RSIT - preventívne

Zpráva

marosSK · #1 Příspěvek od **marosSK** » 13 led 2013 17:42

Zdravim. Mám tu ďalší príprad. PC má síce na RAMku vyťažujúci windows, no o to mi nejde, to doriešim neskôr, akurát je problém v tom, že niekedy bezdôvodne vyskočí využitie procesora na maximum a PC začne pípať, asi nejaký výstražný signál na procesore alebo čo. Vopred ďakujem.

P.S. toto mi vyskočilo pri RSIT skene.

#2 Příspěvek od **vyosek** » 14 led 2013 10:57

Zdravim

To mate nejaky servis nebo jak to ze ("Mám tu ďalší príprad")

marosSK · #3 Příspěvek od **marosSK** » 14 led 2013 14:15

Nie, len pomáham kamarátom a kamarátkam, ktorí sa tomu nerozumejú a mám podozrenie, že tam niečo je, ako napríklad aj tu. Som študent, o servise môžem len snívať.

#4 Příspěvek od **vyosek** » 14 led 2013 14:44

Udelejte sken DDS http://forum.viry.cz/viewtopic.php?f=30&t=125172

marosSK · #5 Příspěvek od **marosSK** » 22 led 2013 18:00

Nevedel som či len jedno, alebo obe, tak som sem dal radšej obe. Ospravedlňujem sa za opozdenie, ale škola a iné povinnosti mi nedovoľujú sa k tomu moc vraciať.

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by admin at 17:56:39 on 2013-01-22
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.1024.478 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Users\admin\Desktop\firemin\firemin\Firemin.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uURLSearchHooks: {51a86bb3-6602-4c85-92a5-130ee4864f13} - <orphaned>
uURLSearchHooks: {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [CnxDslTaskBar] "c:\program files\microcom\adsl deskporte usb\cnxdsltb.exe" "microcom\ADSL DeskPorte USB"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\firemi~1.lnk - c:\users\admin\desktop\firemin\firemin\Firemin.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\admin\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1297434687016
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 195.146.132.58 195.146.128.62
TCP: Interfaces\{D5B9CBE9-AEE7-4FCE-854E-DBC9581EDD75} : DHCPNameServer = 195.146.132.58 195.146.128.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{cd8812d4-e5b8-41c6-94d4-59872a484bf1}\components\dtTransparency.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\videodownloadconverter_4zei\installr\1.bin\NP4zEISb.dll
FF - plugin: c:\users\admin\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IBUpdaterService;Updater Service;c:\programdata\ibupdaterservice\ibsvc.exe [2012-10-28 600096]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-11 47640]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-24 2754984]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-18 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-3-26 542040]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2011-2-11 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2011-2-11 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [2011-2-11 60416]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-15 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-11 1343400]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-01-22 16:00:41 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1ce981dd-42f2-4b44-8c4c-b184775b8000}\mpengine.dll
2013-01-19 19:56:20 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-14 13:51:56 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dfc2e7da-7eef-4321-8c59-2a39304cedb0}\gapaengine.dll
2013-01-13 18:49:56 -------- d-----w- c:\program files\GeoGebra
2013-01-13 16:49:08 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-13 16:49:07 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-13 16:47:23 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-13 16:47:08 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-01-13 16:47:07 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-01-13 16:47:07 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-01-13 16:47:07 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-13 16:47:07 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-01-13 16:47:07 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-13 16:47:06 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-01-13 16:47:06 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-13 16:47:06 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-01-13 16:47:05 18944 ----a-w- c:\windows\system32\netevent.dll
2013-01-13 16:46:07 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-13 16:41:24 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-13 16:41:24 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-13 16:37:10 -------- d-----w- c:\program files\trend micro
2013-01-13 15:10:00 -------- d-----w- c:\windows\system32\SPReview
2013-01-10 18:13:39 -------- d-----w- c:\windows\system32\EventProviders
2013-01-10 17:55:30 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 17:51:59 91136 ----a-w- c:\windows\system32\dot3api.dll
2013-01-10 17:50:59 856576 ----a-w- c:\windows\system32\FirewallControlPanel.dll
2013-01-10 17:49:59 44544 ----a-w- c:\windows\system32\vmbusres.dll
2013-01-10 17:48:50 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-01-10 17:48:50 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-10 17:48:50 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
2013-01-10 17:48:49 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-01-10 17:48:49 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-01-10 17:48:33 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2013-01-10 17:48:33 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-01-10 17:48:23 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2013-01-10 17:48:23 189952 ----a-w- c:\windows\system32\wdscore.dll
2013-01-10 17:47:30 323072 ----a-w- c:\windows\system32\drvstore.dll
2013-01-10 17:47:30 257024 ----a-w- c:\windows\system32\dpx.dll
2013-01-10 17:42:59 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-10 16:52:03 -------- d-----w- c:\program files\CCleaner
2013-01-10 16:23:10 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2013-01-10 16:23:10 21312 ----a-w- c:\windows\system32\authuitu.dll
2013-01-10 16:20:30 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-10 16:20:02 -------- d-----w- c:\users\admin\appdata\roaming\TuneUp Software
2013-01-10 16:19:41 -------- d-----w- c:\program files\TuneUp Utilities 2011
2013-01-10 16:18:50 -------- d-----w- c:\programdata\TuneUp Software
2013-01-10 16:18:37 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2013-01-10 16:03:30 -------- d-----w- c:\program files\Lavalys
2013-01-05 18:53:33 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-05 18:53:33 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-05 18:52:41 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-26 18:39:27 -------- d-----w- c:\users\admin\appdata\roaming\AVI ReComp
2012-12-26 18:35:28 -------- d-----w- c:\program files\AVI ReComp
.
==================== Find3M ====================
.
2013-01-13 15:23:24 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:43:04 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-03 16:06:55 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-03 16:06:54 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-03 16:06:53 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-03 16:06:53 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll
.
============= FINISH: 17:58:12,82 ===============

Attach

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by admin at 17:56:39 on 2013-01-22
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.1024.478 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Users\admin\Desktop\firemin\firemin\Firemin.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uURLSearchHooks: {51a86bb3-6602-4c85-92a5-130ee4864f13} - <orphaned>
uURLSearchHooks: {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [CnxDslTaskBar] "c:\program files\microcom\adsl deskporte usb\cnxdsltb.exe" "microcom\ADSL DeskPorte USB"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\firemi~1.lnk - c:\users\admin\desktop\firemin\firemin\Firemin.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\admin\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1297434687016
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 195.146.132.58 195.146.128.62
TCP: Interfaces\{D5B9CBE9-AEE7-4FCE-854E-DBC9581EDD75} : DHCPNameServer = 195.146.132.58 195.146.128.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{cd8812d4-e5b8-41c6-94d4-59872a484bf1}\components\dtTransparency.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\videodownloadconverter_4zei\installr\1.bin\NP4zEISb.dll
FF - plugin: c:\users\admin\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IBUpdaterService;Updater Service;c:\programdata\ibupdaterservice\ibsvc.exe [2012-10-28 600096]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-11 47640]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-24 2754984]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-18 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-3-26 542040]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2011-2-11 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2011-2-11 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [2011-2-11 60416]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-15 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-11 1343400]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-01-22 16:00:41 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1ce981dd-42f2-4b44-8c4c-b184775b8000}\mpengine.dll
2013-01-19 19:56:20 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-14 13:51:56 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dfc2e7da-7eef-4321-8c59-2a39304cedb0}\gapaengine.dll
2013-01-13 18:49:56 -------- d-----w- c:\program files\GeoGebra
2013-01-13 16:49:08 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-13 16:49:07 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-13 16:47:23 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-13 16:47:08 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-01-13 16:47:07 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-01-13 16:47:07 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-01-13 16:47:07 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-13 16:47:07 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-01-13 16:47:07 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-13 16:47:06 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-01-13 16:47:06 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-13 16:47:06 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-01-13 16:47:05 18944 ----a-w- c:\windows\system32\netevent.dll
2013-01-13 16:46:07 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-13 16:41:24 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-13 16:41:24 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-13 16:37:10 -------- d-----w- c:\program files\trend micro
2013-01-13 15:10:00 -------- d-----w- c:\windows\system32\SPReview
2013-01-10 18:13:39 -------- d-----w- c:\windows\system32\EventProviders
2013-01-10 17:55:30 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 17:51:59 91136 ----a-w- c:\windows\system32\dot3api.dll
2013-01-10 17:50:59 856576 ----a-w- c:\windows\system32\FirewallControlPanel.dll
2013-01-10 17:49:59 44544 ----a-w- c:\windows\system32\vmbusres.dll
2013-01-10 17:48:50 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-01-10 17:48:50 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-10 17:48:50 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
2013-01-10 17:48:49 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-01-10 17:48:49 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-01-10 17:48:33 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2013-01-10 17:48:33 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-01-10 17:48:23 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2013-01-10 17:48:23 189952 ----a-w- c:\windows\system32\wdscore.dll
2013-01-10 17:47:30 323072 ----a-w- c:\windows\system32\drvstore.dll
2013-01-10 17:47:30 257024 ----a-w- c:\windows\system32\dpx.dll
2013-01-10 17:42:59 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-10 16:52:03 -------- d-----w- c:\program files\CCleaner
2013-01-10 16:23:10 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2013-01-10 16:23:10 21312 ----a-w- c:\windows\system32\authuitu.dll
2013-01-10 16:20:30 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-10 16:20:02 -------- d-----w- c:\users\admin\appdata\roaming\TuneUp Software
2013-01-10 16:19:41 -------- d-----w- c:\program files\TuneUp Utilities 2011
2013-01-10 16:18:50 -------- d-----w- c:\programdata\TuneUp Software
2013-01-10 16:18:37 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2013-01-10 16:03:30 -------- d-----w- c:\program files\Lavalys
2013-01-05 18:53:33 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-05 18:53:33 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-05 18:52:41 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-26 18:39:27 -------- d-----w- c:\users\admin\appdata\roaming\AVI ReComp
2012-12-26 18:35:28 -------- d-----w- c:\program files\AVI ReComp
.
==================== Find3M ====================
.
2013-01-13 15:23:24 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:43:04 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-03 16:06:55 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-03 16:06:54 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-03 16:06:53 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-03 16:06:53 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll
.
============= FINISH: 17:58:12,82 ===============

#6 Příspěvek od **vyosek** » 22 led 2013 20:10

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

marosSK · #7 Příspěvek od **marosSK** » 26 led 2013 18:34

Nech sa páči.

ComboFix 13-01-26.02 - admin . 01. 2013 18:20:44.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.1024.469 [GMT 1:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 )))))))))))))))))))))))))))))))
.
.
2013-01-26 17:28 . 2013-01-26 17:28 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-01-26 17:28 . 2013-01-26 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-26 11:22 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC999CEF-F4B6-45A8-986D-7CE3C96F9CF1}\mpengine.dll
2013-01-24 18:41 . 2013-01-24 18:41 -------- d-----w- c:\programdata\Nikon
2013-01-24 18:22 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-23 14:22 . 2013-01-23 14:22 -------- d-----w- c:\users\admin\AppData\Roaming\Nikon
2013-01-23 14:22 . 2013-01-23 14:22 -------- d-----w- c:\users\admin\AppData\Local\Nikon
2013-01-23 14:21 . 2013-01-23 14:21 -------- d-----w- c:\users\admin\AppData\Roaming\ArcSoft
2013-01-23 14:15 . 2013-01-23 14:15 -------- d-----w- c:\programdata\Carbon
2013-01-23 14:15 . 2013-01-23 14:16 -------- d-----w- c:\program files\Common Files\Nikon
2013-01-23 14:15 . 2013-01-23 14:17 -------- d-----w- c:\program files\Nikon
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Clips
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Bubble Noise
2013-01-23 14:14 . 2013-01-23 14:17 -------- d-----w- c:\users\admin\AppData\Local\Downloaded Installations
2013-01-23 14:14 . 2013-01-23 14:15 -------- d-----w- c:\programdata\Ultima_T15
2013-01-23 14:14 . 2013-01-23 14:15 -------- d-----w- c:\programdata\EnterNHelp
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Guides
2013-01-14 13:51 . 2013-01-14 13:49 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFC2E7DA-7EEF-4321-8C59-2A39304CEDB0}\gapaengine.dll
2013-01-13 18:49 . 2013-01-13 18:49 -------- d-----w- c:\program files\GeoGebra
2013-01-13 16:49 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-13 16:49 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-13 16:47 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-13 16:47 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-01-13 16:47 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-13 16:47 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-01-13 16:47 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-01-13 16:47 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-01-13 16:47 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-13 16:47 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-01-13 16:47 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-01-13 16:47 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-13 16:47 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2013-01-13 16:46 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-13 16:41 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-13 16:41 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-13 16:37 . 2013-01-13 16:38 -------- d-----w- c:\program files\trend micro
2013-01-13 16:37 . 2013-01-13 16:37 -------- d-----w- C:\rsit
2013-01-13 15:10 . 2013-01-13 15:10 -------- d-----w- c:\windows\system32\SPReview
2013-01-10 18:13 . 2013-01-10 18:13 -------- d-----w- c:\windows\system32\EventProviders
2013-01-10 17:55 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 17:51 . 2010-11-20 12:21 517120 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2013-01-10 17:50 . 2010-11-20 12:30 28032 ----a-w- c:\windows\system32\drivers\storvsc.sys
2013-01-10 17:49 . 2010-11-20 12:20 40960 ----a-w- c:\windows\system32\odbcconf.dll
2013-01-10 17:48 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-01-10 17:48 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-01-10 17:48 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-01-10 17:48 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-01-10 17:48 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2013-01-10 17:48 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2013-01-10 17:47 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2013-01-10 17:47 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2013-01-10 17:42 . 2012-12-07 10:46 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-10 16:52 . 2013-01-10 16:52 -------- d-----w- c:\program files\CCleaner
2013-01-10 16:23 . 2011-12-08 16:31 21312 ----a-w- c:\windows\system32\authuitu.dll
2013-01-10 16:23 . 2011-12-08 16:31 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2013-01-10 16:20 . 2011-12-08 16:38 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-10 16:20 . 2013-01-10 16:20 -------- d-----w- c:\users\admin\AppData\Roaming\TuneUp Software
2013-01-10 16:19 . 2013-01-10 16:22 -------- d-----w- c:\program files\TuneUp Utilities 2011
2013-01-10 16:18 . 2013-01-10 16:20 -------- d-----w- c:\programdata\TuneUp Software
2013-01-10 16:18 . 2013-01-10 16:18 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2013-01-10 16:03 . 2013-01-10 16:03 -------- d-----w- c:\program files\Lavalys
2013-01-05 18:53 . 2013-01-05 18:53 -------- d-----w- c:\program files\Common Files\Java
2013-01-05 18:53 . 2013-01-05 18:52 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-05 18:53 . 2013-01-05 18:52 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-05 18:52 . 2013-01-05 18:52 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-05 18:51 . 2013-01-05 18:51 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-23 14:14 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2013-01-13 15:23 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-12-16 14:13 . 2012-12-22 09:59 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 09:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-14 02:09 . 2012-12-12 19:55 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 19:54 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 19:55 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 19:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 19:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 19:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 18:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-03 16:06 . 2011-02-11 17:45 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-03 16:06 . 2011-02-11 17:45 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-11-03 16:06 . 2011-02-11 17:45 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-03 16:06 . 2011-02-11 17:45 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-02 05:11 . 2012-12-12 18:18 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-18 21:48 . 2013-01-18 21:46 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-10 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Firemin - odkaz.lnk - c:\users\admin\Desktop\firemin\firemin\Firemin.exe [2013-1-13 590599]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-13 13:49 138096 ----atw- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-09-17 14:40 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-01-10 15:59 969104 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [x]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [x]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-26 11:31 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000Core.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 13:49]
.
2013-01-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000UA.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 13:49]
.
2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 15:45]
.
2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 15:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 195.146.132.58 195.146.128.62
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3uf9ywg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
URLSearchHooks-{cd8812d4-e5b8-41c6-94d4-59872a484bf1} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-26 18:30:41
ComboFix-quarantined-files.txt 2013-01-26 17:30
.
Pre-Run: 28 108 357 632 bytes free
Post-Run: 28 020 252 672 bytes free
.
- - End Of File - - DC3BD8B9EB9E5611CB86ED8A80519248

#8 Příspěvek od **vyosek** » 26 led 2013 23:17

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Firefox::
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3uf9ywg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3072253
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3072253
uURLSearchHooks: {51a86bb3-6602-4c85-92a5-130ee4864f13} - <orphaned>
uURLSearchHooks: {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

marosSK · #9 Příspěvek od **marosSK** » 02 úno 2013 19:52

Nech sa páči.

ComboFix 13-02-02.05 - admin . 02. 2013 19:36:00.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.1024.330 [GMT 1:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
Command switches used :: c:\users\admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-02 18:44 . 2013-02-02 18:44 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-02-02 18:44 . 2013-02-02 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-02 18:44 . 2013-02-02 18:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-02 18:32 . 2013-02-02 18:32 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB1788D8-9DB5-48A3-A6F8-4250A5A607B5}\MpKsl8449b62d.sys
2013-01-31 13:04 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB1788D8-9DB5-48A3-A6F8-4250A5A607B5}\mpengine.dll
2013-01-29 16:16 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-24 18:41 . 2013-01-24 18:41 -------- d-----w- c:\programdata\Nikon
2013-01-23 14:22 . 2013-01-23 14:22 -------- d-----w- c:\users\admin\AppData\Roaming\Nikon
2013-01-23 14:22 . 2013-01-23 14:22 -------- d-----w- c:\users\admin\AppData\Local\Nikon
2013-01-23 14:21 . 2013-01-23 14:21 -------- d-----w- c:\users\admin\AppData\Roaming\ArcSoft
2013-01-23 14:15 . 2013-01-23 14:15 -------- d-----w- c:\programdata\Carbon
2013-01-23 14:15 . 2013-01-23 14:16 -------- d-----w- c:\program files\Common Files\Nikon
2013-01-23 14:15 . 2013-01-23 14:17 -------- d-----w- c:\program files\Nikon
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Clips
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Bubble Noise
2013-01-23 14:14 . 2013-01-23 14:17 -------- d-----w- c:\users\admin\AppData\Local\Downloaded Installations
2013-01-23 14:14 . 2013-01-23 14:15 -------- d-----w- c:\programdata\Ultima_T15
2013-01-23 14:14 . 2013-01-23 14:15 -------- d-----w- c:\programdata\EnterNHelp
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Guides
2013-01-14 13:51 . 2013-01-14 13:49 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFC2E7DA-7EEF-4321-8C59-2A39304CEDB0}\gapaengine.dll
2013-01-13 18:49 . 2013-01-13 18:49 -------- d-----w- c:\program files\GeoGebra
2013-01-13 16:49 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-13 16:49 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-13 16:47 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-13 16:47 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-01-13 16:47 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-13 16:47 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-01-13 16:47 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-01-13 16:47 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-01-13 16:47 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-13 16:47 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-01-13 16:47 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-01-13 16:47 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-13 16:47 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2013-01-13 16:46 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-13 16:41 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-13 16:41 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-13 16:37 . 2013-01-13 16:38 -------- d-----w- c:\program files\trend micro
2013-01-13 16:37 . 2013-01-13 16:37 -------- d-----w- C:\rsit
2013-01-13 15:10 . 2013-01-13 15:10 -------- d-----w- c:\windows\system32\SPReview
2013-01-10 18:13 . 2013-01-10 18:13 -------- d-----w- c:\windows\system32\EventProviders
2013-01-10 17:55 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 17:51 . 2010-11-20 12:21 517120 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2013-01-10 17:50 . 2010-11-20 12:30 28032 ----a-w- c:\windows\system32\drivers\storvsc.sys
2013-01-10 17:49 . 2010-11-20 12:20 40960 ----a-w- c:\windows\system32\odbcconf.dll
2013-01-10 17:48 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-01-10 17:48 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-01-10 17:48 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-01-10 17:48 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-01-10 17:48 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2013-01-10 17:48 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2013-01-10 17:47 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2013-01-10 17:47 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2013-01-10 17:42 . 2012-12-07 10:46 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-10 16:52 . 2013-01-10 16:52 -------- d-----w- c:\program files\CCleaner
2013-01-10 16:23 . 2011-12-08 16:31 21312 ----a-w- c:\windows\system32\authuitu.dll
2013-01-10 16:23 . 2011-12-08 16:31 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2013-01-10 16:20 . 2011-12-08 16:38 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-10 16:20 . 2013-01-10 16:20 -------- d-----w- c:\users\admin\AppData\Roaming\TuneUp Software
2013-01-10 16:19 . 2013-01-10 16:22 -------- d-----w- c:\program files\TuneUp Utilities 2011
2013-01-10 16:18 . 2013-01-10 16:20 -------- d-----w- c:\programdata\TuneUp Software
2013-01-10 16:18 . 2013-01-10 16:18 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2013-01-10 16:03 . 2013-01-10 16:03 -------- d-----w- c:\program files\Lavalys
2013-01-05 18:53 . 2013-01-05 18:53 -------- d-----w- c:\program files\Common Files\Java
2013-01-05 18:53 . 2013-01-05 18:52 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-05 18:53 . 2013-01-05 18:52 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-05 18:52 . 2013-01-05 18:52 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-05 18:51 . 2013-01-05 18:51 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2011-02-11 14:26 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-23 14:14 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2013-01-13 15:23 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-12-16 14:13 . 2012-12-22 09:59 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 09:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-14 02:09 . 2012-12-12 19:55 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 19:54 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 19:55 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 19:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 19:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 19:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 18:17 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-18 21:48 . 2013-01-18 21:46 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Firemin - odkaz.lnk - c:\users\admin\Desktop\firemin\firemin\Firemin.exe [2013-1-13 590599]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [x]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [x]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S1 MpKsl8449b62d;MpKsl8449b62d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB1788D8-9DB5-48A3-A6F8-4250A5A607B5}\MpKsl8449b62d.sys [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 18:31 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000Core.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 13:49]
.
2013-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000UA.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 13:49]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 15:45]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 15:45]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 195.146.132.58 195.146.128.62
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3uf9ywg.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(372)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
c:\program files\LogMeIn\x86\LogMeInSystray.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-02-02 19:51:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-02 18:51
ComboFix2.txt 2013-01-26 17:30
.
Pre-Run: 28 402 339 840 bytes free
Post-Run: 28 247 470 080 bytes free
.
- - End Of File - - BD825BB6A51C42BA786943268760B73F

#10 Příspěvek od **vyosek** » 02 úno 2013 20:12

OK, jak se chova PC

marosSK · #11 Příspěvek od **marosSK** » 04 úno 2013 12:24

Ďakujem pekne.

PC je na tom lepšie, no sem-tam sa stane, že padne Firefox, ale to fakt len občas.

#12 Příspěvek od **vyosek** » 04 úno 2013 15:57

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Zkuste FF preinstalovat

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

RSIT - preventívne

RSIT - preventívne

Re: RSIT - preventívne

Re: RSIT - preventívne

Re: RSIT - preventívne

Re: RSIT - preventívne

Re: RSIT - preventívne

Re: RSIT - preventívne

Re: RSIT - preventívne

Re: RSIT - preventívne

Re: RSIT - preventívne

Re: RSIT - preventívne

Re: RSIT - preventívne