697312]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [17.3.2012 12:13 21992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.3.2012 15:40 913144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [16.7.2012 12:19 1262400]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.11.2010 9:44 2404168]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [9.5.2012 18:23 185856]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [30.9.2008 18:42 57152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16.5.2011 8:13 197224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.6.2012 19:45 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.5.2011 20:05 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.5.2012 13:57 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.2.2011 16:10 47360]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 5:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 3:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 3:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 19:11]
.
2012-01-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAVEL-A5C71F66F-Pavel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-08 11:00]
.
2012-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-15 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.speedbit.com/?s=C8Ca105
mStart Page = hxxp://home.sweetim.com/?crg=4.0002002
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 10.152.101.1
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\hymsdyhc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 14:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a6,5c,bf,f2,7d,ae,eb,af,9a,7c,3f,9c,a6,19,6d,10,19,f8,12,87,fd,af,41,
46,26,c6,dd,82,a9,91,02,3e,cf,6c,3f,8d,ee,a6,81,fe,cf,d0,3b,30,80,7f,fd,d9,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,47,ff,61,d2,00,f9,3e,72,70,c9,7c,c0,71,80,97,2e,27,58,48,01,
1a,6a,a5,b8,fc,23,ff,cc,f8,63,36,6e,81,5f,77,60,90,42,f1,58,d2,5b,eb,96,9c,\
"rkeysecu"=hex:a8,a3,cb,3b,9e,10,da,4f,e6,ec,6c,62,8a,a7,84,85
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="D09F0BD1FCE4EA6926C5AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DA6A0AC4980AC79330FF22269962B6B7B30AA622D866412E0AB355EB2997D84238D1685C0500C4772A55F2CB46D2C5A563A858E91D75E1D8A9449141849F68359DA2CF6F4519D1C93B075267324D9618F3ACB8851BBB260BDDB5C8813C7DCACCAD88A6D70EEF928CF38BF8A4FDE648E98FCBABCCDAC13E57431FA33DB0681A818BFB08D672F33CF9015CECC16D8BF28C5A013088DB9F36F0D1A36FDD38579D4CB1723F03229213028F635D1B65DA422519B18BCB9048E71496E26497BDEA2424E3E66A14B0ADF174B610C70C64E8FABD73313A1A0436015CF5BE2E8FA3D9636716585A05591CD851129EDF701A1BFA1DB84516F35C0AAB4ABE20A211EDF3BAAE6150FE011938DB3F5FBFBA9C060B899C17FA3D50BD971644A57BD2FD21A354EC72416CB6778070B5BD5D63886A6445954675DF35E027FE400E32441AAD16D020FC1313DE5BEE4AB850BA84EF7A66EDC3F53D8E20BBFE131800465FA5F83145A1BEFFB043A7217E69C421D895EA506549431F12C942D68F4E788AFF24ABE1AA1AF0413653ABB4F432CF562F8A57DA023CA3E09CB9F77A910B49635B36AA637D474A89A99DC5186FB26F3AD235F1B16DF391002B577E27D98C7A6ABBDE2F0E227F45938CABCFEF67D5DE13680BFFE81571F8D474F89C30256E9864C02F9EB5E7B20E9181B1C269FED8B33B6FEA0BFC3889CF1C4F267859745C3D4D4E91B74A8EDC97FE71D5D3A44A04CB4EEFDFD8501A6B84FEA6EC526E3176309074E557E0B4AA914D95A89C36B222005A3D3F88D22995B07AE830138D02EBCE92800DA910E92D9F5A44D4BDE602FEB959CC9572AD1FC52D108E895E00AA6A59403C084C8FE7CDBC404E6F2BC32BB782F249B023F81204FBB74C6A55B024958FAE3C74AD271711178360AF4A0B4ED70EA8AFA0448640667A4F4BDF7F56C19F2DF9CC0CC733B8F425BFC9068E27E206638240D8FCFF26714BE0D5FF41344C9F75E834A4F83F527990820458970EAE04C5AC7EAF9F8692FB2934530AA29C4444E61F1F6B7EA013EA7736969B9481873FCE750213B7848FC847F2B2BCB427024BFAAC54F122CFC8FDE6228AEF9016A4DB34A1FB07117D3A42F2FCFBDAE7B8BBAFA4F60CC0C59510797EDAF3FF340891910411710DCB393ACBBA946CA4B08208B1337A7DE7898A6460D84D4B674C3603618609FA5E0BDD3D09945A82842AE7BD0FC9E05E8CFA6EC23DD67F2A3E85C9BB5338D25D1093BA40217AD921F5249AD751498E5C1AB5256280EADE98C67ECB160AE8416E180C55A62EAE2A5EE64C50D1B17873C344B7FD61305BE1A6827EDD72EB9D2671E190B"
"OODEFRAG14.00.00.01PROFESSIONAL"="FB3F09A3A449E0D2AC3B733FE83942528C8CFCA69F670285440D2D980C7F316CA1F2FAD18BAE6DBF539FF02A3C3A2297F77A9BC2EB9CA3257857C74361BA96F6B57617AD6D2A294E848A5F36537A9A87F8D5D9377AA0961285D3A3AB71E5D8F064708F4046682BD7D7DA45EFA831A84EB3D7343460555BE7B9AFD1C28DA79F0749A8A8DBC3FB60B857913C28E6F81E98BED9B92BE67C48445A41F4BA3E8C6468F48C3B13CA5887D17F53F375EFCE9E17A4DA0ED18BBD86CB20FDC78ABB05F5C9EC2C36BFF1593588C3EB2CAE56172380657E682200FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B5558EDD5E5BE2F6E667091403F7B7A5E29C4A6E90072E6CD2B90972CB5A7E82D56C9F68DB09C2F2ACC7E3AFE92F5B0E1D5B7F4B0D370716E16C48B739790E45A5793C16CC27F817950F7E202309E2EE7E6B6DF4BB09CD06F873C12FF3108DAB2C78424FC533C5D5984809F128AD6F84F71ACF5BEBB2FA6AABB8D94BBB03F07A3D8D602C985EB32A68771883F9BD471B3E6644C26EE0AE0950D6D6D7D1AACF0AEF95241D974E751FFE53268A9EC8D596CB854DC518312CB6FEA16572FED2E6461F1F04649A1C60D797C6100D1E56A66BDBDF51CEC33759DF181F130D8B3C9630E86AD6187E546B09B17297E7055FEB2671929AA04EF9C283BC8655EB4819E0DA33EF5AA421F7B5FB91A9614AE3D27DE3506D584F1A749634534782AA06136E6F225AAE4766FCFE8D40F3F8B8CE92535603769B430C95261A058155369C460C2AA3065693B7CBAB2F898DC88ADFF38C45D563DB390EC06A71C10D6E50E6C0285B6408BC707EC0C5667DE3A36AB241690AD9A273C28ECC7D08BAF0510FC288586758A5AC182C2D794CF01CBF59E7B9D193E4D59FC4FD041E40E5EB645B9316D3C5B75AD619B357180F7B8EB42BA50ECE628ECE84F5D226AF14FD6F7374BED27504FC534FD78B7696EDF744028712648D8E3697A6E58666B88C80202EEA30213E4166738E09B1B90DC0097E076A5B5661C1FAED7274966B644BB058A72556535232F7D172B8A4C039EE11B10BA2B273BFBA433F35D40451010192A658DCA3B3F89F79B8B8C567207B7639823654CABDC14BB8B2A091D5A40276F24B1A1F0E7C9EE374A607618161D9686CCE96F7DE2926D8C69F4C0794EB7F85DD3B2C4F11DD52713A4D669401027B695C251D59A9A14EDF9F13B2E5CE9AB19FA6A034A1ABFB48CCDB95433873722E34FB4A1F97EB0440EC38CD3133161EF84663D9B6205F6FD88C31976C7CEB186315043456266BA226A2C9430BC67F54D811ED77A1A934C37FDCD5A298E3044CAE6DEF8EDFCEEFC4CE36511C664F2590F62C64BEC2EEB3795D0029B9DEC3D5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3956)
c:\documents and settings\All Users\Data aplikací\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Sony\Content Manager Assistant\CMAWatcher.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-08-15 14:19:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-15 12:19
.
Před spuštěním: Volných bajtů: 56 558 137 344
Po spuštění: Volných bajtů: 56 534 585 344
.
- - End Of File - - 62CA2975BFC27A9EDF542F0781F0EEED
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Avira hlásí virus - nedaří se ho zlikvidovat
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Děkuji za vyřešení problému jenom by mě zajímalo jestli se dá vymazat historie a vlastně celý bordel co v pc může být, tak že už se po smazání nedá vůbec najít ani obnovit atd...?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Avira hlásí virus - nedaří se ho zlikvidovat Vyřešeno
Vymazat body obnovy a udělat si nový.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti