Dobrý den,
asi před týdnem jsem po třech letech užívání začal mít problémy s domácím PC.
Problém začal tím, že nejdříve nešla nainstalovat aktualizace windows. Teď nemůžu otevřít některé programy (např. chtěl jsem skenovat počítač antivirovým programem, ale nemůžu ho spustit), dále se počítač zdá takový zpomalený.
Předem děkuji za věškerou pomoc
Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomáš at 2012-12-25 10:54:33
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 270 GB (57%) free of 477 GB
Total RAM: 3326 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:46, on 25.12.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17115)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Tomáš\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Tomáš.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GAINWARD] C:\Program Files\EXPERTool\TBPanel.exe /A
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="d:\Support\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Exchange Service (ADExchange) - Unknown owner - C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Product - 2012/08/31 23:04:45 (CLKMSVC10_B91CB6D3) - CyberLink - C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: 1% (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 13860 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Game_Booster_Startup.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\su6rxk9a.default
prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=mcafee&p="
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files\McAfee\SiteAdvisor
"{D19CA586-DD6C-4a0a-96F8-14644F340D60}"=C:\Program Files\Common Files\McAfee\SystemCore
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/SAFFPlugin]
"Description"=
"Path"=C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
npdeploytk.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
avg-secure-search.xml
avg_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
McSiteAdvisor.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-06-21 261568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-04 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-06-21 261568]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCU"=C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [2009-08-04 346320]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-14 18702336]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-04-03 13670504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-04-03 110696]
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2009-06-03 237568]
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2009-06-03 131072]
"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"MDS_Menu"=C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]
"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2009-07-16 91432]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2009-04-15 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared files\brs.exe [2011-09-28 75048]
"UpdatePPShortCut"=C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-17 218408]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2010-10-17 557056]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280]
"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2012-09-12 1278648]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"RemoteControl10"=C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2011-03-30 87336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-10-25 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-12-12 152544]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894 []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"GAINWARD"=C:\Program Files\EXPERTool\TBPanel.exe [2009-10-05 2174976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WiseStubReboot"=MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI TRANSFORMS=C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST WISE_SETUP_EXE_PATH=d:\Support\PhysX_9.09.0814_SystemSoftware.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Hry\Saints Row The Third\Steam.exe [2012-09-13 1353080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Registration .LNK]
C:\Hry\Splinter Cell Double Agent\support\Register\Reg.exe [2005-02-28 868352]
C:\Documents and Settings\Tomáš\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Hry\Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe"="C:\Hry\Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Disabled:SplinterCell4"
"C:\Hry\Mass Effect 2\Binaries\MassEffect2.exe"="C:\Hry\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Hra"
"C:\Hry\Mass Effect 2\MassEffect2Launcher.exe"="C:\Hry\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Spustit"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Hry\Far Cry 2\bin\FarCry2.exe"="C:\Hry\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Hry\Far Cry 2\bin\FC2Launcher.exe"="C:\Hry\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Hry\Far Cry 2\bin\FC2Editor.exe"="C:\Hry\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Hry\Splinter Cell Conviction\src\system\conviction_game.exe"="C:\Hry\Splinter Cell Conviction\src\system\conviction_game.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction"
"C:\Hry\Splinter Cell Conviction\src\system\gu.exe"="C:\Hry\Splinter Cell Conviction\src\system\gu.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction aktualizace"
"C:\Hry\Splinter Cell Conviction\src\system\UPlayBrowser.exe"="C:\Hry\Splinter Cell Conviction\src\system\UPlayBrowser.exe:*:Enabled:UPlayBrowser Application"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Hry\James Bond\Bond.exe"="C:\Hry\James Bond\Bond.exe:*:Enabled:James Bond 007(TM) - Blood Stone"
"C:\Hry\Resident Evil 5\RE5DX9.EXE"="C:\Hry\Resident Evil 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"
"C:\Hry\Resident Evil 5\RE5DX10.EXE"="C:\Hry\Resident Evil 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10)"
"C:\Hry\Crysis\Bin32\Crysis.exe"="C:\Hry\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Hry\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Hry\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Hry\GTA\EFLC\EFLC.exe"="C:\Hry\GTA\EFLC\EFLC.exe:*:Enabled:Grand Theft Auto : Episodes from Liberty City"
"C:\Hry\Crysis 2\bin32\Crysis2.exe"="C:\Hry\Crysis 2\bin32\Crysis2.exe:*:Enabled:Crysis2"
"C:\Hry\Medal of Honor\Binaries\moh.exe"="C:\Hry\Medal of Honor\Binaries\moh.exe:*:Enabled:Medal of Honor™"
"C:\Hry\Medal of Honor\MP\MoHMPGame.exe"="C:\Hry\Medal of Honor\MP\MoHMPGame.exe:*:Enabled:Medal of Honor: Multiplayer"
"C:\Hry\Far Cry 2\bin\FC2ServerLauncher.exe"="C:\Hry\Far Cry 2\bin\FC2ServerLauncher.exe:*:Enabled:Far Cry® 2"
"C:\Hry\Splinter Cell Chaos Theory\Versus\System\SCCT_Versus_DedicatedServer.exe"="C:\Hry\Splinter Cell Chaos Theory\Versus\System\SCCT_Versus_DedicatedServer.exe:*:Enabled:SCCT_Versus_DedicatedServer"
"C:\Hry\Crysis Wars\Bin32\Crysis.exe"="C:\Hry\Crysis Wars\Bin32\Crysis.exe:*:Enabled:Crysis"
"C:\Hry\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Hry\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:pandora"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Hry\Saints Row The Third\Steam.exe"="C:\Hry\Saints Row The Third\Steam.exe:*:Enabled:Steam"
"C:\Hry\Saints Row The Third\SteamApps\common\saints row the third\saintsrowthethird.exe"="C:\Hry\Saints Row The Third\SteamApps\common\saints row the third\saintsrowthethird.exe:*:Enabled:Saints Row: The Third"
"C:\Hry\Saints Row The Third\SteamApps\common\saints row the third\saintsrowthethird_dx11.exe"="C:\Hry\Saints Row The Third\SteamApps\common\saints row the third\saintsrowthethird_dx11.exe:*:Enabled:Saints Row: The Third DX11"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Hry\Saints Row The Third\SteamApps\common\saints row the third\game_launcher.exe"="C:\Hry\Saints Row The Third\SteamApps\common\saints row the third\game_launcher.exe:*:Enabled:Saints Row: The Third"
"C:\Hry\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Hry\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe"="C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe:*:Enabled:CyberLink PowerDVD 10.0"
"C:\Hry\Ghost Recon Future Soldier\Future Soldier.exe"="C:\Hry\Ghost Recon Future Soldier\Future Soldier.exe:*:Enabled:Tom Clancy's Ghost Recon Future Soldier"
"C:\Hry\Ghost Recon Future Soldier\gu.exe"="C:\Hry\Ghost Recon Future Soldier\gu.exe:*:Enabled:Tom Clancy's Ghost Recon Future Soldier"
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe"="C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe:*:Enabled:CyberLink PowerDVD 10.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
======List of files/folders created in the last 1 month======
2012-12-25 10:54:34 ----D---- C:\Program Files\trend micro
2012-12-25 10:54:33 ----D---- C:\rsit
2012-12-24 23:02:40 ----D---- C:\6fd1a850a3289902ea3b3d8f508443f9
2012-12-24 22:57:46 ----A---- C:\WINDOWS\system32\drivers\mfendisk.sys
2012-12-23 16:15:05 ----D---- C:\Program Files\iPod
2012-12-23 16:15:01 ----D---- C:\Program Files\iTunes
2012-12-23 16:15:01 ----D---- C:\Documents and Settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-23 16:04:53 ----D---- C:\Program Files\QuickTime
2012-12-23 13:34:59 ----D---- C:\WINDOWS\LastGood(2)
2012-12-22 13:49:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$
2012-12-15 20:33:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2012-12-15 20:33:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2012-12-15 20:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2012-12-15 20:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2012-12-15 18:12:13 ----D---- C:\Program Files\Mozilla Firefox
2012-12-15 11:40:21 ----D---- C:\e51c67e49ec4492ee343feb9b7fe
2012-12-01 10:24:36 ----A---- C:\WINDOWS\system32\drivers\HipShieldK.sys
======List of files/folders modified in the last 1 month======
2012-12-25 10:54:39 ----DC---- C:\WINDOWS\system32\dllcache
2012-12-25 10:54:37 ----D---- C:\WINDOWS\Temp
2012-12-25 10:54:34 ----RD---- C:\Program Files
2012-12-25 10:52:37 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-25 10:51:28 ----D---- C:\Program Files\lg_fwupdate
2012-12-25 10:51:27 ----A---- C:\WINDOWS\lgfwup.ini
2012-12-25 10:51:10 ----D---- C:\WINDOWS\system32\drivers
2012-12-25 01:14:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-12-25 00:57:44 ----D---- C:\WINDOWS\system32
2012-12-25 00:57:44 ----D---- C:\Hry
2012-12-25 00:57:41 ----HD---- C:\Program Files\InstallShield Installation Information
2012-12-25 00:53:13 ----D---- C:\WINDOWS
2012-12-25 00:46:41 ----RSH---- C:\boot.ini
2012-12-25 00:39:05 ----D---- C:\WINDOWS\system32\CatRoot
2012-12-25 00:36:19 ----D---- C:\WINDOWS\system32\config
2012-12-25 00:36:10 ----D---- C:\WINDOWS\system32\wbem
2012-12-25 00:36:09 ----D---- C:\WINDOWS\Registration
2012-12-25 00:35:59 ----D---- C:\WINDOWS\WinSxS
2012-12-25 00:35:52 ----HD---- C:\WINDOWS\inf
2012-12-25 00:35:48 ----SHD---- C:\Config.Msi
2012-12-25 00:35:39 ----SHD---- C:\WINDOWS\Installer
2012-12-25 00:35:24 ----D---- C:\WINDOWS\system32\DirectX
2012-12-25 00:19:54 ----RSD---- C:\WINDOWS\assembly
2012-12-25 00:19:54 ----D---- C:\WINDOWS\Microsoft.NET
2012-12-25 00:10:00 ----A---- C:\WINDOWS\win.ini
2012-12-25 00:10:00 ----A---- C:\WINDOWS\system.ini
2012-12-24 23:55:13 ----D---- C:\WINDOWS\system32\XPSViewer
2012-12-24 23:55:12 ----RSD---- C:\WINDOWS\Fonts
2012-12-24 23:47:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-12-24 23:28:13 ----D---- C:\WINDOWS\Prefetch
2012-12-24 23:25:04 ----D---- C:\Program Files\Common Files\Mcafee
2012-12-24 23:25:03 ----D---- C:\Program Files\McAfee
2012-12-23 16:42:51 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-23 16:15:03 ----D---- C:\Program Files\Common Files\Apple
2012-12-23 13:48:32 ----D---- C:\WINDOWS\Debug
2012-12-22 13:49:07 ----HD---- C:\WINDOWS\$hf_mig$
2012-12-16 17:30:04 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-12-16 13:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll
2012-12-15 20:33:10 ----D---- C:\WINDOWS\system32\cs-cz
2012-12-15 20:33:10 ----D---- C:\Program Files\Internet Explorer
2012-12-15 20:32:57 ----D---- C:\WINDOWS\ie7updates
2012-12-15 20:27:09 ----A---- C:\WINDOWS\system32\MRT.exe
2012-12-15 11:46:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-12-01 10:24:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver; C:\WINDOWS\system32\drivers\CLBStor.sys [2008-10-20 10368]
R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2012-11-09 565352]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-03-03 48640]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-02-23 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2004-12-03 20544]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2012-11-09 91168]
R1 MOBKFilter;MOBKFilter; C:\WINDOWS\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/01 12:40:45]; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 CLBUDFR;CyberLink UDF Filesystem; C:\WINDOWS\system32\drivers\CLBUDFR.sys [2008-10-20 154368]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2009-07-09 1668352]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2012-11-09 60480]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-18 5884416]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2012-11-09 132912]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2012-11-09 234824]
R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2012-11-09 362640]
R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2012-11-09 84432]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-04-03 10232128]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2009-06-10 14080]
R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2009-06-10 36992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 ArcSec;ArcSec; C:\WINDOWS\system32\drivers\ArcSec.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 HipShieldK;McAfee Inc. HipShieldK; C:\WINDOWS\system32\drivers\HipShieldK.sys [2012-04-20 146872]
S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2012-11-09 65488]
S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2012-11-09 84432]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2012-11-09 92192]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-06-29 142592]
S3 SaiKCB03;SaiKCB03; C:\WINDOWS\system32\DRIVERS\SaiKCB03.sys [2008-10-22 106496]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-02-15 43520]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-04 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2012-11-09 203400]
R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 168880]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2012-11-09 167344]
R2 MOBKbackup;1%; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-04-03 154216]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2009-07-02 244904]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-12-12 553440]
S2 ADExchange;ArcSoft Exchange Service; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe []
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2012/08/31 23:04:45; C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-04-20 241648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-23 250808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2012-11-16 279048]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-15 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Problém s PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s PC
Zdravím!
Zkuste obnovu systému k datu, kdy korektně fungoval. Pokud se stav nezmění, dejte log ComboFix:
Zkuste obnovu systému k datu, kdy korektně fungoval. Pokud se stav nezmění, dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Problém s PC
Obnovení systému mě také napadlo, ale při pokusu spustit nástroj obnovení systému se objeví jen bílé okno.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17115 BrowserJavaVersion: 1.6.0_15
Run by Tomáš at 11:34:42 on 2012-12-25
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2703 [GMT 1:00]
.
AV: McAfee Anti-Virus and Antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
dURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [GAINWARD] c:\program files\expertool\TBPanel.exe /A
uRunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "c:\program files\common files\wise installation wizard\wisc5c1c0f0d62f4dbf81d4d7ef397c228b_9_09_0814.msi" transforms="c:\program files\common files\wise installation wizard\wisc5c1c0f0d62f4dbf81d4d7ef397c228b_9_09_0814.mst" wise_setup_exe_path="d:\support\PhysX_9.09.0814_SystemSoftware.exe"
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashow4\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashow4" updatewithcreateonce "software\cyberlink\mediashow\4.1"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\tom~1\nabdka~1\programy\posput~1\vezyob~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/s ... ab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{BE534FDA-EA3B-4556-B41C-B1ED1DB253AF} : DHCPNameServer = 10.0.0.138
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tomáš\data aplikací\mozilla\firefox\profiles\su6rxk9a.default\
.
============= SERVICES / DRIVERS ===============
.
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [2010-9-1 10368]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 565352]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-12-23 91168]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-12-23 54776]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/01 12:40:45];c:\program files\cyberlink\powerdvd8\000.fcl [2010-1-12 87536]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-2-4 219360]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [2010-9-1 154368]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-2-4 68136]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-23 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-12-23 203400]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-12-23 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-23 167344]
R2 MOBKbackup;1%;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2010-2-4 1668352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-12-23 60480]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-23 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-12-23 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-24 84432]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-23 167784]
R4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-23 167784]
R4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-23 167784]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\arcsec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe --> c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [?]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2012/08/31 23:04:45;c:\program files\cyberlink\powerdvd10\navfilter\kmsvc.exe [2011-4-20 241648]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-4 1684736]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-12-1 146872]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-23 65488]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-24 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-23 92192]
S3 SaiKCB03;SaiKCB03;c:\windows\system32\drivers\SaiKCB03.sys [2008-10-22 106496]
.
=============== Created Last 30 ================
.
2012-12-25 09:54:34 -------- d-----w- c:\program files\trend micro
2012-12-24 23:36:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-12-24 23:36:09 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-24 22:32:16 33944 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2012-12-24 22:02:40 -------- d-----w- C:\6fd1a850a3289902ea3b3d8f508443f9
2012-12-24 21:57:46 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-12-23 15:15:05 -------- d-----w- c:\program files\iPod
2012-12-23 15:15:01 -------- d-----w- c:\program files\iTunes
2012-12-23 14:48:10 -------- d--h--r- c:\documents and settings\tomáš\Recent
2012-12-23 12:34:59 -------- d-----w- c:\windows\LastGood(2)
2012-12-15 10:40:21 -------- d-----w- C:\e51c67e49ec4492ee343feb9b7fe
2012-12-01 09:24:36 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
==================== Find3M ====================
.
2012-12-25 09:51:10 17488 ----a-w- c:\windows\gdrv.sys
2012-12-24 23:20:09 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-24 22:05:44 282512 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-23 15:42:51 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-23 15:42:51 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55:10 1866368 ------w- c:\windows\system32\win32k.sys
2012-11-09 05:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 05:53:22 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 05:53:02 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 05:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 05:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 05:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 05:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 05:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 05:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 05:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-02 02:03:56 375296 ------w- c:\windows\system32\dpnet.dll
2012-11-01 03:45:47 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:45:36 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:45:29 78336 ------w- c:\windows\system32\ieencode.dll
2012-11-01 03:45:26 17408 ------w- c:\windows\system32\corpol.dll
2012-10-31 14:10:14 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 14:10:14 138056 ----a-w- c:\windows\system32\atl100.dll
2012-10-25 02:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-19 19:17:18 138904 ----a-w- c:\documents and settings\tomáš\data aplikací\PnkBstrK.sys
2012-10-04 11:34:24 3233712 ----a-w- c:\windows\system32\pbsvc.exe
2004-03-11 11:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 11:35:32,37 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17115 BrowserJavaVersion: 1.6.0_15
Run by Tomáš at 11:34:42 on 2012-12-25
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2703 [GMT 1:00]
.
AV: McAfee Anti-Virus and Antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\EXPERTool\TBPanel.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.seznam.cz/
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
dURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [GAINWARD] c:\program files\expertool\TBPanel.exe /A
uRunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "c:\program files\common files\wise installation wizard\wisc5c1c0f0d62f4dbf81d4d7ef397c228b_9_09_0814.msi" transforms="c:\program files\common files\wise installation wizard\wisc5c1c0f0d62f4dbf81d4d7ef397c228b_9_09_0814.mst" wise_setup_exe_path="d:\support\PhysX_9.09.0814_SystemSoftware.exe"
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashow4\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashow4" updatewithcreateonce "software\cyberlink\mediashow\4.1"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\1.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.894
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\tom~1\nabdka~1\programy\posput~1\vezyob~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/s ... ab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{BE534FDA-EA3B-4556-B41C-B1ED1DB253AF} : DHCPNameServer = 10.0.0.138
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tomáš\data aplikací\mozilla\firefox\profiles\su6rxk9a.default\
.
============= SERVICES / DRIVERS ===============
.
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [2010-9-1 10368]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 565352]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-12-23 91168]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-12-23 54776]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/01 12:40:45];c:\program files\cyberlink\powerdvd8\000.fcl [2010-1-12 87536]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-2-4 219360]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [2010-9-1 154368]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-2-4 68136]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-23 167784]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-12-23 203400]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-12-23 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-12-23 167344]
R2 MOBKbackup;1%;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2010-2-4 1668352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-12-23 60480]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-12-23 234824]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-12-23 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-24 84432]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2006-3-2 69120]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-23 167784]
R4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-23 167784]
R4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-12-23 167784]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\arcsec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 ADExchange;ArcSoft Exchange Service;c:\program files\common files\arcsoft\esinter\bin\eservutil.exe --> c:\program files\common files\arcsoft\esinter\bin\eservutil.exe [?]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2012/08/31 23:04:45;c:\program files\cyberlink\powerdvd10\navfilter\kmsvc.exe [2011-4-20 241648]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-4 1684736]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-12-1 146872]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-12-23 65488]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-24 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-12-23 92192]
S3 SaiKCB03;SaiKCB03;c:\windows\system32\drivers\SaiKCB03.sys [2008-10-22 106496]
.
=============== Created Last 30 ================
.
2012-12-25 09:54:34 -------- d-----w- c:\program files\trend micro
2012-12-24 23:36:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-12-24 23:36:09 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-24 22:32:16 33944 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll
2012-12-24 22:02:40 -------- d-----w- C:\6fd1a850a3289902ea3b3d8f508443f9
2012-12-24 21:57:46 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-12-23 15:15:05 -------- d-----w- c:\program files\iPod
2012-12-23 15:15:01 -------- d-----w- c:\program files\iTunes
2012-12-23 14:48:10 -------- d--h--r- c:\documents and settings\tomáš\Recent
2012-12-23 12:34:59 -------- d-----w- c:\windows\LastGood(2)
2012-12-15 10:40:21 -------- d-----w- C:\e51c67e49ec4492ee343feb9b7fe
2012-12-01 09:24:36 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
==================== Find3M ====================
.
2012-12-25 09:51:10 17488 ----a-w- c:\windows\gdrv.sys
2012-12-24 23:20:09 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-24 22:05:44 282512 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-23 15:42:51 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-23 15:42:51 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55:10 1866368 ------w- c:\windows\system32\win32k.sys
2012-11-09 05:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 05:53:22 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 05:53:02 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 05:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 05:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 05:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 05:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 05:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 05:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 05:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-02 02:03:56 375296 ------w- c:\windows\system32\dpnet.dll
2012-11-01 03:45:47 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:45:36 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:45:29 78336 ------w- c:\windows\system32\ieencode.dll
2012-11-01 03:45:26 17408 ------w- c:\windows\system32\corpol.dll
2012-10-31 14:10:14 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 14:10:14 138056 ----a-w- c:\windows\system32\atl100.dll
2012-10-25 02:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-19 19:17:18 138904 ----a-w- c:\documents and settings\tomáš\data aplikací\PnkBstrK.sys
2012-10-04 11:34:24 3233712 ----a-w- c:\windows\system32\pbsvc.exe
2004-03-11 11:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 11:35:32,37 ===============
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s PC
Potřebuji log ComboFix (viz výše). Toto je DDS.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Problém s PC
Omlouvám se, nevím na co jsem myslel..
Nešel mi vypnout antivirový program, tak jsem spustil combofix se zapnutým. Snad to není velký problém.
ComboFix 12-12-25.02 - Tomáš 25.12.2012 13:31:07.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2574 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
AV: McAfee Anti-Virus and Antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-25 do 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 09:54 . 2012-12-25 09:54 -------- d-----w- c:\program files\trend micro
2012-12-25 09:54 . 2012-12-25 09:54 -------- d-----w- C:\rsit
2012-12-24 23:36 . 2012-12-24 23:36 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-24 22:02 . 2012-12-24 22:02 -------- d-----w- C:\6fd1a850a3289902ea3b3d8f508443f9
2012-12-24 21:57 . 2012-11-09 05:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\program files\iPod
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\program files\iTunes
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-23 15:04 . 2012-12-23 15:05 -------- d-----w- c:\program files\QuickTime
2012-12-23 12:34 . 2012-12-23 14:43 -------- d-----w- c:\windows\LastGood(2)
2012-12-15 11:10 . 2012-12-15 11:10 -------- d-----w- c:\documents and settings\Tomáš\Local Settings\Data aplikací\PCHealth
2012-12-15 10:40 . 2012-12-15 10:43 -------- d-----w- C:\e51c67e49ec4492ee343feb9b7fe
2012-12-01 09:24 . 2012-04-20 15:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-25 12:04 . 2010-05-31 13:03 17488 ----a-w- c:\windows\gdrv.sys
2012-12-24 23:20 . 2011-08-01 19:03 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-24 22:05 . 2011-08-01 18:05 282512 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-23 15:42 . 2012-04-02 16:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-23 15:42 . 2011-07-30 13:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ------w- c:\windows\system32\win32k.sys
2012-11-09 05:56 . 2011-12-23 17:22 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 05:53 . 2011-12-23 17:10 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 05:53 . 2011-12-23 17:22 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 05:52 . 2011-12-23 17:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 05:52 . 2011-12-23 17:22 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 05:51 . 2011-10-15 11:16 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 05:50 . 2011-12-23 17:22 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 05:50 . 2011-12-23 17:22 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 05:49 . 2011-12-23 17:22 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 05:49 . 2011-10-15 11:16 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ------w- c:\windows\system32\dpnet.dll
2012-11-01 03:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:45 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:45 . 2010-02-23 16:27 78336 ------w- c:\windows\system32\ieencode.dll
2012-11-01 03:45 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2012-10-31 14:10 . 2012-10-31 14:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 14:10 . 2012-10-31 14:10 138056 ----a-w- c:\windows\system32\atl100.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-19 19:17 . 2010-04-30 19:35 138904 ----a-w- c:\documents and settings\Tomáš\Data aplikací\PnkBstrK.sys
2012-10-04 11:34 . 2010-04-30 19:34 3233712 ----a-w- c:\windows\system32\pbsvc.exe
2004-03-11 11:27 . 2010-05-30 16:24 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-12-15 17:12 . 2012-12-15 17:12 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-10-05 2174976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-10-17 557056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Registration .LNK]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\Registration .LNK
backup=c:\windows\pss\Registration .LNKStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2012-09-12 11:21 1278648 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-09-13 13:25 1353080 ----a-w- c:\hry\Saints Row The Third\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"MOBKbackup"=2 (0x2)
"MSK80Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Hry\\Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Hry\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Hry\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\gu.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\UPlayBrowser.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Hry\\James Bond\\Bond.exe"=
"c:\\Hry\\Resident Evil 5\\RE5DX9.EXE"=
"c:\\Hry\\Resident Evil 5\\RE5DX10.EXE"=
"c:\\Hry\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Hry\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Hry\\GTA\\EFLC\\EFLC.exe"=
"c:\\Hry\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\Hry\\Medal of Honor\\Binaries\\moh.exe"=
"c:\\Hry\\Medal of Honor\\MP\\MoHMPGame.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Hry\\Splinter Cell Chaos Theory\\Versus\\System\\SCCT_Versus_DedicatedServer.exe"=
"c:\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Hry\\Saints Row The Third\\Steam.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\saintsrowthethird.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\saintsrowthethird_dx11.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\game_launcher.exe"=
"c:\\Hry\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Hry\\Ghost Recon Future Soldier\\Future Soldier.exe"=
"c:\\Hry\\Ghost Recon Future Soldier\\gu.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [1.9.2010 11:38 10368]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [23.12.2011 18:22 91168]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [23.12.2011 18:23 54776]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/01 12:40];c:\program files\CyberLink\PowerDVD8\000.fcl [12.1.2010 22:08 87536]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [4.2.2010 17:03 219360]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [1.9.2010 11:38 154368]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [4.2.2010 17:03 68136]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [23.12.2011 18:22 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [23.12.2011 18:10 167344]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [4.2.2010 17:38 1668352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [23.12.2011 18:22 60480]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [23.12.2011 18:22 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [24.12.2012 22:57 84432]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2012/08/31 23:04;c:\program files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [20.4.2011 8:57 241648]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4.2.2010 17:04 1684736]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [1.12.2012 10:24 146872]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [24.12.2012 22:57 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [23.12.2011 18:22 92192]
S3 SaiKCB03;SaiKCB03;c:\windows\system32\drivers\SaiKCB03.sys [22.10.2008 13:57 106496]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
S4 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
S4 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [13.4.2010 20:11 229688]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - CLKMDRV10_B91CB6D3
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:42]
.
2012-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\su6rxk9a.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - ExtSQL: !HIDDEN! 2010-05-02 14:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-NBAgent - c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-25 13:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\system32\OLD3D.tmp 19968 bytes executable
c:\windows\system32\OLD40.tmp 4608 bytes executable
c:\windows\system32\OLD43.tmp 117248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 3
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-1979792683-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:77,7b,b0,46,91,c6,3e,4b,95,bc,ef,4f,8a,af,c3,99,f6,e7,9d,36,da,81,47,
ca,45,11,24,fd,fe,3f,5c,f5,d1,2b,44,8a,12,66,dd,f3,55,80,72,81,ce,32,41,e9,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2025429265-1979792683-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:4f,75,5a,4e,f1,83,27,5d,51,dd,37,33,0a,19,37,6b,b8,53,ed,25,3d,
41,4d,19,19,26,e7,41,1e,cb,62,3b,17,da,7d,f6,10,9f,58,fc,8b,19,15,3e,bf,02,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
Celkový čas: 2012-12-25 13:40:29
ComboFix-quarantined-files.txt 2012-12-25 12:40
.
Před spuštěním: Volných bajtů: 282 944 016 384
Po spuštění: Volných bajtů: 283 282 333 696
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - DD7D6390B1168F507BCA2F230041AE0B
Nešel mi vypnout antivirový program, tak jsem spustil combofix se zapnutým. Snad to není velký problém.
ComboFix 12-12-25.02 - Tomáš 25.12.2012 13:31:07.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2574 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
AV: McAfee Anti-Virus and Antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-25 do 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 09:54 . 2012-12-25 09:54 -------- d-----w- c:\program files\trend micro
2012-12-25 09:54 . 2012-12-25 09:54 -------- d-----w- C:\rsit
2012-12-24 23:36 . 2012-12-24 23:36 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-24 22:02 . 2012-12-24 22:02 -------- d-----w- C:\6fd1a850a3289902ea3b3d8f508443f9
2012-12-24 21:57 . 2012-11-09 05:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\program files\iPod
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\program files\iTunes
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-23 15:04 . 2012-12-23 15:05 -------- d-----w- c:\program files\QuickTime
2012-12-23 12:34 . 2012-12-23 14:43 -------- d-----w- c:\windows\LastGood(2)
2012-12-15 11:10 . 2012-12-15 11:10 -------- d-----w- c:\documents and settings\Tomáš\Local Settings\Data aplikací\PCHealth
2012-12-15 10:40 . 2012-12-15 10:43 -------- d-----w- C:\e51c67e49ec4492ee343feb9b7fe
2012-12-01 09:24 . 2012-04-20 15:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-25 12:04 . 2010-05-31 13:03 17488 ----a-w- c:\windows\gdrv.sys
2012-12-24 23:20 . 2011-08-01 19:03 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-24 22:05 . 2011-08-01 18:05 282512 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-23 15:42 . 2012-04-02 16:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-23 15:42 . 2011-07-30 13:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ------w- c:\windows\system32\win32k.sys
2012-11-09 05:56 . 2011-12-23 17:22 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 05:53 . 2011-12-23 17:10 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 05:53 . 2011-12-23 17:22 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 05:52 . 2011-12-23 17:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 05:52 . 2011-12-23 17:22 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 05:51 . 2011-10-15 11:16 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 05:50 . 2011-12-23 17:22 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 05:50 . 2011-12-23 17:22 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 05:49 . 2011-12-23 17:22 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 05:49 . 2011-10-15 11:16 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ------w- c:\windows\system32\dpnet.dll
2012-11-01 03:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:45 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:45 . 2010-02-23 16:27 78336 ------w- c:\windows\system32\ieencode.dll
2012-11-01 03:45 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2012-10-31 14:10 . 2012-10-31 14:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 14:10 . 2012-10-31 14:10 138056 ----a-w- c:\windows\system32\atl100.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-19 19:17 . 2010-04-30 19:35 138904 ----a-w- c:\documents and settings\Tomáš\Data aplikací\PnkBstrK.sys
2012-10-04 11:34 . 2010-04-30 19:34 3233712 ----a-w- c:\windows\system32\pbsvc.exe
2004-03-11 11:27 . 2010-05-30 16:24 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-12-15 17:12 . 2012-12-15 17:12 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-10-05 2174976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-10-17 557056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Registration .LNK]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\Registration .LNK
backup=c:\windows\pss\Registration .LNKStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2012-09-12 11:21 1278648 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-09-13 13:25 1353080 ----a-w- c:\hry\Saints Row The Third\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"MOBKbackup"=2 (0x2)
"MSK80Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Hry\\Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Hry\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Hry\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\gu.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\UPlayBrowser.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Hry\\James Bond\\Bond.exe"=
"c:\\Hry\\Resident Evil 5\\RE5DX9.EXE"=
"c:\\Hry\\Resident Evil 5\\RE5DX10.EXE"=
"c:\\Hry\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Hry\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Hry\\GTA\\EFLC\\EFLC.exe"=
"c:\\Hry\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\Hry\\Medal of Honor\\Binaries\\moh.exe"=
"c:\\Hry\\Medal of Honor\\MP\\MoHMPGame.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Hry\\Splinter Cell Chaos Theory\\Versus\\System\\SCCT_Versus_DedicatedServer.exe"=
"c:\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Hry\\Saints Row The Third\\Steam.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\saintsrowthethird.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\saintsrowthethird_dx11.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\game_launcher.exe"=
"c:\\Hry\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Hry\\Ghost Recon Future Soldier\\Future Soldier.exe"=
"c:\\Hry\\Ghost Recon Future Soldier\\gu.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [1.9.2010 11:38 10368]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [23.12.2011 18:22 91168]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [23.12.2011 18:23 54776]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/01 12:40];c:\program files\CyberLink\PowerDVD8\000.fcl [12.1.2010 22:08 87536]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [4.2.2010 17:03 219360]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [1.9.2010 11:38 154368]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [4.2.2010 17:03 68136]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [23.12.2011 18:22 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [23.12.2011 18:10 167344]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [4.2.2010 17:38 1668352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [23.12.2011 18:22 60480]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [23.12.2011 18:22 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [24.12.2012 22:57 84432]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2012/08/31 23:04;c:\program files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [20.4.2011 8:57 241648]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4.2.2010 17:04 1684736]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [1.12.2012 10:24 146872]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [24.12.2012 22:57 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [23.12.2011 18:22 92192]
S3 SaiKCB03;SaiKCB03;c:\windows\system32\drivers\SaiKCB03.sys [22.10.2008 13:57 106496]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
S4 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
S4 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [13.4.2010 20:11 229688]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - CLKMDRV10_B91CB6D3
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:42]
.
2012-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\su6rxk9a.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - ExtSQL: !HIDDEN! 2010-05-02 14:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-NBAgent - c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-25 13:38
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\system32\OLD3D.tmp 19968 bytes executable
c:\windows\system32\OLD40.tmp 4608 bytes executable
c:\windows\system32\OLD43.tmp 117248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 3
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2025429265-1979792683-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:77,7b,b0,46,91,c6,3e,4b,95,bc,ef,4f,8a,af,c3,99,f6,e7,9d,36,da,81,47,
ca,45,11,24,fd,fe,3f,5c,f5,d1,2b,44,8a,12,66,dd,f3,55,80,72,81,ce,32,41,e9,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2025429265-1979792683-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:4f,75,5a,4e,f1,83,27,5d,51,dd,37,33,0a,19,37,6b,b8,53,ed,25,3d,
41,4d,19,19,26,e7,41,1e,cb,62,3b,17,da,7d,f6,10,9f,58,fc,8b,19,15,3e,bf,02,\
"rkeysecu"=hex:25,6e,26,75,92,ce,4f,64,cb,53,79,fc,02,ed,22,d1
.
Celkový čas: 2012-12-25 13:40:29
ComboFix-quarantined-files.txt 2012-12-25 12:40
.
Před spuštěním: Volných bajtů: 282 944 016 384
Po spuštění: Volných bajtů: 283 282 333 696
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - DD7D6390B1168F507BCA2F230041AE0B
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s PC
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
c:\windows\system32\OLD3D.tmp
c:\windows\system32\OLD40.tmp
c:\windows\system32\OLD43.tmp
Firefox::
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\su6rxk9a.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - ExtSQL: !HIDDEN! 2010-05-02 14:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
Regnull::
[HKEY_USERS\S-1-5-21-2025429265-1979792683-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-2025429265-1979792683-725345543-1003\Software\SecuROM\License information*]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Problém s PC
ComboFix 12-12-25.02 - Tomáš 25.12.2012 18:23:28.2.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2605 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomáš\Plocha\CFScript.txt..txt
AV: McAfee Anti-Virus and Antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\system32\OLD3D.tmp"
"c:\windows\system32\OLD40.tmp"
"c:\windows\system32\OLD43.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\OLD3D.tmp
c:\windows\system32\OLD40.tmp
c:\windows\system32\OLD43.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-25 do 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 09:54 . 2012-12-25 09:54 -------- d-----w- c:\program files\trend micro
2012-12-25 09:54 . 2012-12-25 09:54 -------- d-----w- C:\rsit
2012-12-24 23:36 . 2012-12-24 23:36 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-24 22:02 . 2012-12-24 22:02 -------- d-----w- C:\6fd1a850a3289902ea3b3d8f508443f9
2012-12-24 21:57 . 2012-11-09 05:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\program files\iPod
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\program files\iTunes
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-23 15:04 . 2012-12-23 15:05 -------- d-----w- c:\program files\QuickTime
2012-12-23 12:34 . 2012-12-23 14:43 -------- d-----w- c:\windows\LastGood(2)
2012-12-15 11:10 . 2012-12-15 11:10 -------- d-----w- c:\documents and settings\Tomáš\Local Settings\Data aplikací\PCHealth
2012-12-15 10:40 . 2012-12-15 10:43 -------- d-----w- C:\e51c67e49ec4492ee343feb9b7fe
2012-12-01 09:24 . 2012-04-20 15:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-25 17:30 . 2010-05-31 13:03 17488 ----a-w- c:\windows\gdrv.sys
2012-12-24 23:20 . 2011-08-01 19:03 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-24 22:05 . 2011-08-01 18:05 282512 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-23 15:42 . 2012-04-02 16:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-23 15:42 . 2011-07-30 13:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ------w- c:\windows\system32\win32k.sys
2012-11-09 05:56 . 2011-12-23 17:22 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 05:53 . 2011-12-23 17:10 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 05:53 . 2011-12-23 17:22 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 05:52 . 2011-12-23 17:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 05:52 . 2011-12-23 17:22 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 05:51 . 2011-10-15 11:16 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 05:50 . 2011-12-23 17:22 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 05:50 . 2011-12-23 17:22 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 05:49 . 2011-12-23 17:22 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 05:49 . 2011-10-15 11:16 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ------w- c:\windows\system32\dpnet.dll
2012-11-01 03:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:45 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:45 . 2010-02-23 16:27 78336 ------w- c:\windows\system32\ieencode.dll
2012-11-01 03:45 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2012-10-31 14:10 . 2012-10-31 14:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 14:10 . 2012-10-31 14:10 138056 ----a-w- c:\windows\system32\atl100.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-19 19:17 . 2010-04-30 19:35 138904 ----a-w- c:\documents and settings\Tomáš\Data aplikací\PnkBstrK.sys
2012-10-04 11:34 . 2010-04-30 19:34 3233712 ----a-w- c:\windows\system32\pbsvc.exe
2004-03-11 11:27 . 2010-05-30 16:24 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-12-15 17:12 . 2012-12-15 17:12 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-10-05 2174976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-10-17 557056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Registration .LNK]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\Registration .LNK
backup=c:\windows\pss\Registration .LNKStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2012-09-12 11:21 1278648 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-09-13 13:25 1353080 ----a-w- c:\hry\Saints Row The Third\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"MOBKbackup"=2 (0x2)
"MSK80Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Hry\\Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Hry\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Hry\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\gu.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\UPlayBrowser.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Hry\\James Bond\\Bond.exe"=
"c:\\Hry\\Resident Evil 5\\RE5DX9.EXE"=
"c:\\Hry\\Resident Evil 5\\RE5DX10.EXE"=
"c:\\Hry\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Hry\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Hry\\GTA\\EFLC\\EFLC.exe"=
"c:\\Hry\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\Hry\\Medal of Honor\\Binaries\\moh.exe"=
"c:\\Hry\\Medal of Honor\\MP\\MoHMPGame.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Hry\\Splinter Cell Chaos Theory\\Versus\\System\\SCCT_Versus_DedicatedServer.exe"=
"c:\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Hry\\Saints Row The Third\\Steam.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\saintsrowthethird.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\saintsrowthethird_dx11.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\game_launcher.exe"=
"c:\\Hry\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Hry\\Ghost Recon Future Soldier\\Future Soldier.exe"=
"c:\\Hry\\Ghost Recon Future Soldier\\gu.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [1.9.2010 11:38 10368]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [23.12.2011 18:22 91168]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [23.12.2011 18:23 54776]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/01 12:40];c:\program files\CyberLink\PowerDVD8\000.fcl [12.1.2010 22:08 87536]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [4.2.2010 17:03 219360]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [1.9.2010 11:38 154368]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [4.2.2010 17:03 68136]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [23.12.2011 18:22 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [23.12.2011 18:10 167344]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [4.2.2010 17:38 1668352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [23.12.2011 18:22 60480]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [23.12.2011 18:22 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [24.12.2012 22:57 84432]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2012/08/31 23:04;c:\program files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [20.4.2011 8:57 241648]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4.2.2010 17:04 1684736]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [1.12.2012 10:24 146872]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [24.12.2012 22:57 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [23.12.2011 18:22 92192]
S3 SaiKCB03;SaiKCB03;c:\windows\system32\drivers\SaiKCB03.sys [22.10.2008 13:57 106496]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
S4 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
S4 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [13.4.2010 20:11 229688]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - CLKMDRV10_B91CB6D3
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:42]
.
2012-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\su6rxk9a.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - ExtSQL: !HIDDEN! 2010-05-02 14:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-25 18:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2792)
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2012-12-25 18:34:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-25 17:34
ComboFix2.txt 2012-12-25 12:40
.
Před spuštěním: Volných bajtů: 283 284 119 552
Po spuštění: Volných bajtů: 283 401 498 624
.
- - End Of File - - 83EE2DDAE872FAB7D6F154E48F631BAE
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2605 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomáš\Plocha\CFScript.txt..txt
AV: McAfee Anti-Virus and Antispyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\system32\OLD3D.tmp"
"c:\windows\system32\OLD40.tmp"
"c:\windows\system32\OLD43.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\OLD3D.tmp
c:\windows\system32\OLD40.tmp
c:\windows\system32\OLD43.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-25 do 2012-12-25 )))))))))))))))))))))))))))))))
.
.
2012-12-25 09:54 . 2012-12-25 09:54 -------- d-----w- c:\program files\trend micro
2012-12-25 09:54 . 2012-12-25 09:54 -------- d-----w- C:\rsit
2012-12-24 23:36 . 2012-12-24 23:36 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-24 22:02 . 2012-12-24 22:02 -------- d-----w- C:\6fd1a850a3289902ea3b3d8f508443f9
2012-12-24 21:57 . 2012-11-09 05:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\program files\iPod
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\program files\iTunes
2012-12-23 15:15 . 2012-12-23 15:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-23 15:05 . 2012-12-23 15:05 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-23 15:04 . 2012-12-23 15:05 -------- d-----w- c:\program files\QuickTime
2012-12-23 12:34 . 2012-12-23 14:43 -------- d-----w- c:\windows\LastGood(2)
2012-12-15 11:10 . 2012-12-15 11:10 -------- d-----w- c:\documents and settings\Tomáš\Local Settings\Data aplikací\PCHealth
2012-12-15 10:40 . 2012-12-15 10:43 -------- d-----w- C:\e51c67e49ec4492ee343feb9b7fe
2012-12-01 09:24 . 2012-04-20 15:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-25 17:30 . 2010-05-31 13:03 17488 ----a-w- c:\windows\gdrv.sys
2012-12-24 23:20 . 2011-08-01 19:03 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-24 22:05 . 2011-08-01 18:05 282512 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-23 15:42 . 2012-04-02 16:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-23 15:42 . 2011-07-30 13:58 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ------w- c:\windows\system32\win32k.sys
2012-11-09 05:56 . 2011-12-23 17:22 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 05:53 . 2011-12-23 17:10 167344 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 05:53 . 2011-12-23 17:22 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-11-09 05:52 . 2011-12-23 17:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 05:52 . 2011-12-23 17:22 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 05:51 . 2011-10-15 11:16 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 05:50 . 2011-12-23 17:22 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 05:50 . 2011-12-23 17:22 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-11-09 05:49 . 2011-12-23 17:22 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 05:49 . 2011-10-15 11:16 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ------w- c:\windows\system32\dpnet.dll
2012-11-01 03:45 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 03:45 . 2006-03-02 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 03:45 . 2010-02-23 16:27 78336 ------w- c:\windows\system32\ieencode.dll
2012-11-01 03:45 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2012-10-31 14:10 . 2012-10-31 14:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-10-31 14:10 . 2012-10-31 14:10 138056 ----a-w- c:\windows\system32\atl100.dll
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-19 19:17 . 2010-04-30 19:35 138904 ----a-w- c:\documents and settings\Tomáš\Data aplikací\PnkBstrK.sys
2012-10-04 11:34 . 2010-04-30 19:34 3233712 ----a-w- c:\windows\system32\pbsvc.exe
2004-03-11 11:27 . 2010-05-30 16:24 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-12-15 17:12 . 2012-12-15 17:12 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 19:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GAINWARD"="c:\program files\EXPERTool\TBPanel.exe" [2009-10-05 2174976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-10-17 557056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstall ... er=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tomáš^Nabídka Start^Programy^Po spuštění^Registration .LNK]
path=c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\Registration .LNK
backup=c:\windows\pss\Registration .LNKStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2012-09-12 11:21 1278648 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-09-13 13:25 1353080 ----a-w- c:\hry\Saints Row The Third\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"MOBKbackup"=2 (0x2)
"MSK80Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Hry\\Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=
"c:\\Hry\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Hry\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\conviction_game.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\gu.exe"=
"c:\\Hry\\Splinter Cell Conviction\\src\\system\\UPlayBrowser.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Hry\\James Bond\\Bond.exe"=
"c:\\Hry\\Resident Evil 5\\RE5DX9.EXE"=
"c:\\Hry\\Resident Evil 5\\RE5DX10.EXE"=
"c:\\Hry\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Hry\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Hry\\GTA\\EFLC\\EFLC.exe"=
"c:\\Hry\\Crysis 2\\bin32\\Crysis2.exe"=
"c:\\Hry\\Medal of Honor\\Binaries\\moh.exe"=
"c:\\Hry\\Medal of Honor\\MP\\MoHMPGame.exe"=
"c:\\Hry\\Far Cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Hry\\Splinter Cell Chaos Theory\\Versus\\System\\SCCT_Versus_DedicatedServer.exe"=
"c:\\Hry\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Hry\\Saints Row The Third\\Steam.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\saintsrowthethird.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\saintsrowthethird_dx11.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Hry\\Saints Row The Third\\SteamApps\\common\\saints row the third\\game_launcher.exe"=
"c:\\Hry\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Hry\\Ghost Recon Future Soldier\\Future Soldier.exe"=
"c:\\Hry\\Ghost Recon Future Soldier\\gu.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 CLBStor;CyberLink InstantBurn UDF Reader Help Driver;c:\windows\system32\drivers\CLBStor.sys [1.9.2010 11:38 10368]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [23.12.2011 18:22 91168]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [23.12.2011 18:23 54776]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/09/01 12:40];c:\program files\CyberLink\PowerDVD8\000.fcl [12.1.2010 22:08 87536]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [4.2.2010 17:03 219360]
R2 CLBUDFR;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDFR.sys [1.9.2010 11:38 154368]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [4.2.2010 17:03 68136]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [23.12.2011 18:22 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [23.12.2011 18:10 167344]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [4.2.2010 17:38 1668352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [23.12.2011 18:22 60480]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [23.12.2011 18:22 362640]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [24.12.2012 22:57 84432]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 ADExchange;ArcSoft Exchange Service;c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> c:\program files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2012/08/31 23:04;c:\program files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [20.4.2011 8:57 241648]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4.2.2010 17:04 1684736]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [1.12.2012 10:24 146872]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [24.12.2012 22:57 84432]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [23.12.2011 18:22 92192]
S3 SaiKCB03;SaiKCB03;c:\windows\system32\drivers\SaiKCB03.sys [22.10.2008 13:57 106496]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
S4 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [23.12.2011 18:21 167784]
S4 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [13.4.2010 20:11 229688]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - CLKMDRV10_B91CB6D3
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:42]
.
2012-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\su6rxk9a.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - ExtSQL: !HIDDEN! 2010-05-02 14:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-25 18:30
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2792)
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2012-12-25 18:34:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-25 17:34
ComboFix2.txt 2012-12-25 12:40
.
Před spuštěním: Volných bajtů: 283 284 119 552
Po spuštění: Volných bajtů: 283 401 498 624
.
- - End Of File - - 83EE2DDAE872FAB7D6F154E48F631BAE
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s PC
Log již vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Problém s PC
Ano nastala změna, antivirový program už funguje a nástroj obnovení systému také. Jen mám stále problémy s instalací některých programů (Instalační služba windows není dostupná)
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s PC
Zkuste toto: http://www.stahuj.centrum.cz/utility_a_ ... installer/ .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Problém s PC
Pořád to nefunguje. Ve službách je windows installer stále zastaven a nejde zapnout. Mám vyzkoušet obnovení systému?
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s PC
Zkuste.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Problém s PC
zkusil jsem a zase se otevírají jen bílá okna
-
Rudy
- Site Admin
- Příspěvky: 119522
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Problém s PC
Pak je to problém systému. Budte muset provést jeho opravu buď pomocí XPManageru: http://forum.viry.cz/viewtopic.php?f=46&t=17549 , nebo z instal. CD.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Problém s PC
Tak jsem použil opravu z cd. Zdá se, že už je vše v pořádku. Děkuji za Váš čas a pomoc.
Přispějete na provoz fóra?