Dalsi nachytany na FB

Zpráva

jirka42 · #1 Příspěvek od **jirka42** » 31 říj 2011 14:10

Dobry den,
zadam o pomoc a predem dekuji za ochotu, stahnul jsem si tu virovou aktualizaci
toho Adobe, ted mi moc nefunguje pocitac, hlavne nefunguje facebook a pry stale ten to vir rozesila dal i
kdyz ja se prihlasit nemuzu,... dekuju

tady je z meho pocitace ten DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Jirka at 13:57:46 on 2011-10-31
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe
C:\windows\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\update.5.0\svchost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\update.2\svchost.exe
C:\windows\update.5.0\svchost.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Android-Sync\AndroidSync.exe
C:\Windows\update.tray-9-0\svchost.exe
C:\windows\sysdriver32.exe
C:\Windows\update.tray-12-0\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\update.1\svchost.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\update.2\svchost.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nexus Radio\Nexus Radio.exe
C:\Program Files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Android-Sync\bin\adb.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\update.2\svchost.exe
C:\windows\update.2\svchost.exe
C:\windows\system32\DllHost.exe
C:\windows\update.2\svchost.exe
C:\windows\update.2\svchost.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Users\Jirka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Jirka\Downloads\dds.com
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k WindowsMobile
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uDefault_Page_URL = hxxp://www.bing.com
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100326202849.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\jirka\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [scheduler_monitor] c:\program files\reaconverter 5.5 pro\init_scheduler.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Nexus Radio] c:\program files\nexus radio\Nexus Radio.exe -0
uRun: [BlazeServoTool] "c:\program files\blazevideo\blazedtv 6.0\MediaDetector.exe"
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [McAfee Managed Services Tray] c:\program files\mcafee\managed virusscan\desktopui\XTray.Exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [PDFHook] c:\program files\nuance\pdf professional 6\pdfpro6hook.exe
mRun: [PDF6 Registry Controller] c:\program files\nuance\pdf professional 6\RegistryController.exe
mRun: [Nuance PDF Reader-reminder] "c:\program files\nuance\pdf reader\ereg\ereg.exe" -r "c:\programdata\nuance\pdf reader\ereg\Ereg.ini"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [AndroidSync] c:\program files\android-sync\AndroidSync.exe -m
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [wxpdrv] c:\windows\services32.exe
mRun: [tray_ico]
mRun: [tray_ico0] c:\windows\update.tray-9-0\svchost.exe
mRun: [tray_ico1] c:\windows\update.tray-12-0\svchost.exe
mRun: [tray_ico2]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [171808.exe] "c:\windows\temp\171808.exe"
mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv
mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv
mRun: [2426792.exe] "c:\windows\temp\2426792.exe"
mRun: [5803970.exe] "c:\windows\temp\5803970.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Open with Nuance PDF Converter 6.0 - c:\program files\nuance\pdf professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{CB486852-9D2B-4948-B696-7FE858CF1A18} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{CB486852-9D2B-4948-B696-7FE858CF1A18}\07C61657469647 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{CB486852-9D2B-4948-B696-7FE858CF1A18}\2416D6265737 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{CB486852-9D2B-4948-B696-7FE858CF1A18}\4557F596F545562716A7 : DhcpNameServer = 192.168.2.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-10-30 21:09:26 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-10-30 21:09:26 -------- d--h--w- c:\windows\update.tray-12-0
2011-10-30 21:06:56 -------- d--h--w- c:\programdata\Common Files
2011-10-30 21:05:24 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-30 20:41:33 -------- d-----w- c:\programdata\MFAData
2011-10-30 14:18:44 -------- d-----w- c:\windows\rpcminer
2011-10-30 14:18:44 -------- d-----w- c:\windows\phoenix
2011-10-30 14:17:33 -------- d--h--w- c:\windows\update.5.0
2011-10-30 14:17:02 -------- d--h--w- c:\windows\update.2
2011-10-30 14:16:59 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 14:16:06 258048 ----a-w- c:\windows\sysdriver32_.exe
2011-10-30 14:15:52 258048 ----a-w- c:\windows\sysdriver32.exe
2011-10-30 14:15:11 -------- d-----w- c:\windows\av_ico
2011-10-30 14:13:58 -------- d--h--w- c:\windows\update.1
2011-10-30 14:13:50 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-10-30 14:13:50 -------- d--h--w- c:\windows\update.tray-9-0
2011-10-30 14:02:26 1109504 ----a-w- c:\windows\services32.exe
2011-10-26 21:16:08 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-10-16 21:10:01 -------- d-----w- c:\users\jirka\appdata\local\LitexMedia
2011-10-16 21:10:01 -------- d-----w- c:\program files\LitexMedia
2011-10-11 22:19:02 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 22:19:02 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 22:19:01 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 22:19:01 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-10 09:03:34 -------- d-----w- c:\program files\Free WMA to MP3 Converter
2011-10-10 08:07:39 -------- d-----w- c:\users\jirka\appdata\local\{B2C7CB47-EC1E-4375-A3C2-798B0542745A}
2011-10-10 08:07:25 -------- d-----w- c:\users\jirka\appdata\local\{F982CB6C-5BF0-43E2-9B79-6671F812C423}
2011-10-08 13:38:10 -------- d-----w- c:\users\jirka\appdata\local\{0D50DB3D-F7FC-4164-B31A-5DECAFFE9F13}
2011-10-08 13:37:57 -------- d-----w- c:\users\jirka\appdata\local\{18B28714-E6C8-40EC-81C5-383C792723D4}
.
==================== Find3M ====================
.
2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-13 05:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 02:28:37 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-08-20 04:31:05 981504 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 14:00:32,96 ===============

jirka42 · #2 Příspěvek od **jirka42** » 31 říj 2011 14:21

mám jeste pridat ten druhej log?
dekuji

#3 Příspěvek od **vyosek** » 31 říj 2011 14:25

Zdravim a pekny den preji

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost 2 a potvrte enterem
Utilita provede svou cinnost a da log - ten sem vlozte
Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

jirka42 · #4 Příspěvek od **jirka42** » 31 říj 2011 14:29

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Jirka [Admin rights]
Mode: Remove -- Date : 10/31/2011 14:28:48

Bad processes: 17
[HJ NAME] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.tray-9-0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.tray-12-0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- c:\windows\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermProc]
[SERVICE] srvbtcclient -- C:\windows\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\windows\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\windows\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\windows\update.1\svchost.exe srv -> STOPPED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED [TermThr]

Registry Entries: 23
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\windows\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\windows\update.tray-9-0\svchost.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico1 (C:\windows\update.tray-12-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 171808.exe ("C:\Windows\Temp\171808.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\windows\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\windows\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2426792.exe ("C:\Windows\Temp\2426792.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5803970.exe ("C:\Windows\Temp\5803970.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\windows\update.1\svchost.exe srv) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED ()
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

Particular Files / Folders:

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

jirka42 · #5 Příspěvek od **jirka42** » 31 říj 2011 14:30

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Jirka [Admin rights]
Mode: HOSTSFix -- Date : 10/31/2011 14:30:16

Bad processes: 0

Driver: [LOADED]

HOSTS File:
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

jirka42 · #6 Příspěvek od **jirka42** » 31 říj 2011 14:31

RogueKiller V6.1.5 [10/29/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Jirka [Admin rights]
Mode: ProxyFix -- Date : 10/31/2011 14:31:02

Bad processes: 0

Driver: [LOADED]

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#7 Příspěvek od **vyosek** » 31 říj 2011 16:51

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

jirka42 · #8 Příspěvek od **jirka42** » 01 lis 2011 20:09

ComboFix 11-11-01.02 - Jirka 01.11.2011 11:50:25.1.2 - x86
Spuštěný z: c:\users\Jirka\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Thumbs.db
c:\users\Jirka\Desktop\Setup.exe
c:\windows\av_ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\security\Database\tmp.edb
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-01 do 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 11:06 . 2011-11-01 11:07 -------- d-----w- c:\users\Jirka\AppData\Local\temp
2011-11-01 11:06 . 2011-11-01 11:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-31 16:41 . 2011-10-31 16:59 -------- d-----w- c:\users\Jirka\AppData\Roaming\Spider Player
2011-10-31 16:41 . 2011-10-31 16:41 -------- d-----w- c:\program files\Spider Player
2011-10-31 15:26 . 2011-10-31 15:26 -------- d-----w- c:\users\Jirka\AppData\Local\Facebook
2011-10-31 13:27 . 2011-10-31 13:41 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-30 21:09 . 2011-10-30 21:09 -------- d--h--w- c:\windows\update.tray-12-0
2011-10-30 21:06 . 2011-10-30 21:06 -------- d--h--w- c:\programdata\Common Files
2011-10-30 21:05 . 2011-10-30 21:05 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-30 20:41 . 2011-10-31 09:50 -------- d-----w- c:\programdata\MFAData
2011-10-30 14:16 . 2011-10-30 14:18 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 14:13 . 2011-10-30 14:13 -------- d--h--w- c:\windows\update.tray-9-0
2011-10-30 14:06 . 2011-10-30 14:06 -------- d-----w- c:\program files\Common Files\Adobe
2011-10-26 21:16 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-20 21:30 . 2011-10-21 22:44 -------- d-----w- c:\users\Jirka\AppData\Roaming\dvdcss
2011-10-16 21:10 . 2011-10-16 21:10 -------- d-----w- c:\users\Jirka\AppData\Local\LitexMedia
2011-10-16 21:10 . 2011-10-16 21:10 -------- d-----w- c:\program files\LitexMedia
2011-10-11 22:19 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 22:19 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 22:19 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 22:19 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-10 09:03 . 2011-10-16 13:42 -------- d-----w- c:\program files\Free WMA to MP3 Converter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 05:30 . 2011-09-13 05:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-08 05:08 . 2011-08-08 05:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Nexus Radio"="c:\program files\Nexus Radio\Nexus Radio.exe" [2010-11-03 4701696]
"BlazeServoTool"="c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" [2009-07-07 282624]
"Facebook Update"="c:\users\Jirka\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-31 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-28 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 166936]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-29 495708]
"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-11-13 1277952]
"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-11-03 110880]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"AndroidSync"="c:\program files\Android-Sync\AndroidSync.exe" [2011-09-22 5171200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-02-08 83912]
R3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-31 111872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-06 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-02-08 160912]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [2009-03-03 81920]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-28 265272]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-11-03 134944]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-29 997408]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2010-01-30 05:45 73344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001Core.job
- c:\users\Jirka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-31 15:26]
.
2011-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001UA.job
- c:\users\Jirka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-31 15:26]
.
2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 16:01]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001UA.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 16:01]
.
2011-10-25 c:\windows\Tasks\HPCeeScheduleForJirka.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
mStart Page = hxxp://www.bing.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
HKLM-Run-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.Exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-AVG - c:\program files\AVG\AVG2012\avgmfapx.exe
AddRemove-McAfee Personal Firewall Plus API - c:\program files\Common Files\McAfee\Installer\mcinst.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-386202631-4125819684-694886973-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{035056D1-2A28-928D-786D-08CF782E9CF7}*]
"dafbibfp"=hex:64,62,67,6c,70,66,63,6c,70,68,61,6a,62,6a,6e,61,6f,64,64,6f,69,
68,6e,69,67,6f,63,6d,6b,6a,63,67,64,66,62,65,69,64,69,62,00,00
"iaklnbndjnfhkifoga"=hex:69,61,6c,67,62,69,61,6b,66,69,6a,6a,62,63,67,68,67,63,
00,00
"haelppiahfeccbjb"=hex:6b,61,70,67,6d,62,6f,65,6e,70,6f,6e,6f,6e,6f,62,63,64,
6d,63,64,63,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-11-01 12:22:49
ComboFix-quarantined-files.txt 2011-11-01 11:22
.
Před spuštěním: Volných bajtů: 110 524 059 648
Po spuštění: Volných bajtů: 111 034 376 192
.
- - End Of File - - 09CB38124C3813121D169641B2BBAEDA

#9 Příspěvek od **vyosek** » 01 lis 2011 20:26

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
c:\windows\update.tray-9-0
c:\program files\icq6toolbar
c:\users\Jirka\AppData\Local\Facebook\Update

File::
c:\windows\unrar.exe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001UA.job
c:\windows\Tasks\HPCeeScheduleForJirka.job

Drver::
ICQ Service

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1750559
uDefault_Page_URL = hxxp://www.bing.com
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
mURLSearchHooks: H - No File
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
mRun: [NeroFilterCheck]
mRun: [SunJavaUpdateSched]
mRun: [QuickTime Task]
mRun: [iTunesHelper]
mRun: [Adobe ARM]
mRun: [wxpdrv] c:\windows\services32.exe
mRun: [tray_ico]
mRun: [tray_ico0] c:\windows\update.tray-9-0\svchost.exe
mRun: [tray_ico1] c:\windows\update.tray-12-0\svchost.exe
mRun: [tray_ico2]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [171808.exe] "c:\windows\temp\171808.exe"
mRun: [sysdriver32.exe] "c:\windows\sysdriver32.exe" rezerv
mRun: [sysdriver32_.exe] "c:\windows\sysdriver32_.exe" rezerv
mRun: [2426792.exe] "c:\windows\temp\2426792.exe"
mRun: [5803970.exe] "c:\windows\temp\5803970.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
2011-10-30 21:09:26 -------- d--h--w- c:\windows\update.tray-12-0-lnk
2011-10-30 21:09:26 -------- d--h--w- c:\windows\update.tray-12-0
2011-10-30 14:18:44 -------- d-----w- c:\windows\rpcminer
2011-10-30 14:18:44 -------- d-----w- c:\windows\phoenix
2011-10-30 14:17:33 -------- d--h--w- c:\windows\update.5.0
2011-10-30 14:17:02 -------- d--h--w- c:\windows\update.2
2011-10-30 14:16:59 246272 ----a-w- c:\windows\unrar.exe
2011-10-30 14:16:06 258048 ----a-w- c:\windows\sysdriver32_.exe
2011-10-30 14:15:52 258048 ----a-w- c:\windows\sysdriver32.exe
2011-10-30 14:15:11 -------- d-----w- c:\windows\av_ico
2011-10-30 14:13:58 -------- d--h--w- c:\windows\update.1
2011-10-30 14:13:50 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-10-30 14:13:50 -------- d--h--w- c:\windows\update.tray-9-0
2011-10-30 14:02:26 1109504 ----a-w- c:\windows\services32.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:0000000é
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000

RegNull::
[HKEY_USERS\S-1-5-21-386202631-4125819684-694886973-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{035056D1-2A28-928D-786D-08CF782E9CF7}*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

jirka42 · #10 Příspěvek od **jirka42** » 01 lis 2011 23:25

ComboFix 11-11-01.02 - Jirka 01.11.2011 22:55:19.2.2 - x86
Spuštěný z: c:\users\Jirka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jirka\Desktop\CFScript.txt
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001UA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001UA.job"
"c:\windows\Tasks\HPCeeScheduleForJirka.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\bs_player\tbBS_P.dll
c:\program files\icq6toolbar
c:\program files\icq6toolbar\config.xml
c:\program files\icq6toolbar\Icons.bmp
c:\program files\icq6toolbar\ICQ Service.exe
c:\program files\icq6toolbar\icq6Toolbar.ico
c:\program files\icq6toolbar\ICQToolBar.dll
c:\program files\icq6toolbar\ICQUnToolbar.exe
c:\program files\icq6toolbar\logo_small.gif
c:\program files\icq6toolbar\ServiceStarter.exe
c:\program files\icq6toolbar\short.wav
c:\program files\icq6toolbar\Version.txt
c:\users\Jirka\AppData\Local\Facebook\Update
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\Jirka\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\Jirka\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-386202631-4125819684-694886973-1001UA.job
c:\windows\Tasks\HPCeeScheduleForJirka.job
c:\windows\unrar.exe
c:\windows\update.tray-12-0\svchost.exe
c:\windows\update.tray-9-0
c:\windows\update.tray-9-0\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ICQ Service
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-01 do 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 22:10 . 2011-11-01 22:12 -------- d-----w- c:\users\Jirka\AppData\Local\temp
2011-10-31 16:41 . 2011-10-31 16:59 -------- d-----w- c:\users\Jirka\AppData\Roaming\Spider Player
2011-10-31 16:41 . 2011-10-31 16:41 -------- d-----w- c:\program files\Spider Player
2011-10-31 15:26 . 2011-10-31 15:26 -------- d-----w- c:\users\Jirka\AppData\Local\Facebook
2011-10-31 13:27 . 2011-10-31 13:41 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-30 21:09 . 2011-11-01 22:06 -------- d--h--w- c:\windows\update.tray-12-0
2011-10-30 21:06 . 2011-10-30 21:06 -------- d--h--w- c:\programdata\Common Files
2011-10-30 21:05 . 2011-10-30 21:05 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-30 20:41 . 2011-10-31 09:50 -------- d-----w- c:\programdata\MFAData
2011-10-30 14:06 . 2011-10-30 14:06 -------- d-----w- c:\program files\Common Files\Adobe
2011-10-26 21:16 . 2011-08-13 04:18 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-20 21:30 . 2011-10-21 22:44 -------- d-----w- c:\users\Jirka\AppData\Roaming\dvdcss
2011-10-16 21:10 . 2011-10-16 21:10 -------- d-----w- c:\users\Jirka\AppData\Local\LitexMedia
2011-10-16 21:10 . 2011-10-16 21:10 -------- d-----w- c:\program files\LitexMedia
2011-10-11 22:19 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 22:19 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 22:19 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 22:19 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-10 09:03 . 2011-10-16 13:42 -------- d-----w- c:\program files\Free WMA to MP3 Converter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-13 05:30 . 2011-09-13 05:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-08-08 05:08 . 2011-08-08 05:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-01_11.07.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-27 02:44 . 2011-11-01 19:08 58646 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-11-01 22:13 49322 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-05 15:43 . 2011-11-01 22:13 15118 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-386202631-4125819684-694886973-1001_UserData.bin
- 2010-09-05 23:34 . 2011-11-01 10:18 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-05 23:34 . 2011-11-01 19:06 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2011-11-01 19:06 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-11-01 10:18 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-05 15:58 . 2011-11-01 10:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-05 15:58 . 2011-11-01 22:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-05 15:58 . 2011-11-01 22:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-05 15:58 . 2011-11-01 10:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-05 15:58 . 2011-11-01 10:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-05 15:58 . 2011-11-01 22:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-05 15:58 . 2011-11-01 11:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-05 15:58 . 2011-11-01 22:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-05 15:58 . 2011-11-01 11:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-05 15:58 . 2011-11-01 22:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-01 10:18 . 2011-11-01 10:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-01 19:06 . 2011-11-01 22:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-01 10:18 . 2011-11-01 10:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-01 19:06 . 2011-11-01 22:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-06 16:55 . 2011-11-01 21:37 290188 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 04:47 . 2011-10-31 16:59 472168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-11-01 11:30 472168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-09-05 23:34 . 2011-11-01 10:18 1064960 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-05 23:34 . 2011-11-01 19:06 1064960 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"scheduler_monitor"="c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 27136]
"Nexus Radio"="c:\program files\Nexus Radio\Nexus Radio.exe" [2010-11-03 4701696]
"BlazeServoTool"="c:\program files\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" [2009-07-07 282624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-28 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 166936]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-29 495708]
"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-11-13 1277952]
"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-11-03 110880]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"AndroidSync"="c:\program files\Android-Sync\AndroidSync.exe" [2011-09-22 5171200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-02-08 83912]
R3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 558592]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-31 111872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-06 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-02-08 160912]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [2009-03-03 81920]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-28 265272]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-11-03 134944]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-29 997408]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2010-01-30 05:45 73344]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-Facebook Update - c:\users\Jirka\AppData\Local\Facebook\Update\FacebookUpdate.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3612)
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL
c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNFPS.DLL
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
.
**************************************************************************
.
Celkový čas: 2011-11-01 23:23:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-01 22:23
ComboFix2.txt 2011-11-01 11:22
.
Před spuštěním: Volných bajtů: 111 070 433 280
Po spuštění: Volných bajtů: 110 830 739 456
.
- - End Of File - - 6167DC4A3DC0E84D3560C8A11CF4CF8D

#11 Příspěvek od **vyosek** » 02 lis 2011 11:16

Jeste jeden log pro ComboFix - postup je stejny

Kód: Vybrat vše

KillAll::

Folder::
c:\windows\update.tray-12-0

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000

Reboot::

VIRY.CZ

Dalsi nachytany na FB

Dalsi nachytany na FB

Re: Dalsi nachytany na FB

Re: Dalsi nachytany na FB

Re: Dalsi nachytany na FB

Re: Dalsi nachytany na FB

Re: Dalsi nachytany na FB

Re: Dalsi nachytany na FB

Re: Dalsi nachytany na FB

Re: Dalsi nachytany na FB

Re: Dalsi nachytany na FB

Re: Dalsi nachytany na FB