Jak odstranit cm.exe

Zpráva

juramartin · #1 Příspěvek od **juramartin** » 24 črc 2013 09:49

Prosím o radu, jak odstranit cm.exe, log rsit přikládám, děkuji
Logfile of random's system information tool 1.09 (written by random/random)
Run by Uzivatel at 2013-07-24 10:35:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 48 GB (63%) free of 76 GB
Total RAM: 1275 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:59, on 24.7.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Seznam.cz\postak.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PicPick\picpick.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\mutualpublic\Monitor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\mutualpublic\cm.exe
C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Uzivatel\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Uzivatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?babsrc=HP_ ... 5&tsp=4926
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PicPick Start] C:\Program Files\PicPick\picpick.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Mutual Monitor - Unknown owner - C:\Program Files\mutualpublic\Monitor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7271 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EPUpdater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-790525478-682003330-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-790525478-682003330-1004UA.job
C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-789336058-790525478-682003330-1004.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\hdfdr715.default

prefs.js - "browser.search.useDBForOrder" - true

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{FCE04E1F-9378-4f39-96F6-5689A9159E45}"=C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2]
"Description"=RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2]
"Description"=RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2]
"Description"=RealNetworks(tm) RealDownloader Peppe rFlash Video Shim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@realnetworks.com/npdlplugin;version=1]
"Description"=RealDownloader Plugin
"Path"=C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\components\
nppl3260.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprpplugin.dll
np_IEGetPlugin.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
MyHeritage.xml

C:\Documents and Settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\hdfdr715.default\extensions\
en-GB@dictionaries.addons.mozilla.org
{20a82645-c095-46ed-80e3-08825760534b}
{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Documents and Settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\hdfdr715.default\searchplugins\
askcom.xml
askcomsearch.xml
babylon.xml
delta.xml
inbox-hledat.xml
inbox-hledn.xml
MyStart Search.xml
mywebsearch.xml
tuvaro.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16 540328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-27 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll [2013-04-02 1467528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-27 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2009-11-02 1085080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll [2013-04-02 1467528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Google Update"=C:\Documents and Settings\Uzivatel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2009-11-02 448664]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PicPick Start"=C:\Program Files\PicPick\picpick.exe [2013-06-19 11480920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Opera 10\opera.exe"="C:\Program Files\Opera 10\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\IncrediMail\Bin\IncMail.exe"="C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImApp.exe"="C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe"="C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Documents and Settings\Uzivatel\Dokumenty\Downloads\incredimail_install.exe"="C:\Documents and Settings\Uzivatel\Dokumenty\Downloads\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Counter-Strike 1.6\csko.exe"="C:\Counter-Strike 1.6\csko.exe:*:Disabled:Half-Life Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Counter-Strike 1.6\hl.exe"="C:\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2013-07-24 10:35:51 ----D---- C:\Program Files\trend micro
2013-07-24 10:35:50 ----D---- C:\rsit
2013-07-23 13:40:08 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-07-22 16:02:02 ----D---- C:\WINDOWS\pss
2013-07-22 15:37:12 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2013-07-17 20:00:30 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-17 09:02:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2013-07-13 18:10:45 ----D---- C:\41969e36e0332a99116b
2013-07-13 17:37:28 ----D---- C:\3ca6dcb41efcdfc7dfc1c56096
2013-07-13 17:20:27 ----D---- C:\6abd8b58972c476e31c029
2013-07-11 18:26:44 ----D---- C:\c46d02f6e552b833b2f09bcd99
2013-06-27 18:00:23 ----A---- C:\WINDOWS\system32\javaws.exe
2013-06-27 18:00:18 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-06-27 18:00:18 ----A---- C:\WINDOWS\system32\javaw.exe
2013-06-27 18:00:18 ----A---- C:\WINDOWS\system32\java.exe
2013-06-27 16:38:50 ----D---- C:\Program Files\mutualpublic

======List of files/folders modified in the last 1 month======

2013-07-24 10:35:58 ----D---- C:\WINDOWS\Prefetch
2013-07-24 10:35:51 ----D---- C:\Program Files
2013-07-24 09:30:22 ----D---- C:\WINDOWS\Temp
2013-07-23 16:54:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-07-23 16:03:04 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-07-23 14:17:59 ----D---- C:\Program Files\Family Toolbar
2013-07-23 13:40:05 ----D---- C:\Program Files\Mozilla Firefox
2013-07-22 16:02:02 ----D---- C:\WINDOWS
2013-07-22 16:01:30 ----SHD---- C:\WINDOWS\Installer
2013-07-22 16:00:44 ----HD---- C:\Config.Msi
2013-07-22 16:00:37 ----SD---- C:\WINDOWS\Tasks
2013-07-22 15:37:12 ----D---- C:\WINDOWS\system32\drivers
2013-07-22 11:07:00 ----D---- C:\WINDOWS\system32\CatRoot2
2013-07-19 22:09:07 ----D---- C:\UCTO2013
2013-07-19 08:44:34 ----D---- C:\Documents and Settings\Uzivatel\Data aplikací\Skype
2013-07-17 20:00:30 ----D---- C:\WINDOWS\system32
2013-07-17 09:23:29 ----D---- C:\WINDOWS\Microsoft.NET
2013-07-17 09:23:24 ----RSD---- C:\WINDOWS\assembly
2013-07-17 09:06:29 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-17 08:50:20 ----HD---- C:\WINDOWS\inf
2013-07-16 14:32:53 ----D---- C:\WINDOWS\WinSxS
2013-07-16 14:31:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-07-16 14:28:37 ----D---- C:\Program Files\Zrychleni Pocitace
2013-07-13 18:09:47 ----D---- C:\WINDOWS\SoftwareDistribution
2013-07-13 18:09:36 ----D---- C:\WINDOWS\Debug
2013-07-11 20:52:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-07-11 18:29:22 ----D---- C:\Program Files\Microsoft Silverlight
2013-07-11 18:22:19 ----AC---- C:\WINDOWS\system32\MRT.exe
2013-07-11 18:20:29 ----D---- C:\Program Files\Internet Explorer
2013-07-11 18:11:51 ----D---- C:\WINDOWS\system32\XPSViewer
2013-07-07 18:31:38 ----RD---- C:\Program Files\Skype
2013-06-27 18:00:03 ----AC---- C:\WINDOWS\system32\deployJava1.dll
2013-06-27 18:00:03 ----A---- C:\WINDOWS\system32\npDeployJava1.dll
2013-06-27 17:59:57 ----D---- C:\Program Files\Java
2013-06-27 16:37:01 ----D---- C:\Program Files\PicPick

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2013-05-18 45200]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-05 830684]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-07-16 70400]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AF15BDA;AF9015 BDA Device; C:\WINDOWS\system32\DRIVERS\AF15BDA.sys [2010-03-11 483200]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 OlyCamComm;OLYMPUS USB Communication Device; C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys [2009-09-10 21648]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-06-27 182184]
R2 Mutual Monitor;Mutual Monitor; C:\Program Files\mutualpublic\Monitor.exe [2013-06-24 913920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-05-26 76888]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-04-16 39056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264]
S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-03 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-23 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-13 135664]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-06-18 117144]
S3 nosGetPlusHelper;getPlus(R) Installer; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Mc_Murphy** » 24 črc 2013 10:04

Zdravím.

Vydrž minutku, na logu se intenzivně pracuje. Obrázek

#3 Příspěvek od **Mc_Murphy** » 24 črc 2013 10:08

Odinstaluj Bing Bar - zdržovadlo.

Následující soubory otestuj na stránkách VirusTotal.

C:\Program Files\mutualpublic\cm.exe
Klikni na [Choose File].
Soubor nehledej, jen vlož cestu souboru, který chci otestovat.
Klikni na [Scan it!].
Pokud na Tebe vyskočí obrazovka podobná té, co je níže, klikni na [Reanalyse]!
Výsledek analýzy mi sem vlož (jako odkaz).

Potom stáhni Malwarebytes Anti-Rootkit - http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulož jej nejlépe na Plochu a rozbal.
Nyní postupně klikni na tlačítko [Next] a [Update].
Po dokončení update (aktualizace) databáze klikni opět na [Next].
Nech zaškrtnuté všechny tři možnosti a klini na [Scan], čímž spustíš prohledávání PC.
Po dokončení scanu (cca 5 minut) zkontroluj, zda-li je u všech případných nálezů (pokud budou) zatržítko.
Také zkontroluj, zda-li je zatržítko u Create Restore Point.
Nyní klikni na [CleanUp], čímž nalezenou infekci odstraníš.
PC bude restartováno.
Složka mbar by měla obsahovat log (ten se zřejmě i sám otevře) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dej.

juramartin · #4 Příspěvek od **juramartin** » 24 črc 2013 10:47

Provedeno..., log

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.24.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Uzivatel :: DOMA-6D41E0EB57 [administrator]

24.7.2013 11:35:19
mbar-log-2013-07-24 (11-35-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 209269
Time elapsed: 9 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Replace on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Replace on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

#5 Příspěvek od **Mc_Murphy** » 24 črc 2013 11:01

A co ten Virustotal?!

juramartin · #6 Příspěvek od **juramartin** » 24 črc 2013 11:29

virus total na cm.exe

File already analysed

This file was already analysed by VirusTotal on 2013-07-22 05:15:02 .

Detection ratio: 8/47

You can take a look at the last analysis or analyse it again now.

juramartin · #7 Příspěvek od **juramartin** » 24 črc 2013 11:32

SHA256: 9cec6b2818b0ccd941dd17c4ba6d7cf88eb41b52475c6a6593aecc2b764ddc78
File name: cm.exe
Detection ratio: 8 / 47
Analysis date: 2013-07-24 10:31:12 UTC ( 0 minut ago )
0
1
More details

Analysis
File detail
Additional information
Comments
Votes

Antivirus Result Update
Agnitum 20130723
AhnLab-V3 20130723
AntiVir 20130724
Antiy-AVL 20130724
Avast 20130724
AVG 20130724
BitDefender 20130724
ByteHero 20130613
CAT-QuickHeal 20130724
ClamAV 20130724
Commtouch 20130724
Comodo 20130724
DrWeb 20130724
Emsisoft 20130724
eSafe 20130722
ESET-NOD32 a variant of Win32/BitCoinMiner.P 20130724
F-Prot 20130724
F-Secure 20130724
Fortinet 20130724
GData 20130724
Ikarus 20130724
Jiangmin 20130724
K7AntiVirus 20130723
K7GW 20130723
Kaspersky 20130724
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130723
Malwarebytes PUP.BitCoinMiner 20130724
McAfee Artemis!EE5FE59E653E 20130724
McAfee-GW-Edition Artemis!EE5FE59E653E 20130724
Microsoft 20130724
MicroWorld-eScan 20130724
NANO-Antivirus 20130724
Norman 20130724
nProtect 20130724
Panda 20130724
PCTools 20130724
Rising 20130724
Sophos Bitcoin Miner 20130724
SUPERAntiSpyware 20130724
Symantec 20130724
TheHacker 20130723
TotalDefense 20130724
TrendMicro HKTL_BITMINE.SML 20130724
TrendMicro-HouseCall TROJ_GEN.F47V0708 20130724
VBA32 20130724
VIPRE 20130724
ViRobot 20130724

juramartin · #8 Příspěvek od **juramartin** » 24 črc 2013 11:40

Někde se ztratil ten postup na MBAM, je možné to zopakovat? Díky

juramartin · #9 Příspěvek od **juramartin** » 24 črc 2013 12:19

Dohledal jsem si MBAM, zde je log

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.07.24.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Uzivatel :: DOMA-6D41E0EB57 [administrátor]

Ochrana: Povolena

24.7.2013 13:10:47
MBAM-log-2013-07-24 (13-17-38).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 206837
Uplynulý čas: 6 minut, 22 sekund

Nalezené procesy v paměti: 1
C:\Program Files\mutualpublic\cm.exe (PUP.BitCoinMiner) -> 2280 -> Nebyla provedena žádná instrukce.

Nalezené moduly v paměti: 3
C:\Program Files\mutualpublic\miner.dll (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Program Files\mutualpublic\usft_ext.dll (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Program Files\mutualpublic\coinutil.dll (PUP.BitcoinMiner) -> Nebyla provedena žádná instrukce.

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\Program Files\mutualpublic\cm.exe (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Program Files\mutualpublic\miner.dll (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Program Files\mutualpublic\usft_ext.dll (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Program Files\mutualpublic\coinutil.dll (PUP.BitcoinMiner) -> Nebyla provedena žádná instrukce.

(konec)

#10 Příspěvek od **Mc_Murphy** » 24 črc 2013 12:25

Neztratil, já jsem ho umáznul, protože jsem si až potom uvědomil, že jsi neudělal ten VirusTotal. Mimochodem, z toho VT jsem chtěl odkaz, ne nakopírovat sem jen text. Dělej, co Ti píšu a všechno, nebo se Ti na to vybodnu.

MBAM udělej znova a zvol Úplnou kontrolu, tak to bylo v návodu...

Stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.

Proveď aktualizaci virové databáze.
V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
Předem nic nemaž!!
MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!

juramartin · #11 Příspěvek od **juramartin** » 24 črc 2013 13:25

Omlouvám se za nedůslednost, odkaz VT:
https://www.virustotal.com/cs/file/9cec ... 374666231/

Log MBAM:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.07.24.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Uzivatel :: DOMA-6D41E0EB57 [administrátor]

Ochrana: Povolena

24.7.2013 13:41:22
MBAM-log-2013-07-24 (14-24-19).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 279200
Uplynulý čas: 40 minut, 46 sekund

Nalezené procesy v paměti: 1
C:\Program Files\mutualpublic\cm.exe (PUP.BitCoinMiner) -> 2208 -> Nebyla provedena žádná instrukce.

Nalezené moduly v paměti: 3
C:\Program Files\mutualpublic\miner.dll (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Program Files\mutualpublic\usft_ext.dll (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Program Files\mutualpublic\coinutil.dll (PUP.BitcoinMiner) -> Nebyla provedena žádná instrukce.

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 6
C:\Program Files\mutualpublic\cm.exe (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Program Files\mutualpublic\miner.dll (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Program Files\mutualpublic\usft_ext.dll (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Program Files\mutualpublic\coinutil.dll (PUP.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Program Files\Image Constructor 2.0\ImageConstructor.exe (Trojan.Downloader) -> Nebyla provedena žádná instrukce.
C:\RECYCLER\S-1-5-21-789336058-790525478-682003330-1004\Dc1\cm.exe (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.

(konec)

#12 Příspěvek od **Mc_Murphy** » 25 črc 2013 09:25

Super, to je lepší.

Všechny nálezy MBAMu dej v klidu smazat, patří k viru Bitcoin Miner, včetně problémového cm.exe.
Až to smažeš, hoď si pro jistotu ještě jednu rychlou kontrolu, abys měl jistotu. Bude-li log čistý, MBAM potom zase hned odinstaluj, už jej nebudeme potřebovat.

Až jej odinstaluješ, stáhni Junkware Removal Tool - http://thisisudax.org/downloads/JRT.exe

Ulož jej nejlépe na Plochu.
Po spuštění se zobrazí licenční podmínky, stiskni libovolnou klávesu.
Proběhne vytvoření zálohy a následně prohledávání.
Proběhne scanováni a pak se objeví log, který bude případně uložen v C:\JRT jako JRT.txt, ten mi sem vlož.

juramartin · #13 Příspěvek od **juramartin** » 26 črc 2013 08:06

Včera jsem se nedostal k PC, můžeme pokračovat? Zde je log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.3 (07.25.2013:1)
OS: Microsoft Windows XP x86
Ran by Uzivatel on p 26.07.2013 at 8:54:53,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-789336058-790525478-682003330-1004\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{bdb69379-802f-4eaf-b541-f8de92dd98db}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{cc99a798-fd3d-4ab4-969e-6071612524f9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta ltd
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{00a6faf1-072e-44cf-8957-5838f569a31d}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{07b18ea1-a523-4961-b6bb-170de4475cca}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\settings\{07b18ea9-a523-4961-b6bb-170de4475cca}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{1cb20bf0-bbae-40a7-93f4-6435ff3d0411}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{4b3803ea-5230-4dc3-a7fc-33638f3d3542}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{8736c681-37a0-40c6-a0f0-4c083409151c}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{c1af5fa5-852c-4c90-812e-a7f75e011d87}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{cc99a798-fd3d-4ab4-969e-6071612524f9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{07b18eab-a523-4961-b6bb-170de4475cca}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{25560540-9571-4d7b-9389-0f166788785a}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{3e720452-b472-4954-b7aa-33069eb53906}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{9ff05104-b030-46fc-94b8-81276e4e27df}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\windows\currentversion\ext\preapproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6621CD77-8EA6-4A96-B020-1145B09939FE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D81E9E0A-60A3-4E0D-8967-80A44AC6949E}

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Uzivatel\Data aplikacˇ\babsolution"
Successfully deleted: [Folder] "C:\Documents and Settings\Uzivatel\Data aplikacˇ\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Uzivatel\Data aplikacˇ\funwebproducts"
Successfully deleted: [Folder] "C:\Documents and Settings\Uzivatel\Data aplikacˇ\systweak"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml"
Successfully deleted: [File] C:\Documents and Settings\Uzivatel\Data aplikacˇ\mozilla\firefox\profiles\hdfdr715.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Uzivatel\Data aplikacˇ\mozilla\firefox\profiles\hdfdr715.default\invalidprefs.js
Successfully deleted: [File] C:\Documents and Settings\Uzivatel\Data aplikacˇ\mozilla\firefox\profiles\hdfdr715.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Documents and Settings\Uzivatel\Data aplikacˇ\mozilla\firefox\profiles\hdfdr715.default\searchplugins\askcomsearch.xml
Successfully deleted: [File] C:\Documents and Settings\Uzivatel\Data aplikacˇ\mozilla\firefox\profiles\hdfdr715.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Documents and Settings\Uzivatel\Data aplikacˇ\mozilla\firefox\profiles\hdfdr715.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Documents and Settings\Uzivatel\Data aplikacˇ\mozilla\firefox\profiles\hdfdr715.default\searchplugins\mystart search.xml
Successfully deleted: [File] C:\Documents and Settings\Uzivatel\Data aplikacˇ\mozilla\firefox\profiles\hdfdr715.default\searchplugins\mywebsearch.xml
Successfully deleted the following from C:\Documents and Settings\Uzivatel\Data aplikacˇ\mozilla\firefox\profiles\hdfdr715.default\prefs.js

user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.bbDpng", "23");
user_pref("extensions.delta.cntry", "CZ");
user_pref("extensions.delta.dfltLng", "cs");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.hdrMd5", "8C4BA915F37853F96BD3360F7DDA3961");
user_pref("extensions.delta.id", "44ca3c34000000000000000fea36008c");
user_pref("extensions.delta.instlDay", "15883");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "1.8.21.516:37:51");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "tzb");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.516:37:51");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=120695&tt=250613_gr5&tsp=4926");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.foxcub.config.encodedConfig", "{\"core\":{\"configUrl\":\"hxxp://download.seznam.cz/software/conf/\",\"updateUrl\":\"hxxp://download.seznam.cz/software/c
user_pref("extensions.inboxcomtoolbar@inbox.com.update.url", "hxxp://toolbar.inbox.com/toolbar/firefox/update.aspx?version=%ITEM_VERSION%&status=%ITEM_STATUS%&appVersion=%APP_
user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZSfox000&ptb=HuylBn1E7.1w4k6vKLJTiQ");
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
user_pref("extensions.tuvaro.admin", false);
user_pref("extensions.tuvaro.aflt", "orgnl");
user_pref("extensions.tuvaro.appId", "{2768469C-717B-401F-8532-C6D88BAE0339}");
user_pref("extensions.tuvaro.autoRvrt", "false");
user_pref("extensions.tuvaro.cam", "");
user_pref("extensions.tuvaro.dfltLng", "");
user_pref("extensions.tuvaro.dfltSrch", true);
user_pref("extensions.tuvaro.dnsErr", true);
user_pref("extensions.tuvaro.excTlbr", false);
user_pref("extensions.tuvaro.ffxUnstlRst", false);
user_pref("extensions.tuvaro.hmpg", true);
user_pref("extensions.tuvaro.hmpgUrl", "hxxp://tuvaro.com/ws/?source=e0c8d0ad&tbp=homepage&toolbarid=base&u=44ca3c34000000000000000fea36008c");
user_pref("extensions.tuvaro.hpOld0", "hxxp://mystart.incredimail.com/?a=1ex6RzwO36L");
user_pref("extensions.tuvaro.id", "44ca3c34000000000000000fea36008c");
user_pref("extensions.tuvaro.instlDay", "15846");
user_pref("extensions.tuvaro.instlRef", "e0c8d0ad");
user_pref("extensions.tuvaro.kw_url", "hxxp://tuvaro.com/ws/?source=e0c8d0ad&tbp=url&toolbarid=base&u=44ca3c34000000000000000fea36008c&q=");
user_pref("extensions.tuvaro.newTab", false);
user_pref("extensions.tuvaro.prdct", "tuvaro");
user_pref("extensions.tuvaro.prtnrId", "tuvaro");
user_pref("extensions.tuvaro.rvrt", "false");
user_pref("extensions.tuvaro.smplGrp", "none");
user_pref("extensions.tuvaro.srchPrvdr", "Tuvaro");
user_pref("extensions.tuvaro.tlbrId", "base");
user_pref("extensions.tuvaro.tlbrSrchUrl", "hxxp://tuvaro.com/ws/?source=e0c8d0ad&tbp=main&toolbarid=base&u=44ca3c34000000000000000fea36008c&q=");
user_pref("extensions.tuvaro.vrsn", "1.8.17.1");
user_pref("extensions.tuvaro.vrsnTs", "1.8.17.18:21:19");
user_pref("extensions.tuvaro.vrsni", "1.8.17.1");
Emptied folder: C:\Documents and Settings\Uzivatel\Data aplikacˇ\mozilla\firefox\profiles\hdfdr715.default\minidumps [12 files]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 26.07.2013 at 8:59:14,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#14 Příspěvek od **Mc_Murphy** » 26 črc 2013 10:10

No, veliká spousta bordýlku odstraněna, tak pokračujeme dál.

Stáhni AdwCleaner - http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulož jej nejlépe na Plochu.
Ukonči všechny programy!!
Spusť AdwCleaner.
Klikni na [Delete].
Proběhne scan a pak se objeví log, který bude případně uložen na systémovém disku jako C:\AdwCleaner [S1].txt - jeho obsah mi sem vlož.

juramartin · #15 Příspěvek od **juramartin** » 26 črc 2013 11:27

# AdwCleaner v2.306 - Log vytvooen 26/07/2013 v 12:21:12
# Aktualizováno 19/07/2013 Xplode
# Operaení systém : Microsoft Windows XP Service Pack 3 (32 bits)
# Uživatel : Uzivatel - DOMA-6D41E0EB57
# Spuštin systém : Normální
# Spuštino z : C:\Documents and Settings\Uzivatel\Dokumenty\Stažené soubory\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Documents and Settings\All Users\Data aplikací\Ask
Složka Vymazáno : C:\Documents and Settings\All Users\Data aplikací\Babylon
Soubor Vymazáno : C:\Documents and Settings\Uzivatel\Data aplikací\BabMaint.exe
Soubor Vymazáno : C:\Documents and Settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\hdfdr715.default\bProtector_extensions.rdf
Soubor Vymazáno : C:\WINDOWS\Tasks\EPUpdater.job

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07B18EA9-A523-4961-B6BB-170DE4475CCA}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Windows Media\Wmsdk\Sources [F3PopularScreenSavers]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform [FunWebProducts]
Klíe Vymazáno : HKCU\Software\5f28d88b76fef45
Klíe Vymazáno : HKCU\Software\DataMngr
Klíe Vymazáno : HKCU\Software\Fun Web Products
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F001652-AF51-45C6-B029-86E0265A1851}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F001652-AF51-45C6-B029-86E0265A1851}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
Klíe Vymazáno : HKLM\Software\DataMngr
Klíe Vymazáno : HKLM\Software\FocusInteractive
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon Chrome Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon Chrome Toolbar

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v8.0.6001.18702

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultName] = My Web Search --> hxxp://www.google.com
Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultUrl] = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp? ... earchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (cs)

Soubor : C:\Documents and Settings\Uzivatel\Data aplikací\Mozilla\Firefox\Profiles\hdfdr715.default\prefs.js

[OK] Soubor je eistý.

-\\ Google Chrome v28.0.1500.72

Soubor : C:\Documents and Settings\Uzivatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [11506 octets] - [26/07/2013 11:56:39]
AdwCleaner[S1].txt - [369 octets] - [26/07/2013 12:20:19]
AdwCleaner[S2].txt - [11413 octets] - [26/07/2013 12:21:12]

########## EOF - C:\AdwCleaner[S2].txt - [11474 octets] ##########

VIRY.CZ

Jak odstranit cm.exe

Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe

Re: Jak odstranit cm.exe