A tady je log z ComboFix:
ComboFix 12-08-09.01 - Pavel 11.08.2012 7:29.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1182 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pavel\WINDOWS
c:\program files\driver
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\Web Assistant\ExTEnsion32.dll
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\nsd70.tmp
c:\windows\system32\office.exe
c:\windows\system32\tempdir
c:\windows\system32\tempdir\tinypdf.dll
c:\windows\system32\tempdir\tinypdf.chm
c:\windows\system32\tempdir\tinypdf1.dll
c:\windows\system32\tempdir\tinypdf2.dll
c:\windows\system32\tmp121.tmp
c:\windows\system32\tmp122.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-11 do 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-10 19:25 . 2012-08-10 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 17:18 . 2012-08-10 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\ESET
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\program files\ESET
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-08-10 13:03 . 2012-08-10 13:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2012-08-10 13:01 . 2012-08-10 17:04 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\FileDoumi
2012-08-10 13:01 . 2012-08-10 17:20 -------- d-----w- c:\program files\Daum
2012-08-10 13:00 . 2012-08-11 05:02 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\AppIs
2012-08-10 12:58 . 2012-08-10 12:58 -------- d-----w- c:\program files\PANDORA.TV
2012-08-06 07:36 . 2012-08-06 13:43 -------- d-----w- c:\program files\Safari
2012-08-06 07:26 . 2012-05-10 15:34 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-08-06 07:26 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-08-06 07:26 . 2012-05-11 12:14 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-07-30 17:35 . 2012-07-30 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\IObit
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\winrm
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\GroupPolicy
2012-07-30 11:39 . 2012-07-30 11:39 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-30 11:37 . 2012-05-24 08:48 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-22 19:52 . 2012-07-22 19:52 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\2K Sports
2012-07-22 19:33 . 2012-07-22 19:33 -------- d-----w- c:\program files\2K Sports
2012-07-16 16:36 . 2012-07-17 09:45 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Epson
2012-07-16 16:29 . 2012-07-16 16:29 -------- d-----w- c:\program files\Common Files\EPSON
2012-07-16 16:29 . 2012-07-16 16:23 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-07-16 16:29 . 2012-07-16 16:23 93696 ----a-w- c:\windows\system32\E_TLBHTU.DLL
2012-07-16 16:29 . 2012-07-16 16:23 81408 ----a-w- c:\windows\system32\E_TD4BHTU.DLL
2012-07-16 16:27 . 2012-07-16 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UDL
2012-07-16 16:24 . 2012-07-16 16:24 -------- d-----w- c:\program files\EpsonNet
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\ensppui.dll
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\enppui.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\ensppmon.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\enppmon.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enspres.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enpres.dll
2012-07-16 16:24 . 2012-07-16 16:27 -------- d-----w- c:\program files\EPSON Software
2012-07-16 16:24 . 2012-07-16 16:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EPSON
2012-07-16 16:24 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-07-16 16:24 . 2009-10-15 22:00 12800 ----a-w- c:\windows\system32\escdev.dll
2012-07-16 16:24 . 2009-09-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2012-07-16 16:23 . 2012-07-16 16:23 -------- d-----w- c:\program files\epson
2012-07-16 08:18 . 2012-07-16 08:18 2409872 ----a-w- c:\windows\system32\DaumActiveX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 19:11 . 2012-06-01 17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 19:11 . 2011-08-28 07:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 15:35 . 2009-04-27 12:45 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 15:35 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-30 13:38 . 2009-04-27 12:20 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-30 13:38 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-03 11:46 . 2011-08-28 13:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 14:54 . 2008-09-30 12:50 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 12:00 . 2008-09-30 12:50 20065936 ----a-w- c:\windows\RTHDCPL.EXE
2012-06-05 15:49 . 2008-04-14 03:21 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-09-30 14:25 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-09-30 12:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-09-30 12:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-09-30 14:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-09-30 14:25 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-09-30 12:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-09-30 12:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-09-30 12:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2011-02-15 13:17 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2011-02-15 13:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-02-15 13:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 16:06 . 2008-09-30 12:50 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-05-16 07:59 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 10:18 . 2011-08-25 14:50 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2011-08-25 14:50 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2011-02-22 11:56 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2011-02-22 11:56 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2009-08-16 16:57 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2009-08-16 16:57 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2009-08-16 16:57 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2007-04-19 05:26 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2007-04-19 05:26 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2006-06-01 09:22 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18 . 2006-06-01 09:22 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 09:43 . 2011-12-11 11:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-05-15 09:43 . 2011-12-11 11:52 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-05-15 09:43 . 2011-12-11 11:52 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-05-15 09:43 . 2011-12-11 11:52 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-05-15 09:43 . 2011-12-11 11:52 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-05-15 09:43 . 2011-12-11 11:52 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-05-15 09:43 . 2011-12-11 11:52 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-05-15 09:43 . 2011-12-11 11:52 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-05-15 09:43 . 2011-12-11 11:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-05-15 09:43 . 2011-12-11 11:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-05-15 09:43 . 2011-12-11 11:52 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-05-15 09:43 . 2011-12-11 11:52 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-05-15 09:43 . 2011-12-11 11:52 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-05-15 09:43 . 2011-12-11 11:52 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-05-15 09:43 . 2011-12-11 11:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-05-15 09:43 . 2011-12-11 11:52 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-05-15 09:40 . 2011-12-11 11:52 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2011-12-11 11:52 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2011-12-11 11:52 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2011-12-11 11:52 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2011-12-11 11:52 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-21 16:29 . 2012-05-27 11:57 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
"{bfc39e47-d643-4dc2-aa1d-61377501c844}"= "c:\program files\atube\atubeX.dll" [2011-10-31 81920]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 13:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
2011-10-31 11:02 81920 ----a-w- c:\program files\atube\atubeX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-11-29 13:26 3908192 ----a-w- c:\program files\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
"{bfc39e47-d643-4dc2-aa1d-61377501c844}"= "c:\program files\atube\atubeX.dll" [2011-10-31 81920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-13 185896]
"WinSys2"="c:\windows\system32\winsys2.exe" [2009-08-25 208896]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" [2012-06-20 405832]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 3076144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Content Manager Assistant for PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-01-08 11:00 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2011-08-23 19:20 887976 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSIAfterburner]
2012-06-20 03:55 405832 ----a-w- c:\program files\MSI Afterburner\MSIAfterburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-11-25 07:43 2781000 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"=c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" /s
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Midway Games\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Call of duty 6 MW 2\\iw4mp.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\atube\\dtUser.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2008 18:52 691696]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [26.6.2011 15:06 149376]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [30.9.2008 14:47 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [30.7.2012 13:14 913792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8.9.2011 7:34 974944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [16.7.2012 12:19 1262400]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.11.2010 9:44 2404168]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [30.9.2008 18:42 57152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16.5.2011 8:13 197224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.4.2010 19:03 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15.2.2012 13:30 158856]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [9.5.2012 18:23 185856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.6.2012 19:45 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.5.2011 20:05 1691480]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.4.2010 19:03 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.5.2012 13:57 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.2.2011 16:10 47360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys --> c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 5:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 3:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 3:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 19:11]
.
2012-01-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAVEL-A5C71F66F-Pavel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-08 11:00]
.
2012-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 17:03]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 17:03]
.
2012-08-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-23 19:20]
.
2012-08-10 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daum.net/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://home.sweetim.com/?crg=4.0002002
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 10.152.101.1
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\hymsdyhc.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-11 07:32
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a6,5c,bf,f2,7d,ae,eb,af,9a,7c,3f,9c,a6,19,6d,10,19,f8,12,87,fd,af,41,
46,26,c6,dd,82,a9,91,02,3e,cf,6c,3f,8d,ee,a6,81,fe,cf,d0,3b,30,80,7f,fd,d9,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,47,ff,61,d2,00,f9,3e,72,70,c9,7c,c0,71,80,97,2e,27,58,48,01,
1a,6a,a5,b8,fc,23,ff,cc,f8,63,36,6e,81,5f,77,60,90,42,f1,58,d2,5b,eb,96,9c,\
"rkeysecu"=hex:a8,a3,cb,3b,9e,10,da,4f,e6,ec,6c,62,8a,a7,84,85
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="D09F0BD1FCE4EA6926C5AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DA6A0AC4980AC79330FF22269962B6B7B30AA622D866412E0AB355EB2997D84238D1685C0500C4772A55F2CB46D2C5A563A858E91D75E1D8A9449141849F68359DA2CF6F4519D1C93B075267324D9618F3ACB8851BBB260BDDB5C8813C7DCACCAD88A6D70EEF928CF38BF8A4FDE648E98FCBABCCDAC13E57431FA33DB0681A818BFB08D672F33CF9015CECC16D8BF28C5A013088DB9F36F0D1A36FDD38579D4CB1723F03229213028F635D1B65DA422519B18BCB9048E71496E26497BDEA2424E3E66A14B0ADF174B610C70C64E8FABD73313A1A0436015CF5BE2E8FA3D9636716585A05591CD851129EDF701A1BFA1DB84516F35C0AAB4ABE20A211EDF3BAAE6150FE011938DB3F5FBFBA9C060B899C17FA3D50BD971644A57BD2FD21A354EC72416CB6778070B5BD5D63886A6445954675DF35E027FE400E32441AAD16D020FC1313DE5BEE4AB850BA84EF7A66EDC3F53D8E20BBFE131800465FA5F83145A1BEFFB043A7217E69C421D895EA506549431F12C942D68F4E788AFF24ABE1AA1AF0413653ABB4F432CF562F8A57DA023CA3E09CB9F77A910B49635B36AA637D474A89A99DC5186FB26F3AD235F1B16DF391002B577E27D98C7A6ABBDE2F0E227F45938CABCFEF67D5DE13680BFFE81571F8D474F89C30256E9864C02F9EB5E7B20E9181B1C269FED8B33B6FEA0BFC3889CF1C4F267859745C3D4D4E91B74A8EDC97FE71D5D3A44A04CB4EEFDFD8501A6B84FEA6EC526E3176309074E557E0B4AA914D95A89C36B222005A3D3F88D22995B07AE830138D02EBCE92800DA910E92D9F5A44D4BDE602FEB959CC9572AD1FC52D108E895E00AA6A59403C084C8FE7CDBC404E6F2BC32BB782F249B023F81204FBB74C6A55B024958FAE3C74AD271711178360AF4A0B4ED70EA8AFA0448640667A4F4BDF7F56C19F2DF9CC0CC733B8F425BFC9068E27E206638240D8FCFF26714BE0D5FF41344C9F75E834A4F83F527990820458970EAE04C5AC7EAF9F8692FB2934530AA29C4444E61F1F6B7EA013EA7736969B9481873FCE750213B7848FC847F2B2BCB427024BFAAC54F122CFC8FDE6228AEF9016A4DB34A1FB07117D3A42F2FCFBDAE7B8BBAFA4F60CC0C59510797EDAF3FF340891910411710DCB393ACBBA946CA4B08208B1337A7DE7898A6460D84D4B674C3603618609FA5E0BDD3D09945A82842AE7BD0FC9E05E8CFA6EC23DD67F2A3E85C9BB5338D25D1093BA40217AD921F5249AD751498E5C1AB5256280EADE98C67ECB160AE8416E180C55A62EAE2A5EE64C50D1B17873C344B7FD61305BE1A6827EDD72EB9D2671E190B"
"OODEFRAG14.00.00.01PROFESSIONAL"="FB3F09A3A449E0D2AC3B733FE83942528C8CFCA69F670285440D2D980C7F316CA1F2FAD18BAE6DBF539FF02A3C3A2297F77A9BC2EB9CA3257857C74361BA96F6B57617AD6D2A294E848A5F36537A9A87F8D5D9377AA0961285D3A3AB71E5D8F064708F4046682BD7D7DA45EFA831A84EB3D7343460555BE7B9AFD1C28DA79F0749A8A8DBC3FB60B857913C28E6F81E98BED9B92BE67C48445A41F4BA3E8C6468F48C3B13CA5887D17F53F375EFCE9E17A4DA0ED18BBD86CB20FDC78ABB05F5C9EC2C36BFF1593588C3EB2CAE56172380657E682200FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B5558EDD5E5BE2F6E667091403F7B7A5E29C4A6E90072E6CD2B90972CB5A7E82D56C9F68DB09C2F2ACC7E3AFE92F5B0E1D5B7F4B0D370716E16C48B739790E45A5793C16CC27F817950F7E202309E2EE7E6B6DF4BB09CD06F873C12FF3108DAB2C78424FC533C5D5984809F128AD6F84F71ACF5BEBB2FA6AABB8D94BBB03F07A3D8D602C985EB32A68771883F9BD471B3E6644C26EE0AE0950D6D6D7D1AACF0AEF95241D974E751FFE53268A9EC8D596CB854DC518312CB6FEA16572FED2E6461F1F04649A1C60D797C6100D1E56A66BDBDF51CEC33759DF181F130D8B3C9630E86AD6187E546B09B17297E7055FEB2671929AA04EF9C283BC8655EB4819E0DA33EF5AA421F7B5FB91A9614AE3D27DE3506D584F1A749634534782AA06136E6F225AAE4766FCFE8D40F3F8B8CE92535603769B430C95261A058155369C460C2AA3065693B7CBAB2F898DC88ADFF38C45D563DB390EC06A71C10D6E50E6C0285B6408BC707EC0C5667DE3A36AB241690AD9A273C28ECC7D08BAF0510FC288586758A5AC182C2D794CF01CBF59E7B9D193E4D59FC4FD041E40E5EB645B9316D3C5B75AD619B357180F7B8EB42BA50ECE628ECE84F5D226AF14FD6F7374BED27504FC534FD78B7696EDF744028712648D8E3697A6E58666B88C80202EEA30213E4166738E09B1B90DC0097E076A5B5661C1FAED7274966B644BB058A72556535232F7D172B8A4C039EE11B10BA2B273BFBA433F35D40451010192A658DCA3B3F89F79B8B8C567207B7639823654CABDC14BB8B2A091D5A40276F24B1A1F0E7C9EE374A607618161D9686CCE96F7DE2926D8C69F4C0794EB7F85DD3B2C4F11DD52713A4D669401027B695C251D59A9A14EDF9F13B2E5CE9AB19FA6A034A1ABFB48CCDB95433873722E34FB4A1F97EB0440EC38CD3133161EF84663D9B6205F6FD88C31976C7CEB186315043456266BA226A2C9430BC67F54D811ED77A1A934C37FDCD5A298E3044CAE6DEF8EDFCEEFC4CE36511C664F2590F62C64BEC2EEB3795D0029B9DEC3D5"
.
Celkový čas: 2012-08-11 07:34:20
ComboFix-quarantined-files.txt 2012-08-11 05:34
.
Před spuštěním: Volných bajtů: 56 812 371 968
Po spuštění: Volných bajtů: 57 682 739 200
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=YHB8IQ
[spybotsd]
timeout.old=30
.
- - End Of File - - 4CE3B27F308FF51732B00D2CCBB0505E
Avira hlásí virus - nedaří se ho zlikvidovat Vyřešeno
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Tady je log z HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:46:34, on 11.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\Content Manager Assistant\CMA.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0002002
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
R3 - URLSearchHook: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files\MSI Afterburner\MSIAfterburner.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-21-2025429265-606747145-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2025429265-606747145-839522115-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Content Manager Assistant for PlayStation(R).lnk = C:\Program Files\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2784641250
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
--
End of file - 15465 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:46:34, on 11.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\Content Manager Assistant\CMA.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0002002
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
R3 - URLSearchHook: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files\MSI Afterburner\MSIAfterburner.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-21-2025429265-606747145-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2025429265-606747145-839522115-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Content Manager Assistant for PlayStation(R).lnk = C:\Program Files\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2784641250
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
--
End of file - 15465 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Odinstaluj:
BS Player Toolbar
aTube Toolbar
Ask Toolbar
Conduit Engine
DAEMON Tools Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
BS Player Toolbar
aTube Toolbar
Ask Toolbar
Conduit Engine
DAEMON Tools Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
R3 - URLSearchHook: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O2 - BHO: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: aTube Toolbar - {bfc39e47-d643-4dc2-aa1d-61377501c844} - C:\Program Files\atube\atubeX.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKUS\S-1-5-21-2025429265-606747145-839522115-1005\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser')
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
File::
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater\Updater.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\program files\Ask.com\UpdateTask.exe
Folder::
c:\program files\Ask.com
c:\program files\ConduitEngine
c:\program files\Google\Update
c:\program files\Skype\Updater
Driver::
gupdate
SkypeUpdate
gupdatem
SetupNTGLM7X
WinRing0_1_2_0
Registry::
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[-HKEY_CLASSES_ROOT\clsid\{bfc39e47-d643-4dc2-aa1d-61377501c844}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
DDS::
uStart Page = hxxp://www.daum.net/
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Tady je log z HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:55, on 11.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Content Manager Assistant\CMA.exe
C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0002002
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files\MSI Afterburner\MSIAfterburner.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2025429265-606747145-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Content Manager Assistant for PlayStation(R).lnk = C:\Program Files\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2784641250
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
--
End of file - 12984 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:55, on 11.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Content Manager Assistant\CMA.exe
C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0002002
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files\MSI Afterburner\MSIAfterburner.exe" /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2025429265-606747145-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Content Manager Assistant for PlayStation(R).lnk = C:\Program Files\Sony\Content Manager Assistant\CMA.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2784641250
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
--
End of file - 12984 bytes
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Tady je ComboFix:
ComboFix 12-08-09.01 - Pavel 11.08.2012 12:32:15.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1183 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\program files\Ask.com\GenericAskToolbar.dll"
"c:\program files\Ask.com\Updater\Updater.exe"
"c:\program files\Ask.com\UpdateTask.exe"
"c:\program files\ConduitEngine\ConduitEngine.dll"
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\program files\Skype\Updater\Updater.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Thumbs.db
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.115\goopdate.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.115\psmachine.dll
c:\program files\Google\Update\1.3.21.115\psuser.dll
c:\program files\Google\Update\Download\{13A8E022-7994-4DB3-8C2C-D9F4C0A5B5EF}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.115\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\21.0.1180.60\21.0.1180.60_20.0.1132.57_chrome_updater.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\21.0.1180.60\21.0.1180.60_chrome_installer.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.2.2.6613.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Legacy_SETUPNTGLM7X
-------\Legacy_SKYPEUPDATE
-------\Legacy_WINRING0_1_2_0
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_SetupNTGLM7X
-------\Service_SkypeUpdate
-------\Service_WinRing0_1_2_0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-11 do 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 05:45 . 2012-08-11 05:45 388096 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-11 05:45 . 2012-08-11 05:45 -------- d-----w- c:\program files\Trend Micro
2012-08-10 19:25 . 2012-08-10 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 17:18 . 2012-08-10 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\ESET
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\program files\ESET
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-08-10 13:03 . 2012-08-10 13:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2012-08-10 13:01 . 2012-08-10 17:04 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\FileDoumi
2012-08-10 13:01 . 2012-08-10 17:20 -------- d-----w- c:\program files\Daum
2012-08-10 13:00 . 2012-08-11 05:02 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\AppIs
2012-08-10 12:58 . 2012-08-10 12:58 -------- d-----w- c:\program files\PANDORA.TV
2012-08-06 07:36 . 2012-08-06 13:43 -------- d-----w- c:\program files\Safari
2012-08-06 07:26 . 2012-05-10 15:34 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-08-06 07:26 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-08-06 07:26 . 2012-05-11 12:14 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-07-30 17:35 . 2012-07-30 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\IObit
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\winrm
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\GroupPolicy
2012-07-30 11:39 . 2012-07-30 11:39 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-30 11:37 . 2012-05-24 08:48 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-22 19:52 . 2012-07-22 19:52 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\2K Sports
2012-07-22 19:33 . 2012-07-22 19:33 -------- d-----w- c:\program files\2K Sports
2012-07-16 16:36 . 2012-07-17 09:45 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Epson
2012-07-16 16:29 . 2012-07-16 16:29 -------- d-----w- c:\program files\Common Files\EPSON
2012-07-16 16:29 . 2012-07-16 16:23 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-07-16 16:29 . 2012-07-16 16:23 93696 ----a-w- c:\windows\system32\E_TLBHTU.DLL
2012-07-16 16:29 . 2012-07-16 16:23 81408 ----a-w- c:\windows\system32\E_TD4BHTU.DLL
2012-07-16 16:27 . 2012-07-16 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UDL
2012-07-16 16:24 . 2012-07-16 16:24 -------- d-----w- c:\program files\EpsonNet
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\ensppui.dll
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\enppui.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\ensppmon.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\enppmon.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enspres.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enpres.dll
2012-07-16 16:24 . 2012-07-16 16:27 -------- d-----w- c:\program files\EPSON Software
2012-07-16 16:24 . 2012-07-16 16:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EPSON
2012-07-16 16:24 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-07-16 16:24 . 2009-10-15 22:00 12800 ----a-w- c:\windows\system32\escdev.dll
2012-07-16 16:24 . 2009-09-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2012-07-16 16:23 . 2012-07-16 16:23 -------- d-----w- c:\program files\epson
2012-07-16 08:18 . 2012-07-16 08:18 2409872 ----a-w- c:\windows\system32\DaumActiveX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 19:11 . 2012-06-01 17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 19:11 . 2011-08-28 07:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 15:35 . 2009-04-27 12:45 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 15:35 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-30 13:38 . 2009-04-27 12:20 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-30 13:38 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-03 11:46 . 2011-08-28 13:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 14:54 . 2008-09-30 12:50 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 12:00 . 2008-09-30 12:50 20065936 ----a-w- c:\windows\RTHDCPL.EXE
2012-06-05 15:49 . 2008-04-14 03:21 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-09-30 14:25 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-09-30 12:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-09-30 12:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-09-30 14:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-09-30 14:25 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-09-30 12:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-09-30 12:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-09-30 12:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2011-02-15 13:17 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2011-02-15 13:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-02-15 13:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 16:06 . 2008-09-30 12:50 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-05-16 07:59 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 10:18 . 2011-08-25 14:50 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2011-08-25 14:50 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2011-02-22 11:56 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2011-02-22 11:56 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2009-08-16 16:57 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2009-08-16 16:57 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2009-08-16 16:57 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2007-04-19 05:26 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2007-04-19 05:26 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2006-06-01 09:22 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18 . 2006-06-01 09:22 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 09:43 . 2011-12-11 11:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-05-15 09:43 . 2011-12-11 11:52 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-05-15 09:43 . 2011-12-11 11:52 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-05-15 09:43 . 2011-12-11 11:52 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-05-15 09:43 . 2011-12-11 11:52 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-05-15 09:43 . 2011-12-11 11:52 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-05-15 09:43 . 2011-12-11 11:52 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-05-15 09:43 . 2011-12-11 11:52 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-05-15 09:43 . 2011-12-11 11:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-05-15 09:43 . 2011-12-11 11:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-05-15 09:43 . 2011-12-11 11:52 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-05-15 09:43 . 2011-12-11 11:52 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-05-15 09:43 . 2011-12-11 11:52 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-05-15 09:43 . 2011-12-11 11:52 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-05-15 09:43 . 2011-12-11 11:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-05-15 09:43 . 2011-12-11 11:52 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-05-15 09:40 . 2011-12-11 11:52 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2011-12-11 11:52 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2011-12-11 11:52 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2011-12-11 11:52 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2011-12-11 11:52 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-21 16:29 . 2012-05-27 11:57 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-11_05.32.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-11 10:39 . 2012-08-11 10:39 16384 c:\windows\temp\Perflib_Perfdata_7d0.dat
+ 2012-08-11 05:45 . 2012-08-11 05:45 1094656 c:\windows\Installer\151c4f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" [2012-06-20 405832]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 3076144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Content Manager Assistant for PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-01-08 11:00 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSIAfterburner]
2012-06-20 03:55 405832 ----a-w- c:\program files\MSI Afterburner\MSIAfterburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-11-25 07:43 2781000 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"=c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" /s
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Midway Games\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Call of duty 6 MW 2\\iw4mp.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\atube\\dtUser.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2008 18:52 691696]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [26.6.2011 15:06 149376]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [30.9.2008 14:47 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [30.7.2012 13:14 913792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8.9.2011 7:34 974944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [16.7.2012 12:19 1262400]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.11.2010 9:44 2404168]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [9.5.2012 18:23 185856]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [30.9.2008 18:42 57152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16.5.2011 8:13 197224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.6.2012 19:45 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.5.2011 20:05 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.5.2012 13:57 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.2.2011 16:10 47360]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 5:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 3:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 3:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 19:11]
.
2012-01-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAVEL-A5C71F66F-Pavel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-08 11:00]
.
2012-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-11 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://home.sweetim.com/?crg=4.0002002
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 10.152.101.1
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\hymsdyhc.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-11 12:40
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a6,5c,bf,f2,7d,ae,eb,af,9a,7c,3f,9c,a6,19,6d,10,19,f8,12,87,fd,af,41,
46,26,c6,dd,82,a9,91,02,3e,cf,6c,3f,8d,ee,a6,81,fe,cf,d0,3b,30,80,7f,fd,d9,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,47,ff,61,d2,00,f9,3e,72,70,c9,7c,c0,71,80,97,2e,27,58,48,01,
1a,6a,a5,b8,fc,23,ff,cc,f8,63,36,6e,81,5f,77,60,90,42,f1,58,d2,5b,eb,96,9c,\
"rkeysecu"=hex:a8,a3,cb,3b,9e,10,da,4f,e6,ec,6c,62,8a,a7,84,85
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="D09F0BD1FCE4EA6926C5AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DA6A0AC4980AC79330FF22269962B6B7B30AA622D866412E0AB355EB2997D84238D1685C0500C4772A55F2CB46D2C5A563A858E91D75E1D8A9449141849F68359DA2CF6F4519D1C93B075267324D9618F3ACB8851BBB260BDDB5C8813C7DCACCAD88A6D70EEF928CF38BF8A4FDE648E98FCBABCCDAC13E57431FA33DB0681A818BFB08D672F33CF9015CECC16D8BF28C5A013088DB9F36F0D1A36FDD38579D4CB1723F03229213028F635D1B65DA422519B18BCB9048E71496E26497BDEA2424E3E66A14B0ADF174B610C70C64E8FABD73313A1A0436015CF5BE2E8FA3D9636716585A05591CD851129EDF701A1BFA1DB84516F35C0AAB4ABE20A211EDF3BAAE6150FE011938DB3F5FBFBA9C060B899C17FA3D50BD971644A57BD2FD21A354EC72416CB6778070B5BD5D63886A6445954675DF35E027FE400E32441AAD16D020FC1313DE5BEE4AB850BA84EF7A66EDC3F53D8E20BBFE131800465FA5F83145A1BEFFB043A7217E69C421D895EA506549431F12C942D68F4E788AFF24ABE1AA1AF0413653ABB4F432CF562F8A57DA023CA3E09CB9F77A910B49635B36AA637D474A89A99DC5186FB26F3AD235F1B16DF391002B577E27D98C7A6ABBDE2F0E227F45938CABCFEF67D5DE13680BFFE81571F8D474F89C30256E9864C02F9EB5E7B20E9181B1C269FED8B33B6FEA0BFC3889CF1C4F267859745C3D4D4E91B74A8EDC97FE71D5D3A44A04CB4EEFDFD8501A6B84FEA6EC526E3176309074E557E0B4AA914D95A89C36B222005A3D3F88D22995B07AE830138D02EBCE92800DA910E92D9F5A44D4BDE602FEB959CC9572AD1FC52D108E895E00AA6A59403C084C8FE7CDBC404E6F2BC32BB782F249B023F81204FBB74C6A55B024958FAE3C74AD271711178360AF4A0B4ED70EA8AFA0448640667A4F4BDF7F56C19F2DF9CC0CC733B8F425BFC9068E27E206638240D8FCFF26714BE0D5FF41344C9F75E834A4F83F527990820458970EAE04C5AC7EAF9F8692FB2934530AA29C4444E61F1F6B7EA013EA7736969B9481873FCE750213B7848FC847F2B2BCB427024BFAAC54F122CFC8FDE6228AEF9016A4DB34A1FB07117D3A42F2FCFBDAE7B8BBAFA4F60CC0C59510797EDAF3FF340891910411710DCB393ACBBA946CA4B08208B1337A7DE7898A6460D84D4B674C3603618609FA5E0BDD3D09945A82842AE7BD0FC9E05E8CFA6EC23DD67F2A3E85C9BB5338D25D1093BA40217AD921F5249AD751498E5C1AB5256280EADE98C67ECB160AE8416E180C55A62EAE2A5EE64C50D1B17873C344B7FD61305BE1A6827EDD72EB9D2671E190B"
"OODEFRAG14.00.00.01PROFESSIONAL"="FB3F09A3A449E0D2AC3B733FE83942528C8CFCA69F670285440D2D980C7F316CA1F2FAD18BAE6DBF539FF02A3C3A2297F77A9BC2EB9CA3257857C74361BA96F6B57617AD6D2A294E848A5F36537A9A87F8D5D9377AA0961285D3A3AB71E5D8F064708F4046682BD7D7DA45EFA831A84EB3D7343460555BE7B9AFD1C28DA79F0749A8A8DBC3FB60B857913C28E6F81E98BED9B92BE67C48445A41F4BA3E8C6468F48C3B13CA5887D17F53F375EFCE9E17A4DA0ED18BBD86CB20FDC78ABB05F5C9EC2C36BFF1593588C3EB2CAE56172380657E682200FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B5558EDD5E5BE2F6E667091403F7B7A5E29C4A6E90072E6CD2B90972CB5A7E82D56C9F68DB09C2F2ACC7E3AFE92F5B0E1D5B7F4B0D370716E16C48B739790E45A5793C16CC27F817950F7E202309E2EE7E6B6DF4BB09CD06F873C12FF3108DAB2C78424FC533C5D5984809F128AD6F84F71ACF5BEBB2FA6AABB8D94BBB03F07A3D8D602C985EB32A68771883F9BD471B3E6644C26EE0AE0950D6D6D7D1AACF0AEF95241D974E751FFE53268A9EC8D596CB854DC518312CB6FEA16572FED2E6461F1F04649A1C60D797C6100D1E56A66BDBDF51CEC33759DF181F130D8B3C9630E86AD6187E546B09B17297E7055FEB2671929AA04EF9C283BC8655EB4819E0DA33EF5AA421F7B5FB91A9614AE3D27DE3506D584F1A749634534782AA06136E6F225AAE4766FCFE8D40F3F8B8CE92535603769B430C95261A058155369C460C2AA3065693B7CBAB2F898DC88ADFF38C45D563DB390EC06A71C10D6E50E6C0285B6408BC707EC0C5667DE3A36AB241690AD9A273C28ECC7D08BAF0510FC288586758A5AC182C2D794CF01CBF59E7B9D193E4D59FC4FD041E40E5EB645B9316D3C5B75AD619B357180F7B8EB42BA50ECE628ECE84F5D226AF14FD6F7374BED27504FC534FD78B7696EDF744028712648D8E3697A6E58666B88C80202EEA30213E4166738E09B1B90DC0097E076A5B5661C1FAED7274966B644BB058A72556535232F7D172B8A4C039EE11B10BA2B273BFBA433F35D40451010192A658DCA3B3F89F79B8B8C567207B7639823654CABDC14BB8B2A091D5A40276F24B1A1F0E7C9EE374A607618161D9686CCE96F7DE2926D8C69F4C0794EB7F85DD3B2C4F11DD52713A4D669401027B695C251D59A9A14EDF9F13B2E5CE9AB19FA6A034A1ABFB48CCDB95433873722E34FB4A1F97EB0440EC38CD3133161EF84663D9B6205F6FD88C31976C7CEB186315043456266BA226A2C9430BC67F54D811ED77A1A934C37FDCD5A298E3044CAE6DEF8EDFCEEFC4CE36511C664F2590F62C64BEC2EEB3795D0029B9DEC3D5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2216)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Sony\Content Manager Assistant\CMAWatcher.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-08-11 12:43:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-11 10:42
.
Před spuštěním: Volných bajtů: 58 900 942 848
Po spuštění: Volných bajtů: 58 644 983 808
.
- - End Of File - - 338730DF0720003DAEF7DD354DFD820B
ComboFix 12-08-09.01 - Pavel 11.08.2012 12:32:15.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1183 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\program files\Ask.com\GenericAskToolbar.dll"
"c:\program files\Ask.com\Updater\Updater.exe"
"c:\program files\Ask.com\UpdateTask.exe"
"c:\program files\ConduitEngine\ConduitEngine.dll"
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\program files\Skype\Updater\Updater.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Thumbs.db
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.115\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.115\goopdate.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.115\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.115\psmachine.dll
c:\program files\Google\Update\1.3.21.115\psuser.dll
c:\program files\Google\Update\Download\{13A8E022-7994-4DB3-8C2C-D9F4C0A5B5EF}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.115\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\21.0.1180.60\21.0.1180.60_20.0.1132.57_chrome_updater.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\21.0.1180.60\21.0.1180.60_chrome_installer.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.2.2.6613.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Legacy_SETUPNTGLM7X
-------\Legacy_SKYPEUPDATE
-------\Legacy_WINRING0_1_2_0
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_SetupNTGLM7X
-------\Service_SkypeUpdate
-------\Service_WinRing0_1_2_0
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-11 do 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 05:45 . 2012-08-11 05:45 388096 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-11 05:45 . 2012-08-11 05:45 -------- d-----w- c:\program files\Trend Micro
2012-08-10 19:25 . 2012-08-10 19:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 17:18 . 2012-08-10 17:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-08-10 17:03 . 2012-08-10 17:03 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\ESET
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\program files\ESET
2012-08-10 16:56 . 2012-08-10 16:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-08-10 13:03 . 2012-08-10 13:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Tarma Installer
2012-08-10 13:01 . 2012-08-10 17:04 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\FileDoumi
2012-08-10 13:01 . 2012-08-10 17:20 -------- d-----w- c:\program files\Daum
2012-08-10 13:00 . 2012-08-11 05:02 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\AppIs
2012-08-10 12:58 . 2012-08-10 12:58 -------- d-----w- c:\program files\PANDORA.TV
2012-08-06 07:36 . 2012-08-06 13:43 -------- d-----w- c:\program files\Safari
2012-08-06 07:26 . 2012-05-10 15:34 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-08-06 07:26 . 2011-11-22 14:28 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-08-06 07:26 . 2012-05-11 12:14 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-07-30 17:35 . 2012-07-30 17:35 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\IObit
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\winrm
2012-07-30 11:39 . 2012-07-30 11:39 -------- d-----w- c:\windows\system32\GroupPolicy
2012-07-30 11:39 . 2012-07-30 11:39 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-30 11:37 . 2012-05-24 08:48 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-22 19:52 . 2012-07-22 19:52 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\2K Sports
2012-07-22 19:33 . 2012-07-22 19:33 -------- d-----w- c:\program files\2K Sports
2012-07-16 16:36 . 2012-07-17 09:45 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\Epson
2012-07-16 16:29 . 2012-07-16 16:29 -------- d-----w- c:\program files\Common Files\EPSON
2012-07-16 16:29 . 2012-07-16 16:23 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-07-16 16:29 . 2012-07-16 16:23 93696 ----a-w- c:\windows\system32\E_TLBHTU.DLL
2012-07-16 16:29 . 2012-07-16 16:23 81408 ----a-w- c:\windows\system32\E_TD4BHTU.DLL
2012-07-16 16:27 . 2012-07-16 16:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\UDL
2012-07-16 16:24 . 2012-07-16 16:24 -------- d-----w- c:\program files\EpsonNet
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\ensppui.dll
2012-07-16 16:24 . 2010-09-13 13:01 458129 ----a-w- c:\windows\system32\enppui.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\ensppmon.dll
2012-07-16 16:24 . 2010-09-13 13:00 475410 ----a-w- c:\windows\system32\enppmon.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enspres.dll
2012-07-16 16:24 . 2008-06-18 09:49 249344 ----a-w- c:\windows\system32\enpres.dll
2012-07-16 16:24 . 2012-07-16 16:27 -------- d-----w- c:\program files\EPSON Software
2012-07-16 16:24 . 2012-07-16 16:30 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EPSON
2012-07-16 16:24 . 2009-10-15 22:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-07-16 16:24 . 2009-10-15 22:00 12800 ----a-w- c:\windows\system32\escdev.dll
2012-07-16 16:24 . 2009-09-16 22:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2012-07-16 16:23 . 2012-07-16 16:23 -------- d-----w- c:\program files\epson
2012-07-16 08:18 . 2012-07-16 08:18 2409872 ----a-w- c:\windows\system32\DaumActiveX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 19:11 . 2012-06-01 17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 19:11 . 2011-08-28 07:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 15:35 . 2009-04-27 12:45 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-06 15:35 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-30 13:38 . 2009-04-27 12:20 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-30 13:38 . 2009-04-27 12:20 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-07-03 11:46 . 2011-08-28 13:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 14:54 . 2008-09-30 12:50 6141584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2012-06-13 13:55 . 2006-03-02 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 12:00 . 2008-09-30 12:50 20065936 ----a-w- c:\windows\RTHDCPL.EXE
2012-06-05 15:49 . 2008-04-14 03:21 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-09-30 14:25 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-09-30 12:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-09-30 12:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-09-30 14:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-09-30 14:25 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-09-30 14:25 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-09-30 12:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-09-30 12:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-09-30 12:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-09-30 12:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2011-02-15 13:17 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2011-02-15 13:17 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-02-15 13:17 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-03-02 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-25 16:06 . 2008-09-30 12:50 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-05-16 07:59 . 2006-03-02 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 10:18 . 2011-08-25 14:50 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2011-08-25 14:50 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2011-02-22 11:56 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2011-02-22 11:56 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2009-08-16 16:57 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2009-08-16 16:57 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2009-08-16 16:57 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2007-04-19 05:26 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2007-04-19 05:26 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2006-06-01 09:22 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18 . 2006-06-01 09:22 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 09:43 . 2011-12-11 11:52 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2012-05-15 09:43 . 2011-12-11 11:52 126976 ----a-w- c:\windows\system32\nvrszht.dll
2012-05-15 09:43 . 2011-12-11 11:52 282624 ----a-w- c:\windows\system32\nvrsit.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrsth.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrssv.dll
2012-05-15 09:43 . 2011-12-11 11:52 335872 ----a-w- c:\windows\system32\nvrsar.dll
2012-05-15 09:43 . 2011-12-11 11:52 282624 ----a-w- c:\windows\system32\nvrsel.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2012-05-15 09:43 . 2011-12-11 11:52 266240 ----a-w- c:\windows\system32\nvrsko.dll
2012-05-15 09:43 . 2011-12-11 11:52 249856 ----a-w- c:\windows\system32\nvrseng.dll
2012-05-15 09:43 . 2011-12-11 11:52 335872 ----a-w- c:\windows\system32\nvrshe.dll
2012-05-15 09:43 . 2011-12-11 11:52 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrspt.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrssl.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrsno.dll
2012-05-15 09:43 . 2011-12-11 11:52 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2012-05-15 09:43 . 2011-12-11 11:52 282624 ----a-w- c:\windows\system32\nvrses.dll
2012-05-15 09:43 . 2011-12-11 11:52 270336 ----a-w- c:\windows\system32\nvrsru.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrssk.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrstr.dll
2012-05-15 09:43 . 2011-12-11 11:52 262144 ----a-w- c:\windows\system32\nvrshu.dll
2012-05-15 09:43 . 2011-12-11 11:52 253952 ----a-w- c:\windows\system32\nvrsda.dll
2012-05-15 09:43 . 2011-12-11 11:52 274432 ----a-w- c:\windows\system32\nvrsja.dll
2012-05-15 09:43 . 2011-12-11 11:52 258048 ----a-w- c:\windows\system32\nvrspl.dll
2012-05-15 09:43 . 2011-12-11 11:52 278528 ----a-w- c:\windows\system32\nvrsde.dll
2012-05-15 09:43 . 2011-12-11 11:52 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2012-05-15 09:43 . 2011-12-11 11:52 249856 ----a-w- c:\windows\system32\nvrscs.dll
2012-05-15 09:40 . 2011-12-11 11:52 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2011-12-11 11:52 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2011-12-11 11:52 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2011-12-11 11:52 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2011-12-11 11:52 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-21 16:29 . 2012-05-27 11:57 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-11_05.32.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-11 10:39 . 2012-08-11 10:39 16384 c:\windows\temp\Perflib_Perfdata_7d0.dat
+ 2012-08-11 05:45 . 2012-08-11 05:45 1094656 c:\windows\Installer\151c4f.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2005-08-09 413696]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"GamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 380928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" [2012-06-20 405832]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 3076144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Content Manager Assistant for PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-01-08 11:00 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSIAfterburner]
2012-06-20 03:55 405832 ----a-w- c:\program files\MSI Afterburner\MSIAfterburner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-11-25 07:43 2781000 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"=c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"iTunesHelper"=c:\program files\iTunes\iTunesHelper.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"MSIAfterburner"="c:\program files\MSI Afterburner\MSIAfterburner.exe" /s
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Midway Games\\Wheelman\\Binaries\\WheelmanGame-Final.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Split Second\\SplitSecond.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Call of duty 6 MW 2\\iw4mp.dat"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\atube\\dtUser.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\2K Sports\\NBA 2K12\\nba2k12.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.9.2008 18:52 691696]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [26.6.2011 15:06 149376]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [30.9.2008 14:47 13696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [30.7.2012 13:14 913792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [8.9.2011 7:34 974944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [16.7.2012 12:19 1262400]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [25.11.2010 9:44 2404168]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [9.5.2012 18:23 185856]
R3 PhTVTune;Cap7134 TVTuner;c:\windows\system32\drivers\PhTVTune.sys [30.9.2008 18:42 57152]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [16.5.2011 8:13 197224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.6.2012 19:45 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [15.5.2011 20:05 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12.6.2011 12:15 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27.5.2012 13:57 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [14.2.2011 16:10 47360]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.7.2009 5:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.3.2009 3:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.3.2009 3:23 366936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 19:11]
.
2012-01-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PAVEL-A5C71F66F-Pavel.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-08 11:00]
.
2012-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-11 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 12:49]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://home.sweetim.com/?crg=4.0002002
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 10.152.101.1
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\hymsdyhc.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-11 12:40
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:a6,5c,bf,f2,7d,ae,eb,af,9a,7c,3f,9c,a6,19,6d,10,19,f8,12,87,fd,af,41,
46,26,c6,dd,82,a9,91,02,3e,cf,6c,3f,8d,ee,a6,81,fe,cf,d0,3b,30,80,7f,fd,d9,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-2025429265-606747145-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:47,47,ff,61,d2,00,f9,3e,72,70,c9,7c,c0,71,80,97,2e,27,58,48,01,
1a,6a,a5,b8,fc,23,ff,cc,f8,63,36,6e,81,5f,77,60,90,42,f1,58,d2,5b,eb,96,9c,\
"rkeysecu"=hex:a8,a3,cb,3b,9e,10,da,4f,e6,ec,6c,62,8a,a7,84,85
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="D09F0BD1FCE4EA6926C5AAFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3DA6A0AC4980AC79330FF22269962B6B7B30AA622D866412E0AB355EB2997D84238D1685C0500C4772A55F2CB46D2C5A563A858E91D75E1D8A9449141849F68359DA2CF6F4519D1C93B075267324D9618F3ACB8851BBB260BDDB5C8813C7DCACCAD88A6D70EEF928CF38BF8A4FDE648E98FCBABCCDAC13E57431FA33DB0681A818BFB08D672F33CF9015CECC16D8BF28C5A013088DB9F36F0D1A36FDD38579D4CB1723F03229213028F635D1B65DA422519B18BCB9048E71496E26497BDEA2424E3E66A14B0ADF174B610C70C64E8FABD73313A1A0436015CF5BE2E8FA3D9636716585A05591CD851129EDF701A1BFA1DB84516F35C0AAB4ABE20A211EDF3BAAE6150FE011938DB3F5FBFBA9C060B899C17FA3D50BD971644A57BD2FD21A354EC72416CB6778070B5BD5D63886A6445954675DF35E027FE400E32441AAD16D020FC1313DE5BEE4AB850BA84EF7A66EDC3F53D8E20BBFE131800465FA5F83145A1BEFFB043A7217E69C421D895EA506549431F12C942D68F4E788AFF24ABE1AA1AF0413653ABB4F432CF562F8A57DA023CA3E09CB9F77A910B49635B36AA637D474A89A99DC5186FB26F3AD235F1B16DF391002B577E27D98C7A6ABBDE2F0E227F45938CABCFEF67D5DE13680BFFE81571F8D474F89C30256E9864C02F9EB5E7B20E9181B1C269FED8B33B6FEA0BFC3889CF1C4F267859745C3D4D4E91B74A8EDC97FE71D5D3A44A04CB4EEFDFD8501A6B84FEA6EC526E3176309074E557E0B4AA914D95A89C36B222005A3D3F88D22995B07AE830138D02EBCE92800DA910E92D9F5A44D4BDE602FEB959CC9572AD1FC52D108E895E00AA6A59403C084C8FE7CDBC404E6F2BC32BB782F249B023F81204FBB74C6A55B024958FAE3C74AD271711178360AF4A0B4ED70EA8AFA0448640667A4F4BDF7F56C19F2DF9CC0CC733B8F425BFC9068E27E206638240D8FCFF26714BE0D5FF41344C9F75E834A4F83F527990820458970EAE04C5AC7EAF9F8692FB2934530AA29C4444E61F1F6B7EA013EA7736969B9481873FCE750213B7848FC847F2B2BCB427024BFAAC54F122CFC8FDE6228AEF9016A4DB34A1FB07117D3A42F2FCFBDAE7B8BBAFA4F60CC0C59510797EDAF3FF340891910411710DCB393ACBBA946CA4B08208B1337A7DE7898A6460D84D4B674C3603618609FA5E0BDD3D09945A82842AE7BD0FC9E05E8CFA6EC23DD67F2A3E85C9BB5338D25D1093BA40217AD921F5249AD751498E5C1AB5256280EADE98C67ECB160AE8416E180C55A62EAE2A5EE64C50D1B17873C344B7FD61305BE1A6827EDD72EB9D2671E190B"
"OODEFRAG14.00.00.01PROFESSIONAL"="FB3F09A3A449E0D2AC3B733FE83942528C8CFCA69F670285440D2D980C7F316CA1F2FAD18BAE6DBF539FF02A3C3A2297F77A9BC2EB9CA3257857C74361BA96F6B57617AD6D2A294E848A5F36537A9A87F8D5D9377AA0961285D3A3AB71E5D8F064708F4046682BD7D7DA45EFA831A84EB3D7343460555BE7B9AFD1C28DA79F0749A8A8DBC3FB60B857913C28E6F81E98BED9B92BE67C48445A41F4BA3E8C6468F48C3B13CA5887D17F53F375EFCE9E17A4DA0ED18BBD86CB20FDC78ABB05F5C9EC2C36BFF1593588C3EB2CAE56172380657E682200FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A2D97226D213B5558EDD5E5BE2F6E667091403F7B7A5E29C4A6E90072E6CD2B90972CB5A7E82D56C9F68DB09C2F2ACC7E3AFE92F5B0E1D5B7F4B0D370716E16C48B739790E45A5793C16CC27F817950F7E202309E2EE7E6B6DF4BB09CD06F873C12FF3108DAB2C78424FC533C5D5984809F128AD6F84F71ACF5BEBB2FA6AABB8D94BBB03F07A3D8D602C985EB32A68771883F9BD471B3E6644C26EE0AE0950D6D6D7D1AACF0AEF95241D974E751FFE53268A9EC8D596CB854DC518312CB6FEA16572FED2E6461F1F04649A1C60D797C6100D1E56A66BDBDF51CEC33759DF181F130D8B3C9630E86AD6187E546B09B17297E7055FEB2671929AA04EF9C283BC8655EB4819E0DA33EF5AA421F7B5FB91A9614AE3D27DE3506D584F1A749634534782AA06136E6F225AAE4766FCFE8D40F3F8B8CE92535603769B430C95261A058155369C460C2AA3065693B7CBAB2F898DC88ADFF38C45D563DB390EC06A71C10D6E50E6C0285B6408BC707EC0C5667DE3A36AB241690AD9A273C28ECC7D08BAF0510FC288586758A5AC182C2D794CF01CBF59E7B9D193E4D59FC4FD041E40E5EB645B9316D3C5B75AD619B357180F7B8EB42BA50ECE628ECE84F5D226AF14FD6F7374BED27504FC534FD78B7696EDF744028712648D8E3697A6E58666B88C80202EEA30213E4166738E09B1B90DC0097E076A5B5661C1FAED7274966B644BB058A72556535232F7D172B8A4C039EE11B10BA2B273BFBA433F35D40451010192A658DCA3B3F89F79B8B8C567207B7639823654CABDC14BB8B2A091D5A40276F24B1A1F0E7C9EE374A607618161D9686CCE96F7DE2926D8C69F4C0794EB7F85DD3B2C4F11DD52713A4D669401027B695C251D59A9A14EDF9F13B2E5CE9AB19FA6A034A1ABFB48CCDB95433873722E34FB4A1F97EB0440EC38CD3133161EF84663D9B6205F6FD88C31976C7CEB186315043456266BA226A2C9430BC67F54D811ED77A1A934C37FDCD5A298E3044CAE6DEF8EDFCEEFC4CE36511C664F2590F62C64BEC2EEB3795D0029B9DEC3D5"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2216)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1029\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Sony\Content Manager Assistant\CMAWatcher.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2012-08-11 12:43:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-11 10:42
.
Před spuštěním: Volných bajtů: 58 900 942 848
Po spuštění: Volných bajtů: 58 644 983 808
.
- - End Of File - - 338730DF0720003DAEF7DD354DFD820B
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Tady je aswMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-11 12:45:20
-----------------------------
12:45:20.234 OS Version: Windows 5.1.2600 Service Pack 3
12:45:20.234 Number of processors: 2 586 0x1706
12:45:20.234 ComputerName: PAVEL-A5C71F66F UserName: Pavel
12:45:21.750 Initialize success
12:45:29.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:45:29.046 Disk 0 Vendor: WDC_WD2500JS-00MHB0 02.01C03 Size: 238475MB BusType: 3
12:45:29.046 Disk 0 MBR read successfully
12:45:29.046 Disk 0 MBR scan
12:45:29.046 Disk 0 Windows XP default MBR code
12:45:29.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
12:45:29.046 Disk 0 scanning sectors +488376000
12:45:29.125 Disk 0 scanning C:\WINDOWS\system32\drivers
12:45:33.828 Service scanning
12:45:36.109 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
12:45:39.562 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
12:45:41.390 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:45:43.562 Modules scanning
12:45:47.859 Disk 0 trace - called modules:
12:45:47.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spxv.sys >>UNKNOWN [0x8a67d938]<<
12:45:47.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a610ab8]
12:45:47.875 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8a62a9e8]
12:45:47.875 5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a5ce940]
12:45:47.875 \Driver\atapi[0x8a5d1330] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xb80e98b4]
12:45:47.875 Scan finished successfully
12:45:56.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pavel\Plocha\MBR.dat"
12:45:56.890 The log file has been saved successfully to "C:\Documents and Settings\Pavel\Plocha\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-11 12:45:20
-----------------------------
12:45:20.234 OS Version: Windows 5.1.2600 Service Pack 3
12:45:20.234 Number of processors: 2 586 0x1706
12:45:20.234 ComputerName: PAVEL-A5C71F66F UserName: Pavel
12:45:21.750 Initialize success
12:45:29.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:45:29.046 Disk 0 Vendor: WDC_WD2500JS-00MHB0 02.01C03 Size: 238475MB BusType: 3
12:45:29.046 Disk 0 MBR read successfully
12:45:29.046 Disk 0 MBR scan
12:45:29.046 Disk 0 Windows XP default MBR code
12:45:29.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
12:45:29.046 Disk 0 scanning sectors +488376000
12:45:29.125 Disk 0 scanning C:\WINDOWS\system32\drivers
12:45:33.828 Service scanning
12:45:36.109 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
12:45:39.562 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
12:45:41.390 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
12:45:43.562 Modules scanning
12:45:47.859 Disk 0 trace - called modules:
12:45:47.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spxv.sys >>UNKNOWN [0x8a67d938]<<
12:45:47.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a610ab8]
12:45:47.875 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8a62a9e8]
12:45:47.875 5 ACPI.sys[b7e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a5ce940]
12:45:47.875 \Driver\atapi[0x8a5d1330] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xb80e98b4]
12:45:47.875 Scan finished successfully
12:45:56.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Pavel\Plocha\MBR.dat"
12:45:56.890 The log file has been saved successfully to "C:\Documents and Settings\Pavel\Plocha\aswMBR.txt"
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Avira hlásí virus - nedaří se ho zlikvidovat
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.
Start-spustit-napiš: notepad ,do něho vlož tento celý text:
uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.
Stáhni si GMER
Po stažení aplikaci rozbal a spusť, probehne rychlý sken a otevře se hlavní okno programu:
pokud klikneš na tlačítko Save vpravo dole, muzeš vyexportovat první log, ktery vloziš sem.
Abychom se dostali k "hlavnímu" skenu a získaní logu z něj, ponechame v pravem sloupci zafajfkovane vsechny polozky a klikneme na tlacitko Scan
Vyčkej konce skenu (což trvá tak kolem pěti- deseti minut), pote opět klikni na tlačitko Save a vyexportuj log čislo 2,i tento log vlož sem.
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.
Start-spustit-napiš: notepad ,do něho vlož tento celý text:
Kód: Vybrat vše
dir \spxv.sys /a h /s > File.txt uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.
Stáhni si GMER
Po stažení aplikaci rozbal a spusť, probehne rychlý sken a otevře se hlavní okno programu:
pokud klikneš na tlačítko Save vpravo dole, muzeš vyexportovat první log, ktery vloziš sem.
Abychom se dostali k "hlavnímu" skenu a získaní logu z něj, ponechame v pravem sloupci zafajfkovane vsechny polozky a klikneme na tlacitko Scan
Vyčkej konce skenu (což trvá tak kolem pěti- deseti minut), pote opět klikni na tlačitko Save a vyexportuj log čislo 2,i tento log vlož sem.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Tady máš ten text z toho souboru:
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 10AD-2E4B.
A tady je 1 log z GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-12 14:02:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD2500JS-00MHB0 rev.02.01C03
Running: gmer.exe; Driver: C:\DOCUME~1\Pavel\LOCALS~1\Temp\pxkcaaow.sys
---- System - GMER 1.0.15 ----
SSDT spao.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spao.sys ZwEnumerateValueKey [0xB7ECE132]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a7xlsjs1 \Device\Scsi\a7xlsjs11 8A37D1F8
Device \Driver\a7xlsjs1 \Device\Scsi\a7xlsjs11 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a7xlsjs1 \Device\Scsi\a7xlsjs11Port3Path0Target0Lun0 8A37D1F8
Device \Driver\a7xlsjs1 \Device\Scsi\a7xlsjs11Port3Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Ntfs \Ntfs 8A65C1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- EOF - GMER 1.0.15 ----
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je 10AD-2E4B.
A tady je 1 log z GMER:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-12 14:02:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD2500JS-00MHB0 rev.02.01C03
Running: gmer.exe; Driver: C:\DOCUME~1\Pavel\LOCALS~1\Temp\pxkcaaow.sys
---- System - GMER 1.0.15 ----
SSDT spao.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spao.sys ZwEnumerateValueKey [0xB7ECE132]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a7xlsjs1 \Device\Scsi\a7xlsjs11 8A37D1F8
Device \Driver\a7xlsjs1 \Device\Scsi\a7xlsjs11 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a7xlsjs1 \Device\Scsi\a7xlsjs11Port3Path0Target0Lun0 8A37D1F8
Device \Driver\a7xlsjs1 \Device\Scsi\a7xlsjs11Port3Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Ntfs \Ntfs 8A65C1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- EOF - GMER 1.0.15 ----
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Tady je 2 log z GMER:
- Přílohy
-
- 2.rar
- Je moc velký tak jsem to nechtěl rozdělovat
- (25.54 KiB) Staženo 9 x
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Avira hlásí virus - nedaří se ho zlikvidovat
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:WINDOWSsystem32\Drivers\PROCEXP113.SYS
C:\windows\system32\DRIVERS\i8042prt.sys
C:\windows\system32\Drivers\a7xlsjs1.SYS
C:\windows\system32\Drivers\a7xlsjs1.SYS
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Toto otestuj na Virustotal
C:WINDOWSsystem32\Drivers\PROCEXP113.SYS
C:\windows\system32\DRIVERS\i8042prt.sys
C:\windows\system32\Drivers\a7xlsjs1.SYS
C:\windows\system32\Drivers\a7xlsjs1.SYS
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Ani jedno jsem nemohl otestovat protože jsem ho nemohl najít. (V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému) tohle všechno jsem udělal.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Avira hlásí virus - nedaří se ho zlikvidovat
Zkus na VirusTotalu vložit myší do okénka:
ak postupně další:
Kód: Vybrat vše
C:WINDOWSsystem32\Drivers\PROCEXP113.SYS ak postupně další:
Kód: Vybrat vše
C:\windows\system32\DRIVERS\i8042prt.sysKód: Vybrat vše
C:\windows\system32\Drivers\a7xlsjs1.SYSKód: Vybrat vše
C:\windows\system32\Drivers\a7xlsjs1.SYSPři práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 0 hostů