dobrý den, prosím o kontrolu, padá mi opět prohlížeč a dokonce se mi už i PC samovolně restartoval.
Posílám LOg:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-09-22 20:21:25
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 100 GB (63%) free of 159 GB
Total RAM: 2047 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:21:31, on 22.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Admin\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Admin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8321497843
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Aladdin SQL Server - Unknown owner - C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe
--
End of file - 8506 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default
prefs.js - "browser.startup.homepage" - "http:/www.seznam.cz"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX® Web Player
"Path"=C:\WINDOWS\system32\C2MP\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\extensions\
2020Player@2020Technologies.com
engine@conduit.com
jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack
pavel.sherbakov@gmail.com
superstart@enjoyfreeware.org
toolbar@ask.com
{1392b8d2-5c05-419f-a8f6-b9f15a596612}
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\
askcom.xml
conduit.xml
icq-search.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-24.xml
icqplugin-25.xml
icqplugin-26.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-11 8429568]
"nwiz"=nwiz.exe /install []
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-04-07 2145000]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2012-07-03 973488]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.5\ICQ.exe [2011-08-01 124480]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
GIGABYTE VGA Utility.lnk - C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\Admin\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=divx.dll
"vidc.yv12"=divx.dll
"msacm.ac3filter"=ac3filter.acm
"vidc.xvid"=xvidvfw.dll
"vidc.ffds"=ff_vfw.dll
"vidc.vp60"=vp6vfw.dll
"vidc.vp61"=vp6vfw.dll
"vidc.vp62"=vp6vfw.dll
"vidc.hfyu"=huffyuv.dll
"msacm.ac3acm"=AC3ACM.acm
"msacm.at3"=atrac3.acm
"msacm.divxa32"=DivXa32.acm
"msacm.lameacm"=LameACM.acm
"VIDC.FMVC"=fmcodec.dll
"msacm.l3codecp"=
======List of files/folders created in the last 1 month======
2012-09-22 20:21:25 ----D---- C:\rsit
2012-09-22 16:54:56 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2012-09-22 16:54:51 ----D---- C:\Program Files\MultiTranse
2012-09-22 16:02:34 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2012-09-22 16:02:05 ----D---- C:\Program Files\TuneUp Utilities 2012
2012-09-22 16:01:32 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-09-22 15:59:43 ----SHD---- C:\Config.Msi
2012-09-12 20:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
2012-09-09 16:59:13 ----D---- C:\My PDF
2012-09-09 16:58:46 ----D---- C:\Program Files\Weeny Free PDF to Image Converter
======List of files/folders modified in the last 1 month======
2012-09-22 20:21:31 ----D---- C:\Program Files\trend micro
2012-09-22 20:21:26 ----D---- C:\WINDOWS\temp
2012-09-22 20:18:25 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2012-09-22 20:17:57 ----D---- C:\WINDOWS\system32\drivers
2012-09-22 20:17:39 ----D---- C:\WINDOWS
2012-09-22 20:17:02 ----D---- C:\WINDOWS\system32
2012-09-22 20:16:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-09-22 20:00:59 ----HD---- C:\WINDOWS\inf
2012-09-22 20:00:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-09-22 20:00:50 ----D---- C:\Program Files\Internet Explorer
2012-09-22 20:00:45 ----D---- C:\WINDOWS\system32\CatRoot2
2012-09-22 20:00:32 ----D---- C:\WINDOWS\Prefetch
2012-09-22 20:00:28 ----HD---- C:\WINDOWS\$hf_mig$
2012-09-22 16:54:51 ----RD---- C:\Program Files
2012-09-22 16:02:35 ----SHD---- C:\WINDOWS\Installer
2012-09-22 16:02:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2012-09-22 16:02:18 ----D---- C:\Documents and Settings\Admin\Data aplikací\TuneUp Software
2012-09-22 15:50:25 ----D---- C:\Program Files\Mozilla Firefox
2012-09-22 15:45:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-09-21 11:47:23 ----A---- C:\WINDOWS\NeroDigital.ini
2012-09-16 15:35:27 ----D---- C:\Documents and Settings\Admin\Data aplikací\VSO
2012-09-12 21:56:43 ----D---- C:\WINDOWS\Debug
2012-09-12 20:00:26 ----A---- C:\WINDOWS\system32\MRT.exe
2012-09-08 20:31:12 ----D---- C:\Program Files\CCleaner
2012-09-06 13:38:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2012-09-02 15:51:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-09-02 10:09:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-09-02 10:09:49 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-28 20:48:50 ----A---- C:\WINDOWS\system32\ieframe.dll
2012-08-28 17:18:59 ----A---- C:\WINDOWS\system32\wininet.dll
2012-08-28 17:18:58 ----N---- C:\WINDOWS\system32\occache.dll
2012-08-28 17:18:58 ----A---- C:\WINDOWS\system32\urlmon.dll
2012-08-28 17:18:58 ----A---- C:\WINDOWS\system32\url.dll
2012-08-28 17:18:57 ----A---- C:\WINDOWS\system32\mstime.dll
2012-08-28 17:18:57 ----A---- C:\WINDOWS\system32\mshtmled.dll
2012-08-28 17:18:57 ----A---- C:\WINDOWS\system32\mshtml.dll
2012-08-28 17:18:54 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2012-08-28 17:18:54 ----A---- C:\WINDOWS\system32\msfeeds.dll
2012-08-28 17:18:53 ----N---- C:\WINDOWS\system32\jsproxy.dll
2012-08-28 17:18:53 ----A---- C:\WINDOWS\system32\licmgr10.dll
2012-08-28 17:18:51 ----A---- C:\WINDOWS\system32\iertutil.dll
2012-08-28 17:18:50 ----A---- C:\WINDOWS\system32\iepeers.dll
2012-08-28 17:18:45 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2012-08-28 14:07:34 ----N---- C:\WINDOWS\system32\ie4uinit.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-10-18 105472]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-04-06 20640]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-04-07 55232]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-07 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-04-07 134488]
R2 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-01-27 50704]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-04-07 32584]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-11 6738432]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys []
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Aladdin SQL Server;Aladdin SQL Server; C:\Program Files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [2012-08-17 140736]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2006-11-08 274520]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2006-11-08 118870]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fb_inet_server.exe [2010-09-17 3727360]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-11 163908]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-11-18 1510720]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-03 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 250568]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-04-07 33560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-10 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-03 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [2009-03-16 6562432]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2006-11-08 262247]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu- padá opět prohlížeč
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Prosím o kontrolu- padá opět prohlížeč
,,Poctivost nelze rozdělit na kousky.Buď je a nebo není."(Honoré de Balzac)
Re: Prosím o kontrolu- padá opět prohlížeč
Zdravím, stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Re: Prosím o kontrolu- padá opět prohlížeč
ComboFix 12-09-23.01 - Admin 23.09.2012 9:48.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1313 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-23 do 2012-09-23 )))))))))))))))))))))))))))))))
.
.
2012-09-22 18:21 . 2012-09-22 18:21 -------- d-----w- C:\rsit
2012-09-22 14:54 . 2012-09-22 15:15 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-09-22 14:54 . 2012-09-22 14:54 -------- d-----w- c:\program files\MultiTranse
2012-09-22 14:02 . 2011-11-18 12:37 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-22 14:02 . 2012-09-22 14:05 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-09-22 14:01 . 2012-09-22 14:01 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-09-09 14:59 . 2012-09-22 11:50 -------- d-----w- C:\My PDF
2012-09-09 14:58 . 2012-09-09 14:58 -------- d-----w- c:\program files\Weeny Free PDF to Image Converter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2009-10-14 11:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 08:09 . 2012-04-13 04:13 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-02 08:09 . 2011-06-15 04:17 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-07-21 15:17 . 2012-07-21 15:17 421888 ------w- c:\windows\Setup1.exe
2012-07-21 15:17 . 2012-07-21 15:17 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-07-21 15:17 . 2012-07-21 15:17 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-09-09 09:56 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-30 06:46 . 2012-07-29 18:05 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-01 15:38 . 2012-07-18 11:35 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"nwiz"="nwiz.exe" [2007-05-10 1626112]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-07 981656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\
GIGABYTE VGA Utility.lnk - c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2009-9-9 40960]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-9-9 155648]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28 124480 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
R2 Aladdin SQL Server;Aladdin SQL Server;c:\program files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [20.7.2012 22:34 140736]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.4.2010 21:07 810120]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fb_inet_server.exe [20.7.2012 18:43 3727360]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27.1.2010 4:09 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [18.11.2011 14:37 1510720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14.10.2009 13:41 22856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [8.11.2011 21:25 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.11.2010 23:41 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14.10.2009 13:41 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13.4.2012 6:13 250568]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.11.2010 23:41 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6.5.2012 7:14 113120]
S3 TVICHW32;TVICHW32;\??\c:\windows\system32\DRIVERS\TVICHW32.SYS --> c:\windows\system32\DRIVERS\TVICHW32.SYS [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSCHEDULER
*Deregistered* - MBAMSwissArmy
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 08:09]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 21:41]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 21:41]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http:/www.seznam.cz
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-23 09:52
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
"ImagePath"="\"c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe\"\00xża\02\00\00\00\00ČŞ/\03\00\00™\03pč\13\00\00\00\00\00\01\15\00`Ą0\03˙˙˙˙\18\02\15\00ę\1b€|\08”
[\00\14š\03ú\1b€|\00\00ŮsYM|"
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,da,b0,01,49,af,35,49,82,78,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,da,b0,01,49,af,35,49,82,78,1d,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="1D7AB883B73BF6B86D9B3FCEF5020B881715A7FEE16DAFEB42296D5E0B95519E4A14F3FE715559E8B9165BD4C3048B1852D9DC96B4FE6A52289E39F35C052E2C4DC0B71AAC5749978A80B308F0397FA0AA2CBCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E6679DB7CE019D40AA5CB2F2C6C7D4B0C8245F61BDCC0CB82FEBBE9FD44F82634DB471F8304B83A9CBDCDAB906DDF9E2C0C2F9AE91E2368F56DA88BCDE117637B9E7F87EE1BAC44ED7B22F7ADE0D9F34F15C1EE1256AFC3D7FB9A7E813CF11C9D5C35124F3C86D743596CD78257C6E4C90FEC8298E3DF49EAE1612DC6D3273509E7712C7E88FCE4AF478895EFED783F2DEF82914BB3828377EC1F6AFBD69B6A822F583AE95AD2C263B8BE737E74E6F9438DFA2986ABA952B9FD1B6E2A92565500373A28024C5BDFDBEC624F32E943842870B4C91AF29ADC5D11EE4D52A1CFE69FA6BA14791FD2FEDCC642D68F36256315117F2BB72ED59746DC5C8D18B86753CD29BE6F23082213747E4A44D30F1373AA8639436EE756FC8DA29E1FEEDA330B26C868A58A600A83C200BE240AE83BBD93716658935AEBF79186C5E6D48330ADBB8F05B2C6DAACA06DFDD703F0E5BB7313B14CD1EA8108BDE3A79A30FE0FC53EB40E6D90BD33906BF24290CAF3F417585058CE7BF01110A78657D4AB9D5C9CDB79C35BBF479E449391C7BA85A0C7F3240F96E83224AAF6467D36A9F2818E631BA0070E94D556DF9E68C276D6C8C671EEC136D2459646A3871D3F3A2F7EAA5A695AAEA045AB2156DDF4DC434F3314C5EBDDD0382DF02489701C814082E69DCCF88F5C059C8AB237262CB2F0B683C040D85FBEA09912C510AA3A8873A2E7E653FFCCC5170A6B5E048CA8705B520446C36BF2324D731BF90088CFB5052C36B1DF97B2EBC83E8159EA21F93A92AD6B3645A879BF24164E9197F0FE233241DC5E5FC352C6AFD66E2AE29089A44122FC9CFEF9E42E1CEB2AEFCD3A690B8334CF5A5B67BF004045A0E66F7CE57BFCC2C9995DE6A8AB93A8AE7575AF1C82EB74937458A4535F7E8E2D72120E5194C6DB60A228471778DF3BE3FC25C3166251E6C1DB14F2E4977B785D5BDA45FC65B399AD5E3B263A2AE1F0236E119CB59F207740A5E4F751079ACA8F19F7DF457A5AC880B502C90BAB8136F9F58424B2230478538C0CAFC80B83B18EAAB1781562674158CDDAD6C80055C84A34EFCDC58BAE624B2D0724CA7B28703D04ED104659A73B891886091C73439A23EF0E4D1A5B3A2BB5C0E718D23A96A7D8AF50222B708BFCFA4D0E7BB7BAB1E0EBDF08622C6FEEA9AE8F8DE9026A2727D5214EDA29634A51A25B8D7CC9813B171470364661146E4F2E118CBC779E961DEB49F53"
.
Celkový čas: 2012-09-23 09:54:17
ComboFix-quarantined-files.txt 2012-09-23 07:54
.
Před spuštěním: Volných bajtů: 104 614 526 976
Po spuštění: Volných bajtů: 104 620 871 680
.
- - End Of File - - 3D86D141F8A091260D400485E91001B0
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1313 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-23 do 2012-09-23 )))))))))))))))))))))))))))))))
.
.
2012-09-22 18:21 . 2012-09-22 18:21 -------- d-----w- C:\rsit
2012-09-22 14:54 . 2012-09-22 15:15 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-09-22 14:54 . 2012-09-22 14:54 -------- d-----w- c:\program files\MultiTranse
2012-09-22 14:02 . 2011-11-18 12:37 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-22 14:02 . 2012-09-22 14:05 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-09-22 14:01 . 2012-09-22 14:01 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-09-09 14:59 . 2012-09-22 11:50 -------- d-----w- C:\My PDF
2012-09-09 14:58 . 2012-09-09 14:58 -------- d-----w- c:\program files\Weeny Free PDF to Image Converter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2009-10-14 11:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-02 08:09 . 2012-04-13 04:13 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-02 08:09 . 2011-06-15 04:17 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:18 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-07-21 15:17 . 2012-07-21 15:17 421888 ------w- c:\windows\Setup1.exe
2012-07-21 15:17 . 2012-07-21 15:17 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-07-21 15:17 . 2012-07-21 15:17 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-09-09 09:56 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-30 06:46 . 2012-07-29 18:05 81920 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-01 15:38 . 2012-07-18 11:35 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"nwiz"="nwiz.exe" [2007-05-10 1626112]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-07 981656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\documents and settings\Admin\Nabídka Start\Programy\Po spuštění\
GIGABYTE VGA Utility.lnk - c:\documents and settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2009-9-9 40960]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-9-9 155648]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28 124480 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Documents and Settings\\Admin\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
R2 Aladdin SQL Server;Aladdin SQL Server;c:\program files\Aladdin\Aladdin SQL Server\AladdinSQL.exe [20.7.2012 22:34 140736]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.4.2010 21:07 810120]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fb_inet_server.exe [20.7.2012 18:43 3727360]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27.1.2010 4:09 50704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [18.11.2011 14:37 1510720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14.10.2009 13:41 22856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [8.11.2011 21:25 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.11.2010 23:41 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14.10.2009 13:41 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13.4.2012 6:13 250568]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.11.2010 23:41 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6.5.2012 7:14 113120]
S3 TVICHW32;TVICHW32;\??\c:\windows\system32\DRIVERS\TVICHW32.SYS --> c:\windows\system32\DRIVERS\TVICHW32.SYS [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSCHEDULER
*Deregistered* - MBAMSwissArmy
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 08:09]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 21:41]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-03 21:41]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http:/www.seznam.cz
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-23 09:52
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
"ImagePath"="\"c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe\"\00xża\02\00\00\00\00ČŞ/\03\00\00™\03pč\13\00\00\00\00\00\01\15\00`Ą0\03˙˙˙˙\18\02\15\00ę\1b€|\08”
[\00\14š\03ú\1b€|\00\00ŮsYM|"
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,da,b0,01,49,af,35,49,82,78,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,da,b0,01,49,af,35,49,82,78,1d,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="1D7AB883B73BF6B86D9B3FCEF5020B881715A7FEE16DAFEB42296D5E0B95519E4A14F3FE715559E8B9165BD4C3048B1852D9DC96B4FE6A52289E39F35C052E2C4DC0B71AAC5749978A80B308F0397FA0AA2CBCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E6679DB7CE019D40AA5CB2F2C6C7D4B0C8245F61BDCC0CB82FEBBE9FD44F82634DB471F8304B83A9CBDCDAB906DDF9E2C0C2F9AE91E2368F56DA88BCDE117637B9E7F87EE1BAC44ED7B22F7ADE0D9F34F15C1EE1256AFC3D7FB9A7E813CF11C9D5C35124F3C86D743596CD78257C6E4C90FEC8298E3DF49EAE1612DC6D3273509E7712C7E88FCE4AF478895EFED783F2DEF82914BB3828377EC1F6AFBD69B6A822F583AE95AD2C263B8BE737E74E6F9438DFA2986ABA952B9FD1B6E2A92565500373A28024C5BDFDBEC624F32E943842870B4C91AF29ADC5D11EE4D52A1CFE69FA6BA14791FD2FEDCC642D68F36256315117F2BB72ED59746DC5C8D18B86753CD29BE6F23082213747E4A44D30F1373AA8639436EE756FC8DA29E1FEEDA330B26C868A58A600A83C200BE240AE83BBD93716658935AEBF79186C5E6D48330ADBB8F05B2C6DAACA06DFDD703F0E5BB7313B14CD1EA8108BDE3A79A30FE0FC53EB40E6D90BD33906BF24290CAF3F417585058CE7BF01110A78657D4AB9D5C9CDB79C35BBF479E449391C7BA85A0C7F3240F96E83224AAF6467D36A9F2818E631BA0070E94D556DF9E68C276D6C8C671EEC136D2459646A3871D3F3A2F7EAA5A695AAEA045AB2156DDF4DC434F3314C5EBDDD0382DF02489701C814082E69DCCF88F5C059C8AB237262CB2F0B683C040D85FBEA09912C510AA3A8873A2E7E653FFCCC5170A6B5E048CA8705B520446C36BF2324D731BF90088CFB5052C36B1DF97B2EBC83E8159EA21F93A92AD6B3645A879BF24164E9197F0FE233241DC5E5FC352C6AFD66E2AE29089A44122FC9CFEF9E42E1CEB2AEFCD3A690B8334CF5A5B67BF004045A0E66F7CE57BFCC2C9995DE6A8AB93A8AE7575AF1C82EB74937458A4535F7E8E2D72120E5194C6DB60A228471778DF3BE3FC25C3166251E6C1DB14F2E4977B785D5BDA45FC65B399AD5E3B263A2AE1F0236E119CB59F207740A5E4F751079ACA8F19F7DF457A5AC880B502C90BAB8136F9F58424B2230478538C0CAFC80B83B18EAAB1781562674158CDDAD6C80055C84A34EFCDC58BAE624B2D0724CA7B28703D04ED104659A73B891886091C73439A23EF0E4D1A5B3A2BB5C0E718D23A96A7D8AF50222B708BFCFA4D0E7BB7BAB1E0EBDF08622C6FEEA9AE8F8DE9026A2727D5214EDA29634A51A25B8D7CC9813B171470364661146E4F2E118CBC779E961DEB49F53"
.
Celkový čas: 2012-09-23 09:54:17
ComboFix-quarantined-files.txt 2012-09-23 07:54
.
Před spuštěním: Volných bajtů: 104 614 526 976
Po spuštění: Volných bajtů: 104 620 871 680
.
- - End Of File - - 3D86D141F8A091260D400485E91001B0
,,Poctivost nelze rozdělit na kousky.Buď je a nebo není."(Honoré de Balzac)
Re: Prosím o kontrolu- padá opět prohlížeč
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,
pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Stáhni a spusť OTMoveIt
do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\*.xml
:commands
[purity]
[emptytemp]
[start explorer]pokud aplikace bude požadovat restart, klikni na YES
v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
Re: Prosím o kontrolu- padá opět prohlížeč
restartovalo se to samo a rychle - nestihla jsem zkopírovat MoveIt
takže log z OTM
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icq-search.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-24.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-25.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-26.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.xml moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 491855 bytes
->FireFox cache emptied: 55519608 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4768 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 53,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 09232012_215937
takže log z OTM
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icq-search.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-24.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-25.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-26.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.xml moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 491855 bytes
->FireFox cache emptied: 55519608 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4768 bytes
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 53,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 09232012_215937
,,Poctivost nelze rozdělit na kousky.Buď je a nebo není."(Honoré de Balzac)
Re: Prosím o kontrolu- padá opět prohlížeč
hotovo 
zatím se zdá, že běží rychleji - záhul mu dám zase až zítra- tak kdyby něco ozvu se
...ještě jsem projela CCleanerem a Malwarebytes Anti-Malware...a vše OK
a DĚKUJI za pomoc a kontrolu - jste tady zlatí a mám vás ráda;-)
zatím se zdá, že běží rychleji
- záhul mu dám zase až zítra- tak kdyby něco ozvu se...ještě jsem projela CCleanerem a Malwarebytes Anti-Malware...a vše OK
a DĚKUJI za pomoc a kontrolu
- jste tady zlatí a mám vás ráda;-),,Poctivost nelze rozdělit na kousky.Buď je a nebo není."(Honoré de Balzac)
Přispějete na provoz fóra?