Dobrý den, prosím o pomoc. Na mém pc nejde zapnout centrum zabezpečení a nejdou mi spustit některé programi. Přikládám log z rsit. Děkuji
Logfile of random's system information tool 1.09 (written by random/random)
Run by arch at 2011-08-04 06:13:16
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 189 GB (79%) free of 240 GB
Total RAM: 8191 MB (83% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:13:19, on 4.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\arch.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\arch\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Network Server.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
O4 - Global Startup: SolidWorks Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE365A2F-7948-49C5-95FC-52CFB7DD977B}: NameServer = 192.168.10.32
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9320 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1636
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe"
rundll32.exe "C:\Program Files\NVIDIA Corporation\nView\nview64.dll",nViewInitialize
rundll32.exe "C:\Program Files\NVIDIA Corporation\nView\nview.dll",nViewInitialize
rundll32.exe "C:\Program Files\NVIDIA Corporation\nView\nview.dll",nViewInitialize
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=172.cf3a160.1592136378 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.5.0" -omnijar C:\Program Files (x86)\Mozilla Firefox\omni.jar 172 \\.\pipe\gecko-crash-server-pipe.172 plugin
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
"C:\Users\arch\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1468393963-1670124420-4184208903-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1468393963-1670124420-4184208903-1000UA.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
=========Mozilla firefox=========
ProfilePath - C:\Users\arch\AppData\Roaming\Mozilla\Firefox\Profiles\xsp9e1ki.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-21 42272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-08-18 8067616]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-08-26 1875048]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2918656]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\arch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 136176]
"ICQ"=C:\Program Files (x86)\ICQ7.5\ICQ.exe [2011-08-01 124480]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-09-06 413696]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Network Server.lnk - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
SolidWorks Nástroj pro stahování na pozadí.lnk - C:\Program Files (x86)\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-08-04 06:12:06 ----D---- C:\rsit
2011-08-04 06:12:06 ----D---- C:\Program Files\trend micro
2011-08-03 12:37:45 ----SHD---- C:\Config.Msi
2011-08-02 08:46:23 ----D---- C:\ProgramData\Sun
2011-08-02 08:46:17 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-08-02 08:46:17 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-08-02 08:46:17 ----A---- C:\Windows\SYSWOW64\java.exe
2011-08-02 08:46:17 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-08-01 07:46:31 ----D---- C:\Users\arch\AppData\Roaming\Abvent
2011-08-01 07:46:31 ----D---- C:\ProgramData\Abvent
2011-08-01 07:46:30 ----D---- C:\Users\arch\AppData\Roaming\Abvent_Artlantis3
2011-08-01 07:44:51 ----D---- C:\Program Files (x86)\Artlantis Studio 3
2011-07-13 06:12:54 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 06:12:54 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 06:12:54 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 06:12:53 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 06:12:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 06:12:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 06:12:52 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 06:12:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 06:12:37 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 06:12:31 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 06:12:29 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 06:12:29 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 06:12:29 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 06:12:28 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 06:12:28 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 06:12:28 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 06:12:28 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 06:12:28 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 06:12:28 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 06:12:28 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 06:12:28 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 06:12:27 ----A---- C:\Windows\SYSWOW64\user.exe
======List of files/folders modified in the last 1 month======
2011-08-04 06:13:17 ----D---- C:\Windows\Temp
2011-08-04 06:12:14 ----D---- C:\Windows\Prefetch
2011-08-04 06:12:06 ----RD---- C:\Program Files
2011-08-04 06:12:02 ----D---- C:\Users\arch\AppData\Roaming\ICQ
2011-08-04 06:10:17 ----D---- C:\Windows\system32\config
2011-08-04 06:02:37 ----D---- C:\Windows\System32
2011-08-04 06:02:37 ----D---- C:\Windows\inf
2011-08-04 06:02:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-03 14:31:26 ----D---- C:\RTSStavitel
2011-08-03 13:53:17 ----D---- C:\Users\arch\AppData\Roaming\.RTS
2011-08-03 13:28:07 ----D---- C:\Program Files (x86)\ICQ7.5
2011-08-03 13:22:28 ----SHD---- C:\Windows\Installer
2011-08-03 13:21:00 ----D---- C:\Windows\SysWOW64
2011-08-03 13:19:51 ----D---- C:\Windows
2011-08-03 13:08:13 ----D---- C:\ProgramData\FLEXnet
2011-08-03 12:44:26 ----D---- C:\Windows\debug
2011-08-03 12:37:48 ----RD---- C:\Program Files (x86)
2011-08-03 12:37:38 ----SHD---- C:\System Volume Information
2011-08-02 08:46:23 ----HD---- C:\ProgramData
2011-08-02 08:46:23 ----D---- C:\Program Files (x86)\Common Files
2011-08-02 08:46:13 ----D---- C:\Program Files (x86)\Java
2011-08-01 09:11:45 ----D---- C:\Users\arch\AppData\Roaming\SolidWorks
2011-07-14 06:08:28 ----D---- C:\Windows\winsxs
2011-07-14 06:07:14 ----D---- C:\Windows\AppPatch
2011-07-14 06:07:13 ----D---- C:\Windows\system32\DriverStore
2011-07-13 14:41:40 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 14:41:34 ----D---- C:\ProgramData\Microsoft Help
2011-07-13 10:41:21 ----D---- C:\Windows\system32\NDF
2011-07-13 06:12:09 ----D---- C:\Windows\system32\catroot2
2011-07-13 06:12:09 ----D---- C:\Windows\system32\catroot
2011-07-08 12:37:24 ----D---- C:\Windows\system32\FxsTmp
2011-07-08 12:19:20 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-07-07 13:48:52 ----D---- C:\Program Files (x86)\Xella2010
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey64.sys [2006-11-22 107008]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-08-18 1983264]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-09-26 159336]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 42360]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-12 1431888]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2011-05-12 79360]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o pomoc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o pomoc
Zdravím, tohle fixni v HJT :
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\arch\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
HJT najdeš zde :
C:\Program Files\trend micro\arch.exe
Fix znamená že spustíš HJT
jako admin
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\arch\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
HJT najdeš zde :
C:\Program Files\trend micro\arch.exe
Fix znamená že spustíš HJT
jako adminv okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Smaž nepotřebné soubory
pomocí CCleaneru
návod :
Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš
Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)
čištění registru je třeba několikrát zopakovat !
Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: Prosím o pomoc
Zde je log z combofixu:
ComboFix 11-08-03.03 - arch 04.08.2011 13:33:08.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6882 [GMT 2:00]
Spuštěný z: c:\users\arch\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-04 do 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-08-04 11:35 . 2011-08-04 11:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-04 11:29 . 2011-08-04 11:29 -------- d-----w- c:\program files (x86)\CCleaner
2011-08-04 04:12 . 2011-08-04 11:28 -------- d-----w- c:\program files\trend micro
2011-08-04 04:12 . 2011-08-04 04:12 -------- d-----w- C:\rsit
2011-08-02 06:46 . 2011-08-02 06:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-02 06:46 . 2011-05-04 02:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-08-02 06:46 . 2011-05-04 02:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-01 05:46 . 2011-08-01 05:46 -------- d-----w- c:\programdata\Abvent
2011-08-01 05:46 . 2011-08-01 05:46 -------- d-----w- c:\users\arch\AppData\Roaming\Abvent
2011-08-01 05:44 . 2011-08-01 05:49 -------- d-----w- c:\program files (x86)\Artlantis Studio 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 03:55 . 2011-05-18 04:08 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-24 06:18 . 2011-06-24 06:18 78336 ----a-r- c:\users\arch\AppData\Roaming\Microsoft\Installer\{28282EB4-E9BE-48C1-A7DF-629885E5ED49}\Icon28282EB4.exe
2011-06-10 09:30 . 2011-06-10 09:30 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-10 09:30 . 2011-06-10 09:30 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-10 09:30 . 2011-06-10 09:30 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-10 09:30 . 2011-06-10 09:30 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-10 09:30 . 2011-06-10 09:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-10 09:30 . 2011-06-10 09:30 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-10 09:30 . 2011-06-10 09:30 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-10 09:30 . 2011-06-10 09:30 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-10 09:30 . 2011-06-10 09:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-10 09:30 . 2011-06-10 09:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-10 09:30 . 2011-06-10 09:30 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-10 09:30 . 2011-06-10 09:30 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-10 09:30 . 2011-06-10 09:30 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-10 09:30 . 2011-06-10 09:30 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-10 09:30 . 2011-06-10 09:30 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-10 09:30 . 2011-06-10 09:30 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-10 09:30 . 2011-06-10 09:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-10 09:30 . 2011-06-10 09:30 448512 ----a-w- c:\windows\system32\html.iec
2011-06-10 09:30 . 2011-06-10 09:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-10 09:30 . 2011-06-10 09:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-10 09:30 . 2011-06-10 09:30 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-10 09:30 . 2011-06-10 09:30 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-10 09:30 . 2011-06-10 09:30 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-10 09:30 . 2011-06-10 09:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-10 09:30 . 2011-06-10 09:30 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-10 09:30 . 2011-06-10 09:30 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-10 09:30 . 2011-06-10 09:30 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-10 09:30 . 2011-06-10 09:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-10 09:30 . 2011-06-10 09:30 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-10 09:30 . 2011-06-10 09:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-10 09:30 . 2011-06-10 09:30 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-10 09:30 . 2011-06-10 09:30 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-10 09:30 . 2011-06-10 09:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-10 09:30 . 2011-06-10 09:30 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-10 09:30 . 2011-06-10 09:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-10 09:30 . 2011-06-10 09:30 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-10 09:30 . 2011-06-10 09:30 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-10 09:30 . 2011-06-10 09:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-10 09:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-10 09:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-08 09:01 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-03 05:57 . 2011-07-13 04:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 11:42 . 2011-06-29 03:58 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 03:58 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 03:58 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 03:58 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 03:58 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-09 22:00 . 2011-06-13 04:03 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF937E49-696C-4895-9110-703C8D15F1C9}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2011-6-21 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-12 1431888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1468393963-1670124420-4184208903-1000Core.job
- c:\users\arch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 04:35]
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1468393963-1670124420-4184208903-1000UA.job
- c:\users\arch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 04:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1875048]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: Interfaces\{BE365A2F-7948-49C5-95FC-52CFB7DD977B}: NameServer = 192.168.10.32
FF - ProfilePath - c:\users\arch\AppData\Roaming\Mozilla\Firefox\Profiles\xsp9e1ki.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2011-08-04 13:40:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-04 11:40
.
Před spuštěním: Volných bajtů: 196 807 217 152
Po spuštění: Volných bajtů: 196 647 903 232
.
- - End Of File - - 60605067CAAEE103431C1B00550A0880
ComboFix 11-08-03.03 - arch 04.08.2011 13:33:08.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6882 [GMT 2:00]
Spuštěný z: c:\users\arch\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-04 do 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-08-04 11:35 . 2011-08-04 11:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-04 11:29 . 2011-08-04 11:29 -------- d-----w- c:\program files (x86)\CCleaner
2011-08-04 04:12 . 2011-08-04 11:28 -------- d-----w- c:\program files\trend micro
2011-08-04 04:12 . 2011-08-04 04:12 -------- d-----w- C:\rsit
2011-08-02 06:46 . 2011-08-02 06:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-02 06:46 . 2011-05-04 02:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-08-02 06:46 . 2011-05-04 02:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-01 05:46 . 2011-08-01 05:46 -------- d-----w- c:\programdata\Abvent
2011-08-01 05:46 . 2011-08-01 05:46 -------- d-----w- c:\users\arch\AppData\Roaming\Abvent
2011-08-01 05:44 . 2011-08-01 05:49 -------- d-----w- c:\program files (x86)\Artlantis Studio 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 03:55 . 2011-05-18 04:08 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-24 06:18 . 2011-06-24 06:18 78336 ----a-r- c:\users\arch\AppData\Roaming\Microsoft\Installer\{28282EB4-E9BE-48C1-A7DF-629885E5ED49}\Icon28282EB4.exe
2011-06-10 09:30 . 2011-06-10 09:30 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-10 09:30 . 2011-06-10 09:30 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-10 09:30 . 2011-06-10 09:30 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-10 09:30 . 2011-06-10 09:30 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-10 09:30 . 2011-06-10 09:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-10 09:30 . 2011-06-10 09:30 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-10 09:30 . 2011-06-10 09:30 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-10 09:30 . 2011-06-10 09:30 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-10 09:30 . 2011-06-10 09:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-10 09:30 . 2011-06-10 09:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-10 09:30 . 2011-06-10 09:30 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-10 09:30 . 2011-06-10 09:30 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-10 09:30 . 2011-06-10 09:30 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-10 09:30 . 2011-06-10 09:30 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-10 09:30 . 2011-06-10 09:30 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-10 09:30 . 2011-06-10 09:30 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-10 09:30 . 2011-06-10 09:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-10 09:30 . 2011-06-10 09:30 448512 ----a-w- c:\windows\system32\html.iec
2011-06-10 09:30 . 2011-06-10 09:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-10 09:30 . 2011-06-10 09:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-10 09:30 . 2011-06-10 09:30 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-10 09:30 . 2011-06-10 09:30 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-10 09:30 . 2011-06-10 09:30 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-10 09:30 . 2011-06-10 09:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-10 09:30 . 2011-06-10 09:30 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-10 09:30 . 2011-06-10 09:30 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-10 09:30 . 2011-06-10 09:30 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-10 09:30 . 2011-06-10 09:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-10 09:30 . 2011-06-10 09:30 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-10 09:30 . 2011-06-10 09:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-10 09:30 . 2011-06-10 09:30 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-10 09:30 . 2011-06-10 09:30 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-10 09:30 . 2011-06-10 09:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-10 09:30 . 2011-06-10 09:30 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-10 09:30 . 2011-06-10 09:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-10 09:30 . 2011-06-10 09:30 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-10 09:30 . 2011-06-10 09:30 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-10 09:30 . 2011-06-10 09:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-10 09:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-10 09:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-08 09:01 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-03 05:57 . 2011-07-13 04:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 11:42 . 2011-06-29 03:58 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 03:58 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 03:58 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 03:58 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 03:58 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-09 22:00 . 2011-06-13 04:03 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF937E49-696C-4895-9110-703C8D15F1C9}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2011-6-21 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-12 1431888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1468393963-1670124420-4184208903-1000Core.job
- c:\users\arch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 04:35]
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1468393963-1670124420-4184208903-1000UA.job
- c:\users\arch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 04:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1875048]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: Interfaces\{BE365A2F-7948-49C5-95FC-52CFB7DD977B}: NameServer = 192.168.10.32
FF - ProfilePath - c:\users\arch\AppData\Roaming\Mozilla\Firefox\Profiles\xsp9e1ki.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2011-08-04 13:40:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-04 11:40
.
Před spuštěním: Volných bajtů: 196 807 217 152
Po spuštění: Volných bajtů: 196 647 903 232
.
- - End Of File - - 60605067CAAEE103431C1B00550A0880
Re: Prosím o pomoc
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
V mezičase přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter
a mrkni zda je služba Centrum zabezpečení na Automaticky (Zpožděné spuštění) pak restartni PC nebo ji zkusit rovnou spustit
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
V mezičase přes Start >> Všechny programy >> Příslušenství >> Spustit >> napiš - services.msc >> Enter
a mrkni zda je služba Centrum zabezpečení na Automaticky (Zpožděné spuštění) pak restartni PC nebo ji zkusit rovnou spustit
Re: Prosím o pomoc
Dobrý ráno, tady je ten další log:
ComboFix 11-08-03.03 - arch 05.08.2011 8:08.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6786 [GMT 2:00]
Spuštěný z: c:\users\arch\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\arch\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-05 do 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 06:10 . 2011-08-05 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-05 06:10 . 2011-08-05 06:10 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
2011-08-04 11:29 . 2011-08-04 11:29 -------- d-----w- c:\program files (x86)\CCleaner
2011-08-04 04:12 . 2011-08-04 11:28 -------- d-----w- c:\program files\trend micro
2011-08-04 04:12 . 2011-08-04 04:12 -------- d-----w- C:\rsit
2011-08-02 06:46 . 2011-08-02 06:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-02 06:46 . 2011-05-04 02:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-08-02 06:46 . 2011-05-04 02:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-01 05:46 . 2011-08-01 05:46 -------- d-----w- c:\programdata\Abvent
2011-08-01 05:46 . 2011-08-01 05:46 -------- d-----w- c:\users\arch\AppData\Roaming\Abvent
2011-08-01 05:44 . 2011-08-01 05:49 -------- d-----w- c:\program files (x86)\Artlantis Studio 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 03:55 . 2011-05-18 04:08 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-24 06:18 . 2011-06-24 06:18 78336 ----a-r- c:\users\arch\AppData\Roaming\Microsoft\Installer\{28282EB4-E9BE-48C1-A7DF-629885E5ED49}\Icon28282EB4.exe
2011-06-10 09:30 . 2011-06-10 09:30 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-10 09:30 . 2011-06-10 09:30 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-10 09:30 . 2011-06-10 09:30 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-10 09:30 . 2011-06-10 09:30 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-10 09:30 . 2011-06-10 09:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-10 09:30 . 2011-06-10 09:30 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-10 09:30 . 2011-06-10 09:30 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-10 09:30 . 2011-06-10 09:30 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-10 09:30 . 2011-06-10 09:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-10 09:30 . 2011-06-10 09:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-10 09:30 . 2011-06-10 09:30 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-10 09:30 . 2011-06-10 09:30 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-10 09:30 . 2011-06-10 09:30 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-10 09:30 . 2011-06-10 09:30 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-10 09:30 . 2011-06-10 09:30 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-10 09:30 . 2011-06-10 09:30 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-10 09:30 . 2011-06-10 09:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-10 09:30 . 2011-06-10 09:30 448512 ----a-w- c:\windows\system32\html.iec
2011-06-10 09:30 . 2011-06-10 09:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-10 09:30 . 2011-06-10 09:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-10 09:30 . 2011-06-10 09:30 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-10 09:30 . 2011-06-10 09:30 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-10 09:30 . 2011-06-10 09:30 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-10 09:30 . 2011-06-10 09:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-10 09:30 . 2011-06-10 09:30 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-10 09:30 . 2011-06-10 09:30 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-10 09:30 . 2011-06-10 09:30 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-10 09:30 . 2011-06-10 09:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-10 09:30 . 2011-06-10 09:30 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-10 09:30 . 2011-06-10 09:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-10 09:30 . 2011-06-10 09:30 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-10 09:30 . 2011-06-10 09:30 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-10 09:30 . 2011-06-10 09:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-10 09:30 . 2011-06-10 09:30 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-10 09:30 . 2011-06-10 09:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-10 09:30 . 2011-06-10 09:30 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-10 09:30 . 2011-06-10 09:30 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-10 09:30 . 2011-06-10 09:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-10 09:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-10 09:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-08 09:01 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-03 05:57 . 2011-07-13 04:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 11:42 . 2011-06-29 03:58 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 03:58 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 03:58 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 03:58 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 03:58 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-09 22:00 . 2011-06-13 04:03 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF937E49-696C-4895-9110-703C8D15F1C9}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-04_11.36.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-10 20:21 . 2011-08-05 02:57 26116 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-05 02:57 35562 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-08-04 04:00 35562 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-10 20:17 . 2011-08-05 02:57 7430 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1468393963-1670124420-4184208903-1000_UserData.bin
+ 2011-08-05 06:11 . 2011-08-05 06:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-04 11:36 . 2011-08-04 11:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-04 11:36 . 2011-08-04 11:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-05 06:11 . 2011-08-05 06:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-08-04 04:02 618714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-05 03:01 618714 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2011-08-05 03:01 634308 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2011-08-04 04:02 634308 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-08-04 04:02 107034 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-08-05 03:01 107034 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-08-04 04:02 122898 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-08-05 03:01 122898 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-08-04 11:35 401672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-05 06:10 401672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-11 09:34 . 2011-08-05 06:10 31882909 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1468393963-1670124420-4184208903-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2011-6-21 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-12 1431888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1468393963-1670124420-4184208903-1000Core.job
- c:\users\arch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 04:35]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1468393963-1670124420-4184208903-1000UA.job
- c:\users\arch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 04:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1875048]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: Interfaces\{BE365A2F-7948-49C5-95FC-52CFB7DD977B}: NameServer = 192.168.10.32
FF - ProfilePath - c:\users\arch\AppData\Roaming\Mozilla\Firefox\Profiles\xsp9e1ki.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2011-08-05 08:15:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-05 06:15
ComboFix2.txt 2011-08-04 11:40
.
Před spuštěním: Volných bajtů: 192 984 281 088
Po spuštění: Volných bajtů: 192 906 182 656
.
- - End Of File - - 8A98E6F068A2DF2B5FCE57A65B9D13E7
ComboFix 11-08-03.03 - arch 05.08.2011 8:08.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6786 [GMT 2:00]
Spuštěný z: c:\users\arch\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\arch\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-05 do 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 06:10 . 2011-08-05 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-05 06:10 . 2011-08-05 06:10 -------- d-----w- c:\users\CURRENT_USER\AppData\Local\temp
2011-08-04 11:29 . 2011-08-04 11:29 -------- d-----w- c:\program files (x86)\CCleaner
2011-08-04 04:12 . 2011-08-04 11:28 -------- d-----w- c:\program files\trend micro
2011-08-04 04:12 . 2011-08-04 04:12 -------- d-----w- C:\rsit
2011-08-02 06:46 . 2011-08-02 06:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-02 06:46 . 2011-05-04 02:52 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2011-08-02 06:46 . 2011-05-04 02:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-01 05:46 . 2011-08-01 05:46 -------- d-----w- c:\programdata\Abvent
2011-08-01 05:46 . 2011-08-01 05:46 -------- d-----w- c:\users\arch\AppData\Roaming\Abvent
2011-08-01 05:44 . 2011-08-01 05:49 -------- d-----w- c:\program files (x86)\Artlantis Studio 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 03:55 . 2011-05-18 04:08 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-24 06:18 . 2011-06-24 06:18 78336 ----a-r- c:\users\arch\AppData\Roaming\Microsoft\Installer\{28282EB4-E9BE-48C1-A7DF-629885E5ED49}\Icon28282EB4.exe
2011-06-10 09:30 . 2011-06-10 09:30 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-10 09:30 . 2011-06-10 09:30 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-10 09:30 . 2011-06-10 09:30 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-10 09:30 . 2011-06-10 09:30 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-10 09:30 . 2011-06-10 09:30 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-10 09:30 . 2011-06-10 09:30 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-10 09:30 . 2011-06-10 09:30 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-10 09:30 . 2011-06-10 09:30 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-10 09:30 . 2011-06-10 09:30 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-10 09:30 . 2011-06-10 09:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-10 09:30 . 2011-06-10 09:30 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-10 09:30 . 2011-06-10 09:30 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-10 09:30 . 2011-06-10 09:30 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-10 09:30 . 2011-06-10 09:30 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-10 09:30 . 2011-06-10 09:30 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-10 09:30 . 2011-06-10 09:30 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-10 09:30 . 2011-06-10 09:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-10 09:30 . 2011-06-10 09:30 448512 ----a-w- c:\windows\system32\html.iec
2011-06-10 09:30 . 2011-06-10 09:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-10 09:30 . 2011-06-10 09:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-10 09:30 . 2011-06-10 09:30 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-10 09:30 . 2011-06-10 09:30 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-10 09:30 . 2011-06-10 09:30 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-10 09:30 . 2011-06-10 09:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-10 09:30 . 2011-06-10 09:30 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-10 09:30 . 2011-06-10 09:30 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-10 09:30 . 2011-06-10 09:30 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-10 09:30 . 2011-06-10 09:30 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-10 09:30 . 2011-06-10 09:30 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-10 09:30 . 2011-06-10 09:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-10 09:30 . 2011-06-10 09:30 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-10 09:30 . 2011-06-10 09:30 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-10 09:30 . 2011-06-10 09:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-10 09:30 . 2011-06-10 09:30 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-10 09:30 . 2011-06-10 09:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-10 09:30 . 2011-06-10 09:30 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-10 09:30 . 2011-06-10 09:30 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-10 09:30 . 2011-06-10 09:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-10 09:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-10 09:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-08 09:01 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-03 05:57 . 2011-07-13 04:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 11:42 . 2011-06-29 03:58 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 03:58 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 03:58 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 03:58 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 03:58 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-05-09 22:00 . 2011-06-13 04:03 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF937E49-696C-4895-9110-703C8D15F1C9}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-04_11.36.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-10 20:21 . 2011-08-05 02:57 26116 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-05 02:57 35562 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-08-04 04:00 35562 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-10 20:17 . 2011-08-05 02:57 7430 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1468393963-1670124420-4184208903-1000_UserData.bin
+ 2011-08-05 06:11 . 2011-08-05 06:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-04 11:36 . 2011-08-04 11:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-04 11:36 . 2011-08-04 11:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-05 06:11 . 2011-08-05 06:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-08-04 04:02 618714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-05 03:01 618714 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2011-08-05 03:01 634308 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2011-08-04 04:02 634308 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-08-04 04:02 107034 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-08-05 03:01 107034 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-08-04 04:02 122898 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-08-05 03:01 122898 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2011-08-04 11:35 401672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-05 06:10 401672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-11 09:34 . 2011-08-05 06:10 31882909 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1468393963-1670124420-4184208903-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2011-6-21 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-12 1431888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1468393963-1670124420-4184208903-1000Core.job
- c:\users\arch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 04:35]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1468393963-1670124420-4184208903-1000UA.job
- c:\users\arch\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 04:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1875048]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: Interfaces\{BE365A2F-7948-49C5-95FC-52CFB7DD977B}: NameServer = 192.168.10.32
FF - ProfilePath - c:\users\arch\AppData\Roaming\Mozilla\Firefox\Profiles\xsp9e1ki.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2011-08-05 08:15:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-05 06:15
ComboFix2.txt 2011-08-04 11:40
.
Před spuštěním: Volných bajtů: 192 984 281 088
Po spuštění: Volných bajtů: 192 906 182 656
.
- - End Of File - - 8A98E6F068A2DF2B5FCE57A65B9D13E7
Re: Prosím o pomoc
Ahojky, nepořádek je pryč 
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Re: Prosím o pomoc
Vše je OK. Díky za pomoc
Přispějete na provoz fóra?