log:
ComboFix 11-07-29.01 - Admin 29.07.2011 13:35:52.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.1976.1572 [GMT 2:00]
Spuštěný z: c:\users\Admin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Admin\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\IWinampPlayer.xpt
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\IWinampUninstallObserver.xpt
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampUninstallObserver.js
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome.manifest
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome\winamptoolbar.jar
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\install.rdf
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\MANIFEST.MF
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\ZIGBERT.RSA
c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF\ZIGBERT.SF
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-29 11:43 . 2011-07-29 11:43 0 ---ha-w- c:\users\Admin\AppData\Local\BIT3938.tmp
2011-07-29 11:41 . 2011-07-29 11:44 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-07-29 11:41 . 2011-07-29 11:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-29 08:04 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-29 08:04 . 2011-07-29 08:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-29 08:04 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-28 10:36 . 2011-07-29 10:11 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-28 10:36 . 2011-07-29 08:48 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-27 20:49 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-27 20:49 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-27 20:49 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-27 20:49 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-27 20:49 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-07-27 20:46 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-07-27 20:46 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-07-27 20:46 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-07-27 20:45 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-07-27 17:16 . 2011-07-27 17:16 -------- d-----w- c:\program files\CCleaner
2011-07-27 17:12 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-27 17:12 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-27 17:12 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-27 17:12 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-27 17:12 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-27 17:12 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-27 17:12 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-27 17:12 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-27 09:30 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-27 09:30 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-27 09:27 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-07-27 09:27 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-07-27 09:27 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-27 09:25 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-07-27 08:31 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2011-07-27 08:30 . 2011-07-27 08:30 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2011-07-27 08:30 . 2011-07-27 08:30 -------- d-----w- c:\programdata\Malwarebytes
2011-07-27 08:26 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-07-27 08:09 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-07-27 08:07 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2011-07-27 08:07 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-07-27 08:07 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-07-27 08:07 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-07-27 08:07 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-07-27 08:07 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-07-27 08:07 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-07-27 08:07 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-07-27 08:07 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-07-27 08:07 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-07-27 08:07 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-07-27 07:34 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-27 07:33 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-07-27 07:33 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-07-27 07:33 . 2009-09-10 15:21 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-07-27 07:33 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-07-27 07:33 . 2009-07-14 10:59 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2011-07-27 07:33 . 2009-07-14 10:58 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2011-07-27 07:33 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-07-27 07:33 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-07-27 07:33 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-07-27 07:22 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2011-07-27 07:22 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2011-07-26 20:27 . 2011-07-27 19:39 -------- d-----w- c:\program files\PC Tools Security
2011-07-26 20:27 . 2011-07-27 19:39 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-26 18:46 . 2011-07-27 18:17 -------- d-----w- c:\programdata\PC Tools
2011-07-26 18:39 . 2011-07-29 07:54 -------- d-----w- c:\program files\trend micro
2011-07-26 18:39 . 2011-07-29 07:45 -------- d-----w- C:\rsit
2011-07-26 17:16 . 2011-07-29 08:48 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-26 17:16 . 2011-07-29 08:48 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-26 17:16 . 2011-07-26 17:16 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-26 17:16 . 2011-07-26 17:16 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-26 14:04 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-07-26 14:03 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2011-07-26 08:42 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-07-26 08:42 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-07-26 08:42 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-07-26 08:42 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-07-26 08:42 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2011-07-26 08:42 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2011-07-26 08:42 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-07-26 08:42 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-07-26 08:42 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-07-25 09:51 . 2011-07-28 09:13 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-25 09:21 . 2011-07-25 09:21 -------- d-----w- c:\windows\ufa
2011-07-25 09:08 . 2011-07-25 09:21 246272 ----a-w- c:\windows\unrar.exe
2011-07-25 08:52 . 2011-07-29 08:48 -------- d--h--w- c:\windows\update.tray-15-0
2011-07-25 08:52 . 2011-07-25 08:52 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-07-25 08:38 . 2011-07-28 10:38 -------- d-----w- c:\windows\av_ico
2011-07-25 08:36 . 2011-07-29 08:48 -------- d--h--w- c:\windows\update.tray-9-0
2011-07-25 08:36 . 2011-07-25 08:36 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-07-25 08:36 . 2011-07-29 08:48 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-25 08:36 . 2011-07-25 08:36 -------- d--h--w- c:\windows\update.tray-12-0-lnk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-14 11:03 . 2009-02-26 14:34 952 --sha-w- c:\programdata\KGyGaAvL.sys
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [2009-12-14 2166296]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-12-14 20:05 2166296 ----a-w- c:\program files\PHPNukeEN\tbPHP1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [2009-12-14 2166296]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [2009-12-14 2166296]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-25 24064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [N/A]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [N/A]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [N/A]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 20:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2976463575-3142370300-3099192814-1003]
"EnableNotificationsRef"=dword:00000001
.
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [x]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
R3 AVerAF35;AVerMedia A867 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys [2010-01-29 477312]
R3 AVerIR;AVerMedia Infrared Receiver;c:\windows\system32\DRIVERS\AVerIR.sys [2010-01-12 88576]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]
R3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-02-25 24064]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [2007-12-26 17968]
R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 BsStor;InCD Storage Helper Driver;c:\windows\System32\DRIVERS\bsstor.sys [2002-06-05 9344]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S2 BsUDF;InCD UDF Driver; [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-30 112128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-04-08 43736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 21:44]
.
2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-27 21:44]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{CEA7D3BF-D8FF-4C67-80D2-1E52F99EC23D}: NameServer = 213.155.229.197
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g27nrq0s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3564)
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2011-07-29 13:49:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-29 11:48
ComboFix2.txt 2011-07-29 09:03
.
Před spuštěním: Volných bajtů: 56 352 169 984
Po spuštění: Volných bajtů: 54 148 890 624
.
- - End Of File - - 21FE7770E5346721F8EB0B8264B15352
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Facebook vir
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Facebook vir
Neprovedlo se co melo, takze na to pujdem jinak 
Stahnete OTM (viz muj podpis)
Stahnete OTM (viz muj podpis)
- Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
- Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:reg [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000000 "DisableThumbnailCache"=dword:00000000 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=- "Malwarebytes' Anti-Malware"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"=- :files c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\unrar.exe c:\windows\ufa c:\windows\update.tray-15-0 c:\windows\update.tray-15-0-lnk c:\windows\av_ico c:\windows\update.tray-9-0 c:\windows\update.tray-9-0-lnk c:\windows\update.tray-12-0 c:\windows\update.tray-12-0-lnk c:\windows\update.tray-3-0 c:\windows\update.tray-2-0 c:\windows\update.tray-3-0-lnk c:\windows\update.tray-2-0-lnk c:\windows\update.tray-7-0 c:\windows\update.tray-7-0-lnk %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Kliknete na cervene tlacitko MoveIt!
- Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Facebook vir
log z OTM:
All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"DisableThumbnailCache"|dword:00000000 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
========== FILES ==========
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\unrar.exe moved successfully.
c:\windows\ufa folder moved successfully.
c:\windows\update.tray-15-0 folder moved successfully.
c:\windows\update.tray-15-0-lnk folder moved successfully.
c:\windows\av_ico folder moved successfully.
c:\windows\update.tray-9-0 folder moved successfully.
c:\windows\update.tray-9-0-lnk folder moved successfully.
c:\windows\update.tray-12-0 folder moved successfully.
c:\windows\update.tray-12-0-lnk folder moved successfully.
c:\windows\update.tray-3-0 folder moved successfully.
c:\windows\update.tray-2-0 folder moved successfully.
c:\windows\update.tray-3-0-lnk folder moved successfully.
c:\windows\update.tray-2-0-lnk folder moved successfully.
c:\windows\update.tray-7-0 folder moved successfully.
c:\windows\update.tray-7-0-lnk folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 236632 bytes
->Temporary Internet Files folder emptied: 7580646 bytes
->Java cache emptied: 18633 bytes
->FireFox cache emptied: 68559170 bytes
->Flash cache emptied: 3202 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 75 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 10431389 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 83,00 mb
OTM by OldTimer - Version 3.1.18.0 log created on 07292011_182959
All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"DisableThumbnailCache"|dword:00000000 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
========== FILES ==========
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\unrar.exe moved successfully.
c:\windows\ufa folder moved successfully.
c:\windows\update.tray-15-0 folder moved successfully.
c:\windows\update.tray-15-0-lnk folder moved successfully.
c:\windows\av_ico folder moved successfully.
c:\windows\update.tray-9-0 folder moved successfully.
c:\windows\update.tray-9-0-lnk folder moved successfully.
c:\windows\update.tray-12-0 folder moved successfully.
c:\windows\update.tray-12-0-lnk folder moved successfully.
c:\windows\update.tray-3-0 folder moved successfully.
c:\windows\update.tray-2-0 folder moved successfully.
c:\windows\update.tray-3-0-lnk folder moved successfully.
c:\windows\update.tray-2-0-lnk folder moved successfully.
c:\windows\update.tray-7-0 folder moved successfully.
c:\windows\update.tray-7-0-lnk folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 236632 bytes
->Temporary Internet Files folder emptied: 7580646 bytes
->Java cache emptied: 18633 bytes
->FireFox cache emptied: 68559170 bytes
->Flash cache emptied: 3202 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 75 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 10431389 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 83,00 mb
OTM by OldTimer - Version 3.1.18.0 log created on 07292011_182959
Re: Facebook vir
Jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Facebook vir
chová se asi normálně, půjdu zkusit instalovat avast...
Re: Facebook vir
Tak jeste uklidime
Odinstalujte Combofix
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner (viz muj podpis)
Panel čistič
Nainstalujte Avast free http://www.avast.com/cs-cz/free-antivirus-download
Napiste co PC
Odinstalujte Combofix
- Prejmenujte ComboFix na Uninstall
- Spustte jej
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner (viz muj podpis)Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Nainstalujte Avast free http://www.avast.com/cs-cz/free-antivirus-download Napiste co PC"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Facebook vir
PC v pohodě.. díky 
P.S. nemám to ještě projet Malwarebytes Anti-Malware ??
P.S. nemám to ještě projet Malwarebytes Anti-Malware ??
Re: Facebook vir
Preventivne muzete, pokud bude nalze, tak sem dejte log
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Facebook vir
ještě nesmyslně skáče využití PC z 5% na 56%, ale spíše se to drží kolem 50% a to nic není spuštěné..
Jen v pozadí jede Avast (nemyslím test) a wifi je zaplá...
taky fyzická paměť jede kolem 62%...
Jen v pozadí jede Avast (nemyslím test) a wifi je zaplá...
taky fyzická paměť jede kolem 62%...
Re: Facebook vir
Ktery proces vytezuje nejvice CPU
Poprosim o novy log z RSIT
Poprosim o novy log z RSIT
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?