Prosím o kontrolu logu-preventivní + Vyřešeno

[elpistolero]

ComboFix 12-12-31.01 - uzivatel 01.01.2013 1:40.1.8 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3555.2078 [GMT 1:00]
Spuštěný z: c:\users\uzivatel\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\uzivatel\AppData\Local\Temp\ppcrlui_1644_2
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\tmp1407.tmp
c:\windows\system32\tmp1466.tmp
c:\windows\system32\tmp2CDA.tmp
c:\windows\system32\tmp2CFA.tmp
c:\windows\system32\tmp62BC.tmp
c:\windows\system32\tmp65AA.tmp
c:\windows\system32\tmp7C34.tmp
c:\windows\system32\tmp8A7E.tmp
c:\windows\system32\tmp8ADC.tmp
c:\windows\system32\tmpB5CA.tmp
c:\windows\system32\tmpBE34.tmp
c:\windows\system32\tmpBF00.tmp
c:\windows\system32\tmpC081.tmp
c:\windows\system32\tmpC0C1.tmp
c:\windows\system32\tmpC4D8.tmp
c:\windows\system32\tmpC4F8.tmp
c:\windows\system32\tmpDABA.tmp
c:\windows\system32\tmpDADB.tmp
c:\windows\wininit.ini
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-01 do 2013-01-01 )))))))))))))))))))))))))))))))
.
.
2013-01-01 00:46 . 2013-01-01 00:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-01 00:46 . 2013-01-01 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-31 20:38 . 2012-12-31 20:38 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Malwarebytes
2012-12-28 13:35 . 2012-12-28 13:35 -------- d-----w- c:\program files\CPUID
2012-12-28 10:28 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63460AD0-8895-4069-8FD1-97E7047761B7}\mpengine.dll
2012-12-26 22:01 . 2012-12-31 17:14 5244 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-12-25 14:05 . 2012-12-30 13:39 280600 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-25 12:22 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2012-12-25 09:38 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-12-24 12:45 . 2012-12-24 12:45 -------- d-----w- c:\programdata\Ahead
2012-12-24 12:44 . 2012-12-24 12:45 -------- d-----w- c:\program files\Common Files\Ahead
2012-12-24 11:53 . 2012-12-01 04:38 3984744 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-24 11:53 . 2012-12-01 04:37 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-24 11:53 . 2012-12-03 15:39 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-24 11:52 . 2012-07-03 07:37 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-12-24 11:52 . 2012-07-03 15:25 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-12-24 11:52 . 2012-12-03 15:39 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-24 11:52 . 2012-12-03 15:39 7819016 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-24 11:52 . 2012-12-03 15:39 6149904 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-24 11:52 . 2012-12-03 15:39 2606440 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-24 11:52 . 2012-12-03 15:39 20335976 ----a-w- c:\windows\system32\nvoglv32.dll
2012-12-24 11:52 . 2012-12-03 15:39 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-24 11:52 . 2012-12-03 15:39 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-24 11:52 . 2012-12-03 15:39 12603960 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-24 11:52 . 2012-12-03 15:39 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-23 20:13 . 2012-12-24 09:53 -------- d-----w- c:\program files\VS Revo Group
2012-12-23 20:11 . 2012-12-23 20:11 -------- d-----w- c:\programdata\Innovative Solutions
2012-12-23 20:11 . 2012-12-23 20:11 -------- d-----w- c:\users\uzivatel\AppData\Local\Innovative Solutions
2012-12-23 20:11 . 2012-12-23 20:11 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2012-12-21 23:05 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 23:05 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-20 14:09 . 2012-12-20 14:09 -------- d-----w- c:\program files\OpenAL
2012-12-19 21:59 . 2012-12-19 21:59 -------- d-----w- c:\users\uzivatel\AppData\Local\Windows Live Writer
2012-12-19 21:59 . 2012-12-19 21:59 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Windows Live Writer
2012-12-18 15:31 . 2012-12-03 15:39 9373032 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-17 19:34 . 2012-12-17 19:34 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Nero
2012-12-15 12:51 . 2012-12-15 12:51 -------- d-----w- c:\windows\cs
2012-12-15 12:49 . 2012-12-15 12:49 -------- dc----w- c:\windows\system32\DRVSTORE
2012-12-15 12:49 . 2012-03-08 17:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-12-15 12:46 . 2012-12-18 17:04 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-12-15 12:42 . 2012-12-15 12:52 -------- d-----w- c:\program files\Windows Live
2012-12-15 12:41 . 2012-12-17 17:13 -------- d-----w- c:\program files\Microsoft
2012-12-15 12:39 . 2012-12-19 22:00 -------- d-----w- c:\users\uzivatel\AppData\Local\Windows Live
2012-12-15 12:39 . 2012-12-15 12:39 -------- d-----w- c:\program files\Common Files\Windows Live
2012-12-15 12:39 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-12-15 12:03 . 2012-12-15 12:03 -------- d-----w- c:\users\uzivatel\AppData\Roaming\HTC Sync
2012-12-15 12:03 . 2012-12-31 23:37 -------- d-----w- c:\users\uzivatel\AppData\Local\HTC MediaHub
2012-12-15 12:02 . 2012-12-23 23:34 -------- d-----w- c:\program files\Common Files\Nero
2012-12-15 12:01 . 2012-12-15 12:01 -------- d-----w- c:\program files\Spirent Communications
2012-12-12 20:30 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-12 20:30 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 20:30 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 20:30 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-12 20:30 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-12 20:30 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 20:30 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 20:30 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-12 20:30 . 2009-07-13 23:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2012-12-12 20:30 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 20:30 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-12 20:30 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 20:25 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 20:25 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 20:25 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 20:24 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 20:24 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-09 11:24 . 2012-12-09 11:24 -------- d-----w- c:\programdata\HTC
2012-12-09 11:24 . 2012-12-09 11:24 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Apple Computer
2012-12-09 11:24 . 2012-12-09 11:24 -------- d-----w- c:\users\uzivatel\AppData\Local\Apple Computer
2012-12-09 11:24 . 2012-12-09 11:24 -------- d-----w- c:\programdata\Motorola
2012-12-06 15:26 . 2012-12-06 15:26 -------- d-----w- c:\program files\ASM104xUSB3
2012-12-06 15:25 . 2012-02-07 16:40 15128 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-12-06 15:25 . 2012-12-06 15:25 -------- d-----w- c:\programdata\Intel
2012-12-06 15:25 . 2012-12-06 15:25 -------- d-----w- c:\program files\Common Files\postureAgent
2012-12-06 15:24 . 2011-09-08 08:40 363112 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2012-12-06 15:16 . 2011-12-08 08:27 3319400 ----a-w- c:\windows\system32\RtkAPO.dll
2012-12-06 15:16 . 2011-12-13 10:27 3921448 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2012-12-06 15:16 . 2011-12-13 08:25 200468 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-12-06 15:16 . 2012-12-06 15:23 -------- d--h--w- c:\program files\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-30 13:40 . 2008-07-26 18:46 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-12-27 10:41 . 2008-07-26 18:46 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-25 12:23 . 2011-06-19 18:02 138904 ----a-w- c:\users\uzivatel\AppData\Roaming\PnkBstrK.sys
2012-12-15 12:42 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-06 15:16 . 2007-08-01 19:25 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-12-03 15:39 . 2012-10-10 20:14 2496976 ----a-w- c:\windows\system32\nvapi.dll
2012-12-03 15:39 . 2012-10-10 20:14 15122280 ----a-w- c:\windows\system32\nvd3dum.dll
2012-12-01 04:38 . 2010-10-19 00:57 2869608 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-01 04:37 . 2010-10-19 00:57 645480 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 04:37 . 2010-10-19 00:57 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 04:37 . 2010-10-19 00:57 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\system32\nvStreaming.exe
2012-10-20 12:34 . 2012-10-20 12:34 515664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-18 21:38 . 2012-12-18 21:37 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\Steam1\steam.exe" [2012-12-04 1354736]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2011-12-12 6318696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-5-8 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^uzivatel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^uzivatel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]
path=c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNK.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 08:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2012-11-14 16:36 655360 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 14:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2006-01-10 09:10 327680 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-07-30 07:35 90112 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPLED]
2006-02-21 06:36 347648 ----a-w- c:\program files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 17:06]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:32]
.
2013-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.107.4.100 10.107.4.129
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\a882ns7d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.5.3&q=
FF - ExtSQL: !HIDDEN! 2009-07-09 19:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-MediaGet2 - c:\users\uzivatel\AppData\Local\MediaGet2\mediaget.exe
MSConfigStartUp-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-01 01:46
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\uzivatel\AppData\Local\Temp\tmpAAB.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1708186667-1445023431-3169956026-1000\* ,*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708186667-1445023431-3169956026-1000\* 1*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708186667-1445023431-3169956026-1000\* ,*]
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2013-01-01 01:47:56
ComboFix-quarantined-files.txt 2013-01-01 00:47
.
Před spuštěním: Volných bajtů: 88 997 498 880
Po spuštění: Volných bajtů: 88 903 450 624
.
- - End Of File - - 4A41C8B89F4F1511A2707CD426BD273B

[Reklama]

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::

DirLook::
c:\program files\ASM104xUSB3
c:\program files\Temp

RegLock::
[HKEY_USERS\S-1-5-21-1708186667-1445023431-3169956026-1000\ *  ,*]
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1708186667-1445023431-3169956026-1000\ *  1*]
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1708186667-1445023431-3169956026-1000\ *  ,*]
@Allowed: (Read) (RestrictedCode)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[elpistolero]

ok, diky moc vsem za pomoc ! a ten defender uz se taky nahodil, diky !

[Žbeky]

Dodej ty logy

[elpistolero]

jo, ale k pc se dostanu az zitra. je mozne ze by F8 nefungovalo a posledni konfigurace se nenacetla ?

[Žbeky]

F8 funguje vždy

[elpistolero]

a ještě jedna, je bios v cz?

[Žbeky]

Většinou ne

[elpistolero]

a jeste se musim zeptat, jak se bude poslední funkční konfigurace jmenovat? s aj se moc nekamaradim :-) diky

[Žbeky]

Proste se to bude jmenovat posledni znama funkcni konfigurace

Odesláno z mého Galaxy Nexus pomocí Tapatalk 2

[elpistolero]

ComboFix 13-01-02.01 - uzivatel 02.01.2013 10:54:22.2.8 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3555.1558 [GMT 1:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\uzivatel\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-02 do 2013-01-02 )))))))))))))))))))))))))))))))
.
.
2013-01-02 09:59 . 2013-01-02 10:01 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2013-01-02 09:59 . 2013-01-02 09:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-02 09:59 . 2013-01-02 09:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-01 09:28 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D59C4D4-B9AD-4499-B837-C165BF643722}\mpengine.dll
2012-12-31 20:38 . 2012-12-31 20:38 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Malwarebytes
2012-12-28 13:35 . 2012-12-28 13:35 -------- d-----w- c:\program files\CPUID
2012-12-26 22:01 . 2013-01-01 15:51 5244 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-12-25 14:05 . 2012-12-30 13:39 280600 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-25 12:22 . 2007-05-16 15:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2012-12-25 09:38 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-12-24 12:45 . 2012-12-24 12:45 -------- d-----w- c:\programdata\Ahead
2012-12-24 12:44 . 2012-12-24 12:45 -------- d-----w- c:\program files\Common Files\Ahead
2012-12-24 11:53 . 2012-12-01 04:38 3984744 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-24 11:53 . 2012-12-01 04:37 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-24 11:53 . 2012-12-03 15:39 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-24 11:52 . 2012-07-03 07:37 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2012-12-24 11:52 . 2012-07-03 15:25 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2012-12-24 11:52 . 2012-12-03 15:39 889192 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-24 11:52 . 2012-12-03 15:39 7819016 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-24 11:52 . 2012-12-03 15:39 6149904 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-24 11:52 . 2012-12-03 15:39 2606440 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-24 11:52 . 2012-12-03 15:39 20335976 ----a-w- c:\windows\system32\nvoglv32.dll
2012-12-24 11:52 . 2012-12-03 15:39 1874280 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-24 11:52 . 2012-12-03 15:39 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-24 11:52 . 2012-12-03 15:39 12603960 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-24 11:52 . 2012-12-03 15:39 1011048 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-23 20:13 . 2012-12-24 09:53 -------- d-----w- c:\program files\VS Revo Group
2012-12-23 20:11 . 2012-12-23 20:11 -------- d-----w- c:\programdata\Innovative Solutions
2012-12-23 20:11 . 2012-12-23 20:11 -------- d-----w- c:\users\uzivatel\AppData\Local\Innovative Solutions
2012-12-23 20:11 . 2012-12-23 20:11 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2012-12-21 23:05 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 23:05 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-20 14:09 . 2012-12-20 14:09 -------- d-----w- c:\program files\OpenAL
2012-12-19 21:59 . 2012-12-19 21:59 -------- d-----w- c:\users\uzivatel\AppData\Local\Windows Live Writer
2012-12-19 21:59 . 2012-12-19 21:59 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Windows Live Writer
2012-12-18 15:31 . 2012-12-03 15:39 9373032 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-17 19:34 . 2012-12-17 19:34 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Nero
2012-12-15 12:51 . 2012-12-15 12:51 -------- d-----w- c:\windows\cs
2012-12-15 12:49 . 2012-12-15 12:49 -------- dc----w- c:\windows\system32\DRVSTORE
2012-12-15 12:49 . 2012-03-08 17:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-12-15 12:46 . 2012-12-18 17:04 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-12-15 12:42 . 2012-12-15 12:52 -------- d-----w- c:\program files\Windows Live
2012-12-15 12:41 . 2012-12-17 17:13 -------- d-----w- c:\program files\Microsoft
2012-12-15 12:39 . 2012-12-19 22:00 -------- d-----w- c:\users\uzivatel\AppData\Local\Windows Live
2012-12-15 12:39 . 2012-12-15 12:39 -------- d-----w- c:\program files\Common Files\Windows Live
2012-12-15 12:39 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2012-12-15 12:03 . 2012-12-15 12:03 -------- d-----w- c:\users\uzivatel\AppData\Roaming\HTC Sync
2012-12-15 12:03 . 2013-01-02 10:01 -------- d-----w- c:\users\uzivatel\AppData\Local\HTC MediaHub
2012-12-15 12:02 . 2012-12-23 23:34 -------- d-----w- c:\program files\Common Files\Nero
2012-12-15 12:01 . 2012-12-15 12:01 -------- d-----w- c:\program files\Spirent Communications
2012-12-12 20:30 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-12 20:30 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 20:30 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 20:30 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-12 20:30 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-12 20:30 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 20:30 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 20:30 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-12 20:30 . 2009-07-13 23:51 34944 ----a-w- c:\windows\system32\drivers\winusb.sys
2012-12-12 20:30 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-12 20:30 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-12 20:30 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 20:25 . 2012-11-13 01:36 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 20:25 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 20:25 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 20:24 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 20:24 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-09 11:24 . 2012-12-09 11:24 -------- d-----w- c:\programdata\HTC
2012-12-09 11:24 . 2012-12-09 11:24 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Apple Computer
2012-12-09 11:24 . 2012-12-09 11:24 -------- d-----w- c:\users\uzivatel\AppData\Local\Apple Computer
2012-12-09 11:24 . 2012-12-09 11:24 -------- d-----w- c:\programdata\Motorola
2012-12-06 15:26 . 2012-12-06 15:26 -------- d-----w- c:\program files\ASM104xUSB3
2012-12-06 15:25 . 2012-02-07 16:40 15128 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-12-06 15:25 . 2012-12-06 15:25 -------- d-----w- c:\programdata\Intel
2012-12-06 15:25 . 2012-12-06 15:25 -------- d-----w- c:\program files\Common Files\postureAgent
2012-12-06 15:24 . 2011-09-08 08:40 363112 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2012-12-06 15:16 . 2011-12-08 08:27 3319400 ----a-w- c:\windows\system32\RtkAPO.dll
2012-12-06 15:16 . 2011-12-13 10:27 3921448 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2012-12-06 15:16 . 2011-12-13 08:25 200468 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-12-06 15:16 . 2012-12-06 15:23 -------- d--h--w- c:\program files\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-30 13:40 . 2008-07-26 18:46 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-12-27 10:41 . 2008-07-26 18:46 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-25 12:23 . 2011-06-19 18:02 138904 ----a-w- c:\users\uzivatel\AppData\Roaming\PnkBstrK.sys
2012-12-15 12:42 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-06 15:16 . 2007-08-01 19:25 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-12-03 15:39 . 2012-10-10 20:14 2496976 ----a-w- c:\windows\system32\nvapi.dll
2012-12-03 15:39 . 2012-10-10 20:14 15122280 ----a-w- c:\windows\system32\nvd3dum.dll
2012-12-01 04:38 . 2010-10-19 00:57 2869608 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-01 04:37 . 2010-10-19 00:57 645480 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 04:37 . 2010-10-19 00:57 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 04:37 . 2010-10-19 00:57 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\system32\nvStreaming.exe
2012-10-20 12:34 . 2012-10-20 12:34 515664 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-18 21:38 . 2012-12-18 21:37 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\ASM104xUSB3 ----
.
2011-11-06 04:38 . 2011-11-06 04:38 9443 ----a-w- c:\program files\ASM104xUSB3\Driver\asmthub3.cat
2011-11-06 04:38 . 2011-11-06 04:38 9443 ----a-w- c:\program files\ASM104xUSB3\Driver\asmtxhci.cat
2011-11-03 10:10 . 2011-11-03 10:10 5294 ----a-w- c:\program files\ASM104xUSB3\Driver\asmthub3.inf
2011-11-03 10:10 . 2011-11-03 10:10 32168 ----a-w- c:\program files\ASM104xUSB3\Driver\asmtxhci.inf
2011-11-03 10:10 . 2011-11-03 10:10 313832 ----a-w- c:\program files\ASM104xUSB3\Driver\i386\asmtxhci.sys
2011-11-03 10:10 . 2011-11-03 10:10 346600 ----a-w- c:\program files\ASM104xUSB3\Driver\ia64\asmthub3.sys
2011-11-03 10:10 . 2011-11-03 10:10 1035240 ----a-w- c:\program files\ASM104xUSB3\Driver\ia64\asmtxhci.sys
2011-11-03 10:10 . 2011-11-03 10:10 130536 ----a-w- c:\program files\ASM104xUSB3\Driver\amd64\asmthub3.sys
2011-11-03 10:10 . 2011-11-03 10:10 395752 ----a-w- c:\program files\ASM104xUSB3\Driver\amd64\asmtxhci.sys
2011-11-03 10:10 . 2011-11-03 10:10 102888 ----a-w- c:\program files\ASM104xUSB3\Driver\i386\asmthub3.sys
.
---- Directory of c:\program files\Temp ----
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\Steam1\steam.exe" [2012-12-04 1354736]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2011-12-12 6318696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-5-8 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^uzivatel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^uzivatel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Brothers In Arms.LNK]
path=c:\users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Brothers In Arms.LNK
backup=c:\windows\pss\Registration Brothers In Arms.LNK.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 08:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2012-11-14 16:36 655360 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 14:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2006-01-10 09:10 327680 ----a-w- c:\program files\WinFast\WFTVFM\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2007-07-30 07:35 90112 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPLED]
2006-02-21 06:36 347648 ----a-w- c:\program files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 17:06]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:32]
.
2013-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 16:32]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.107.4.100 10.107.4.129
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\a882ns7d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.5.3&q=
FF - ExtSQL: !HIDDEN! 2009-07-09 19:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-02 11:04
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\uzivatel\AppData\Local\Temp\tmpAAB.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1708186667-1445023431-3169956026-1000\* ,*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708186667-1445023431-3169956026-1000\* 1*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1708186667-1445023431-3169956026-1000\* ,*]
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3576)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Logitech\Bluetooth\LBTServ.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe
c:\program files\Intel\iCLS Client\HeciServer.exe
c:\program files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Celkový čas: 2013-01-02 11:07:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-02 10:07
.
Před spuštěním: Volných bajtů: 87 703 744 512
Po spuštění: Volných bajtů: 87 680 733 184
.
- - End Of File - - 497A9FCC6D1B06D97A3886B1FB398DD1

[elpistolero]

hijackthis-jeste jsme zapomnel odinstalovat google toolbar

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:11:27, on 2.1.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam1\steam.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Users\uzivatel\Downloads\hijackthis.exe
C:\Program Files\Windows Mail\WinMail.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam1\steam.exe" -silent
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 8777 bytes