Poprosil bych o kontrolu

Příspěvekod **jaro3** » 23 črc 2013 15:31

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3416734063-1635780789-2204153844-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3416734063-1635780789-2204153844-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
C:\TDSSKiller_Quarantine
c:\users\Jitka\AppData\Local\Facebook\Update
c:\program files (x86)\Google\Update

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-

DDS::
uInternet Settings,ProxyOverride = *.local

RegLock::
[HKEY_USERS\S-1-5-21-3416734063-1635780789-2204153844-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BFD9DAB5-E315-D7B6-CF1A-175F784DE2E0}*]
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
c:\windows\system32\services.exe

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Reklama

pompeus50 · Příspěvekod **pompeus50** » 25 črc 2013 14:44

ComboFix 13-07-22.01 - Jitka 24.07.2013 15:31:06.9.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.992 [GMT 2:00]
Spuštěný z: c:\users\Jitka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jitka\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3416734063-1635780789-2204153844-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3416734063-1635780789-2204153844-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.153\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.153\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.153\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.153\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\28.0.1500.72\28.0.1500.72_28.0.1500.71_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-7.0.3.8542.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\19.07.2013_22.38.09\zasubsys0000\file0000\object.ini
c:\tdsskiller_quarantine\19.07.2013_22.38.09\zasubsys0000\file0000\tsk0000.dta
c:\tdsskiller_quarantine\19.07.2013_22.38.09\zasubsys0000\file0000\tsk0000.ini
c:\tdsskiller_quarantine\19.07.2013_22.38.09\zasubsys0000\object.ini
c:\tdsskiller_quarantine\19.07.2013_22.38.09\zasubsys0000\zafs0000\tsk0000.dta
c:\tdsskiller_quarantine\19.07.2013_22.38.09\zasubsys0000\zafs0000\tsk0000.ini
c:\users\Jitka\AppData\Local\Facebook\Update
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\Jitka\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\Jitka\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
c:\windows\system32\Services.exe . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-24 do 2013-07-24 )))))))))))))))))))))))))))))))
.
.
2013-07-24 14:43 . 2013-07-24 14:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-24 14:43 . 2013-07-24 14:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-24 14:43 . 2013-07-24 14:43 -------- d-----w- c:\users\AppData\AppData\Local\temp
2013-07-24 11:14 . 2013-05-29 05:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-24 11:03 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2013-07-24 11:03 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-07-24 11:03 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-07-24 11:03 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-07-23 16:00 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-07-23 16:00 . 2013-05-08 04:50 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-23 16:00 . 2012-05-11 15:57 623616 ----a-w- c:\windows\SysWow64\localspl.dll
2013-07-23 16:00 . 2012-05-11 16:34 788480 ----a-w- c:\windows\system32\localspl.dll
2013-07-23 16:00 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2013-07-23 16:00 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2013-07-23 16:00 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2013-07-23 16:00 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-07-23 16:00 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2013-07-23 16:00 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2013-07-23 16:00 . 2013-03-03 19:13 1513320 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-07-23 15:57 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll
2013-07-23 15:56 . 2012-08-24 16:07 218624 ----a-w- c:\windows\system32\wintrust.dll
2013-07-23 15:56 . 2012-08-24 15:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-23 15:56 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-07-23 15:56 . 2013-03-11 13:33 4691304 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-23 15:56 . 2013-03-09 01:48 75264 ----a-w- c:\windows\system32\smss.exe
2013-07-23 15:56 . 2013-03-09 04:16 85504 ----a-w- c:\windows\system32\csrsrv.dll
2013-07-23 15:56 . 2013-05-08 04:18 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-23 15:56 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-23 15:56 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-07-23 15:56 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll
2013-07-23 15:56 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2013-07-23 15:56 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2013-07-23 15:55 . 2013-03-08 04:18 451072 ----a-w- c:\windows\system32\winsrv.dll
2013-07-23 15:55 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
2013-07-23 15:55 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
2013-07-23 15:55 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
2013-07-23 15:55 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-07-23 15:55 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-07-23 15:55 . 2012-06-29 16:20 648192 ----a-w- c:\windows\system32\netapi32.dll
2013-07-23 15:55 . 2012-11-08 04:26 1570816 ----a-w- c:\windows\system32\quartz.dll
2013-07-23 15:55 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
2013-07-23 15:54 . 2013-03-08 04:17 2425344 ----a-w- c:\windows\system32\mstscax.dll
2013-07-23 15:54 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-07-23 15:54 . 2013-06-04 02:03 2775040 ----a-w- c:\windows\system32\win32k.sys
2013-07-23 15:54 . 2013-05-02 04:16 686080 ----a-w- c:\windows\system32\win32spl.dll
2013-07-23 15:54 . 2013-05-02 04:04 443904 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-07-23 15:54 . 2013-05-02 04:03 37376 ----a-w- c:\windows\SysWow64\printcom.dll
2013-07-23 15:54 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-23 15:54 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-23 15:31 . 2013-07-15 01:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6297C16D-39EA-4AF2-BDF2-2F1AE4F832E8}\mpengine.dll
2013-07-23 15:29 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll
2013-07-23 15:29 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2013-07-23 15:29 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-07-23 15:29 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2013-07-23 15:29 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
2013-07-19 18:51 . 2013-07-19 18:51 -------- d-----w- c:\windows\ERUNT
2013-07-19 18:19 . 2013-07-19 18:19 -------- d-----w- c:\users\Jitka\AppData\Local\ATI
2013-07-19 18:18 . 2013-07-20 15:02 -------- d-----w- c:\users\Jitka\AppData\Local\Adobe
2013-07-19 18:13 . 2013-07-19 18:14 1357 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-18 20:46 . 2013-07-18 20:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-18 20:45 . 2013-07-18 20:45 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-18 17:37 . 2013-07-18 17:44 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-18 17:37 . 2013-07-18 17:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 16:56 . 2013-06-27 17:46 -------- d-----w- c:\program files (x86)\Metro Last Light
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 20:56 . 2011-07-23 14:32 384512 ----a-w- c:\windows\system32\services.exe
2013-07-18 20:45 . 2012-12-01 18:36 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-18 20:45 . 2010-05-05 10:29 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:41 . 2006-11-02 12:35 78185248 ----a-w- c:\windows\system32\mrt.exe
2013-05-15 09:50 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2009-11-04 15:51 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-07-19 . E2D076F2C1239AA6C7412BA6B8B1DE4E . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE" [2012-12-04 773728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
.
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAu64.sys;c:\windows\SYSNATIVE\drivers\AESTAu64.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 12:20 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18 17:44]
.
2013-07-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2013-03-07 12:10]
.
2012-04-07 c:\windows\Tasks\HPCeeScheduleForJitka.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-23 10:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.100.100
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3416734063-1635780789-2204153844-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BFD9DAB5-E315-D7B6-CF1A-175F784DE2E0}*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3416734063-1635780789-2204153844-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:00,79,f7,ed,9e,9b,01,f0,ad,44,4a,61,bb,11,ff,80,9f,ae,12,30,11,84,ef,
d0,d6,e6,4b,bc,9f,d4,d0,30,aa,fa,80,c4,b0,14,d4,1c,ff,87,5c,c0,40,e6,c1,88,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
.
[HKEY_USERS\S-1-5-21-3416734063-1635780789-2204153844-1000\Software\SecuROM\License information*]
"datasecu"=hex:08,11,84,d8,1e,31,0b,6b,fd,9a,92,d1,28,5d,df,b5,8d,63,4d,58,a0,
ac,08,84,e8,f4,62,f3,df,39,16,d0,ab,8e,34,be,d5,cf,df,fa,72,d6,59,48,e5,1e,\
"rkeysecu"=hex:e3,09,90,45,be,37,09,12,f0,16,4f,d2,31,0c,84,36
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{84d4e968-0688-4b4d-9659-fb4c4e611232}\Implemented Categories\{71B2D918-2983-47B3-8337-9BEA15F184DA}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\JSXFile\shell\Edit]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\JSXFile\shell\Open]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Photoshop.Image.10\protocol\StdFileEditing\server]
@DACL=(02 0000)
@="c:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{004BB91A-98DA-406F-BBBF-7A9F122A3AC2}\1.0\0\win32]
@DACL=(02 0000)
@="c:\\Program Files (x86)\\Common Files\\Adobe\\Linguistics\\Providers\\Plugins\\WRLiloPlugin1.0\\WRLiloPlugin.dll"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ESET\ESET Smart Security\x86\ekrn.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Celkový čas: 2013-07-24 17:01:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-07-24 15:01
ComboFix2.txt 2013-07-23 11:26
.
Před spuštěním: Volných bajtů: 26 848 051 200
Po spuštění: Volných bajtů: 25 531 158 528
.
- - End Of File - - 533C60DC575D493A0C04FA635E73F6F1
588AE8F0C685C02BA11F30D9CD7E61A0

pompeus50 · Příspěvekod **pompeus50** » 25 črc 2013 14:47

HijackThis scan

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:46:46, on 25.7.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Jitka\Desktop\programy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11800 bytes

aswMBR scan

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-24 20:08:31
-----------------------------
20:08:31.378 OS Version: Windows x64 6.0.6002 Service Pack 2
20:08:31.378 Number of processors: 2 586 0x170A
20:08:31.380 ComputerName: JITKA-PC UserName: Jitka
20:08:40.765 Initialize success
20:09:10.308 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:09:10.310 Disk 0 Vendor: ST9320320AS HP07 Size: 305245MB BusType: 3
20:09:10.388 Disk 0 MBR read successfully
20:09:10.391 Disk 0 MBR scan
20:09:10.393 Disk 0 unknown MBR code
20:09:10.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294885 MB offset 2048
20:09:10.572 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10356 MB offset 603926528
20:09:10.674 Disk 0 scanning C:\Windows\system32\drivers
20:10:17.040 Service scanning
20:10:48.083 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:10:57.057 Modules scanning
20:10:57.067 Disk 0 trace - called modules:
20:10:57.119 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys >>UNKNOWN [0xfffffa80032bf2c0]<<spcp.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:10:57.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004419790]
20:10:57.133 3 CLASSPNP.SYS[fffffa6000d37c33] -> nt!IofCallDriver -> [0xfffffa80043148a0]
20:10:57.140 5 hpdskflt.sys[fffffa60013eb189] -> nt!IofCallDriver -> [0xfffffa800349f6e0]
20:10:57.147 7 acpi.sys[fffffa6000b7ffde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80034a9060]
20:10:57.154 \Driver\atapi[0xfffffa800345fa50] -> IRP_MJ_CREATE -> 0xfffffa80032bf2c0
20:10:57.161 Scan finished successfully
20:13:44.593 Disk 0 MBR has been saved successfully to "C:\Users\Jitka\Desktop\MBR.dat"
20:13:44.602 The log file has been saved successfully to "C:\Users\Jitka\Desktop\aswMBR.txt"

Příspěvekod **memphisto** » 25 črc 2013 16:38

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

+ Nový log z HJT

Jak se chová PC?

pompeus50 · Příspěvekod **pompeus50** » 25 črc 2013 19:46

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:43:21, on 25.7.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Jitka\Desktop\programy\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0 ... rol_32.CAB
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/CZ/Core/ ... _Win32.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files (x86)\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11557 bytes

Problém se stránkama už je vyřešen.
Myslím si že je už vše OK.
Všem děkuji :-)

Příspěvekod **jaro3** » 25 črc 2013 22:00

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\Services.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

pompeus50 · Příspěvekod **pompeus50** » 26 črc 2013 20:41

https://www.virustotal.com/cs/file/8748 ... 374863770/

Příspěvekod **jaro3** » 26 črc 2013 22:44

Adresa není dostupná.

Poprosil bych o kontrolu

Re: Poprosil bych o kontrolu

Re: Poprosil bych o kontrolu

Re: Poprosil bych o kontrolu

Re: Poprosil bych o kontrolu

Re: Poprosil bych o kontrolu

Re: Poprosil bych o kontrolu

Re: Poprosil bych o kontrolu

Re: Poprosil bych o kontrolu

Kdo je online