Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:50:02, on 17.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\PC ACER\Desktop\HijackThis (1).exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112061 ... 1e64428ce1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O15 - Trusted Zone: *.jam-software.com
O15 - Trusted Zone: *.jam-software.de
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Encrypting File System (EFS) (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUNEUPUTILITIESSERVICE64.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6266 bytes
ComboFix Log:
ComboFix 12-10-16.02 - PC ACER 17.10.2012 12:47:47.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1033.18.1979.1087 [GMT 2:00]
Spuštěný z: c:\users\PC ACER\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\msstdfmt.dll
c:\windows\SysWow64\smtp.ocx
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-17 do 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 11:01 . 2012-10-17 11:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-17 09:59 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB5A09FE-668E-4BFA-BEBB-6B712443CB6E}\mpengine.dll
2012-10-16 15:59 . 2012-10-16 15:59 -------- d-----w- c:\users\PC ACER\AppData\Roaming\ParetoLogic
2012-10-16 15:59 . 2012-10-16 15:59 -------- d-----w- c:\users\PC ACER\AppData\Roaming\DriverCure
2012-10-16 15:58 . 2012-10-16 15:58 -------- d-----w- c:\users\PC ACER\AppData\Roaming\SCS
2012-10-16 15:58 . 2012-10-16 15:58 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-10-16 15:58 . 2012-10-16 15:58 -------- d-----w- c:\programdata\ParetoLogic
2012-10-16 15:58 . 2012-10-16 15:58 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-10-16 14:59 . 2012-10-16 15:43 -------- d-sh--r- c:\program files (x86)\A
2012-10-16 14:59 . 2012-10-16 14:59 -------- d-----w- c:\programdata\SCS
2012-10-16 14:48 . 2012-10-16 14:49 -------- d-----w- c:\program files (x86)\Crawler
2012-10-16 14:33 . 2012-10-17 09:47 -------- d-----w- c:\programdata\Spyware Terminator
2012-10-16 14:33 . 2012-10-16 15:43 -------- d-----w- c:\users\PC ACER\AppData\Roaming\Spyware Terminator
2012-10-16 00:37 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-16 00:37 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-16 00:37 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-16 00:37 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-16 00:37 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-16 00:37 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-16 00:37 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-16 00:37 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-16 00:37 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-16 00:37 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-16 00:37 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-10-16 00:37 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-10-16 00:34 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-16 00:34 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-16 00:34 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-16 00:34 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-16 00:34 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-16 00:34 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-14 01:26 . 2012-10-16 05:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-14 01:26 . 2012-10-16 04:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-14 01:19 . 2012-10-14 01:30 -------- d-----w- c:\users\PC ACER\AppData\Roaming\WinPatrol
2012-10-14 01:19 . 2012-10-14 01:19 -------- d-----w- c:\program files (x86)\BillP Studios
2012-10-14 00:12 . 2012-10-14 00:12 -------- d-----w- c:\users\PC ACER\AppData\Roaming\EurekaLog for Visual Studio
2012-10-14 00:12 . 2012-10-16 04:08 -------- d-----w- c:\program files\JAM Software
2012-10-13 23:55 . 2012-10-13 23:54 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-13 23:55 . 2012-10-13 23:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-13 08:12 . 2012-10-13 08:12 -------- d-----w- c:\users\PC ACER\AppData\Roaming\EATCAM
2012-10-11 17:41 . 2012-10-11 17:41 411024 ----a-r- c:\users\PC ACER\AppData\Roaming\Microsoft\Installer\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}\ARPPRODUCTICON.exe
2012-10-11 17:10 . 2012-10-11 17:10 -------- d-----w- c:\program files (x86)\LooksBuilderSE
2012-10-11 16:29 . 2012-10-14 00:37 -------- d-----w- c:\users\PC ACER\AppData\Local\PMB Files
2012-10-11 16:29 . 2012-10-11 17:02 -------- d-----w- c:\programdata\PMB Files
2012-10-11 16:29 . 2012-10-11 16:29 -------- d-----w- c:\program files (x86)\Pando Networks
2012-10-11 16:28 . 2012-10-11 16:28 -------- d-----w- c:\users\PC ACER\AppData\Local\Pando_Temp
2012-10-11 15:38 . 2012-10-11 18:10 -------- d-----w- c:\users\PC ACER\AppData\Local\Avid
2012-10-11 15:37 . 2012-10-11 15:37 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle
2012-10-11 14:18 . 2009-09-04 15:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-10-11 14:17 . 2007-05-16 14:45 4496232 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-10-11 14:09 . 2012-10-12 19:14 -------- d-----w- c:\users\PC ACER\AppData\Local\Pinnacle
2012-10-11 13:57 . 2012-10-12 22:40 -------- d-----w- c:\program files (x86)\Pinnacle
2012-10-11 13:57 . 2012-10-11 13:57 -------- d-----w- c:\programdata\PCTV Systems
2012-10-11 13:57 . 2012-10-11 18:56 -------- d-----w- c:\programdata\Pinnacle
2012-10-10 18:27 . 2012-10-10 18:27 -------- d-----w- C:\Download
2012-10-10 10:34 . 2012-10-10 10:34 -------- d-----w- c:\users\PC ACER\AppData\Roaming\Morpheus Software
2012-10-09 16:45 . 2012-10-09 16:45 -------- d-----w- C:\AllShare
2012-10-09 16:09 . 2012-10-16 11:57 -------- d--h--r- c:\windows\Memont
2012-10-09 15:00 . 2012-10-09 15:00 -------- d-----w- c:\users\PC ACER\AppData\Local\DigitalVolcano
2012-10-09 14:57 . 2012-10-09 14:57 -------- d-----w- c:\program files (x86)\Duplicate Cleaner
2012-10-09 14:20 . 2012-10-09 14:20 -------- d-----w- c:\users\PC ACER\AppData\Roaming\EASYDUPLICATEFINDER
2012-10-08 21:19 . 2012-10-08 21:19 -------- d-----w- c:\users\PC ACER\AppData\Local\Microsoft Help
2012-10-08 18:23 . 2011-12-14 10:47 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-10-08 18:23 . 2011-12-14 10:46 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-10-08 18:23 . 2011-12-14 10:46 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-10-08 18:22 . 2012-10-08 18:23 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-10-08 16:54 . 2012-10-14 20:21 -------- d-----w- c:\users\PC ACER\AppData\Roaming\Audacity
2012-10-04 01:51 . 2012-10-04 01:54 -------- d-----w- c:\users\PC ACER\Logitech
2012-10-04 01:49 . 2012-10-07 13:52 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common
2012-10-04 01:31 . 2012-10-04 01:31 -------- d-----w- c:\users\PC ACER\AppData\Roaming\Logitech
2012-10-04 01:31 . 2012-10-05 10:27 -------- d-----w- c:\program files (x86)\Logitech
2012-10-04 01:29 . 2012-10-04 01:29 -------- d-----w- c:\users\PC ACER\AppData\Roaming\InstallShield
2012-10-02 10:17 . 2012-10-02 10:17 5171904 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-09-25 23:51 . 2012-10-14 01:19 -------- d-----w- c:\programdata\InstallMate
2012-09-24 20:29 . 2012-09-24 20:29 40960 ----a-w- c:\windows\SysWow64\nwsftUninstall.exe
2012-09-24 20:24 . 2012-09-24 20:34 0 ----a-w- c:\windows\FileLock.bin
2012-09-24 20:22 . 2012-09-24 20:34 -------- d-----w- c:\programdata\GiliSoft
2012-09-19 01:23 . 2012-09-19 01:23 -------- d-----w- c:\programdata\TomTom
2012-09-19 01:22 . 2012-09-19 01:22 -------- d-----w- c:\users\PC ACER\AppData\Local\TomTom
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 01:00 . 2012-01-28 05:53 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-29 02:26 . 2012-09-10 20:54 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-09-23 17:41 . 2012-08-16 23:33 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-09-23 17:41 . 2012-08-17 00:00 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-07 16:12 . 2012-09-07 16:12 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-08-21 09:13 . 2012-04-20 20:09 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-04-20 20:09 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-04-20 20:09 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-04-20 20:09 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-04-20 20:09 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-04-20 20:09 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-04-20 20:08 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-04-20 20:08 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2011-12-26 03:30 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-17 22:50 . 2009-02-10 07:28 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-17 22:50 . 2003-02-21 12:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-17 14:47 . 2012-08-17 14:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-17 14:47 . 2012-08-17 14:47 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-23 10:30 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-23 10:30 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 NEWDRIVER;NEWDRIVER;c:\windows\SysWow64\WinVDEdrv6.sys [x]
R3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\adusbser.sys [2009-11-06 154112]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-11-01 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-11-01 171008]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 42912]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-07-06 114080]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-07-06 38944]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys [2010-01-13 114432]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys [2010-02-04 122624]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 136176]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-26 136176]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
R4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-05-15 51496]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TUNEUP UTILITIES 2012\TUNEUPUTILITIESSERVICE64.EXE [2011-12-14 2123584]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TUNEUP UTILITIES 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-09-20 363752]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=112061 ... 1e64428ce1
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: jam-software.com
Trusted Zone: jam-software.de
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{E785799F-6258-4B72-92D9-D749643B874C}: DhcpNameServer = 192.168.2.1 81.2.209.93 10.32.80.2
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\PC ACER\AppData\Roaming\Mozilla\Firefox\Profiles\bf8t27jc.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112061 ... 1e64428ce1
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112061 ... 4428ce1&q=
FF - prefs.js: network.proxy.http - 86.12.154.49
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: 2012-08-17 17:45; {9AA46F4F-4DC7-4c06-97AF-5035170634FE}; c:\users\PC ACER\AppData\Roaming\Mozilla\Firefox\Profiles\bf8t27jc.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF - ExtSQL: 2012-08-17 17:49; text2voice@vik.josh; c:\users\PC ACER\AppData\Roaming\Mozilla\Firefox\Profiles\bf8t27jc.default\extensions\text2voice@vik.josh.xpi
FF - ExtSQL: 2012-08-18 00:51; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Asociace souborů -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-10-17 13:06:11
ComboFix-quarantined-files.txt 2012-10-17 11:06
.
Před spuštěním: 47 558 680 576 bytes free
Po spuštění: 47 223 275 520 bytes free
.
- - End Of File - - 2EA417E1453EC73837A9DE9A852C32EE
Prosímo kontrolu logu z HJT
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosímo kontrolu logu z HJT
Problémy? Combofix ti jako radil kdo? 
Odinstaluj Spyware Terminator a Crawler
Fixni:
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
Odinstaluj Spyware Terminator a Crawler
Fixni:
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112061 ... 1e64428ce1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O15 - Trusted Zone: *.jam-software.com
O15 - Trusted Zone: *.jam-software.de
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dllStáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Prosímo kontrolu logu z HJT
Dekuji a provedel jsem nasledujici: odinstaloval jsem Revem Spyware Terminator a Crawler, spustil Hijack a fixnul podle doporuceni, vycistil ATF, projel to Malwarebytes' Anti-Malware s negativnimi vysledky.
Restartoval jsem a spustil scan Hijack s vytvorenim logu znova, nejake polozky zustaly neodstraneny a log mi nechtel vytvorit, vyfotil jsem a obrazky prikladam. Prosim o radu co s tim dal. Dal jsem sputil Task Manager a dole jsou dva procesy bez popisu, prikladam foto. Je to v poradku?
Po odstraneni Spyware Terminator mi doporucite pouzivat ktery software? Mam si ponechat Malwarebytes' Anti-Malware ?
Restartoval jsem a spustil scan Hijack s vytvorenim logu znova, nejake polozky zustaly neodstraneny a log mi nechtel vytvorit, vyfotil jsem a obrazky prikladam. Prosim o radu co s tim dal. Dal jsem sputil Task Manager a dole jsou dva procesy bez popisu, prikladam foto. Je to v poradku?
Po odstraneni Spyware Terminator mi doporucite pouzivat ktery software? Mam si ponechat Malwarebytes' Anti-Malware ?
- Přílohy
-
-
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosímo kontrolu logu z HJT
HJT -- klikni na "Yes" a zavři okno , je to OK.
Máš Avast , nepotřebuješ ST.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Máš Avast , nepotřebuješ ST.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 8 hostů