Prosim o kontrolu RSIT (notas)

Zpráva

cv-47 · #1 Příspěvek od **cv-47** » 02 bře 2011 15:14

Ahoj, posledni dobou mi bezi trochu pomalu PC

Logfile of random's system information tool 1.08 (written by random/random)
Run by OEM at 2011-03-02 15:13:38
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 2 GB (5%) free of 41 GB
Total RAM: 3070 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:14:17 PM, on 3/2/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\OEM\AppData\Roaming\Yahoo!\YahooAUService.exe
C:\Users\OEM\AppData\Roaming\MSSecurity\wscntfy.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\UniKey\UniKey.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\aTube Catcher\yct.exe
C:\Users\OEM\Desktop\Antiviry\RSIT.exe
C:\Program Files\trend micro\OEM.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zing.vn/zing/?utm_source=hp&utm_medium=boom
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://vn.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Updater] C:\Users\OEM\AppData\Roaming\Yahoo!\YahooAUService.exe
O4 - HKCU\..\Run: [Windows Security Center Notification App] C:\Users\OEM\AppData\Roaming\MSSecurity\wscntfy.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10222 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-836076233-113199199-2145366803-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-836076233-113199199-2145366803-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{E13D2CB0-ED17-47B5-AE74-5F4CC2BB9EAD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-03-02 298160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-03-02 848952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-03-02 298160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-10-26 1458176]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-06-09 7539232]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-08-02 202032]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-01-13 3396624]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-12-14 47904]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-12-13 421160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\OEM\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-14 136176]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-05-14 39408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe [2010-11-04 6174008]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"Yahoo! Updater"=C:\Users\OEM\AppData\Roaming\Yahoo!\YahooAUService.exe [2010-12-06 68608]
"Windows Security Center Notification App"=C:\Users\OEM\AppData\Roaming\MSSecurity\wscntfy.exe [2011-01-14 40960]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2011-02-28 19:55:00 ----D---- C:\Program Files\TeamViewer
2011-02-27 20:02:28 ----D---- C:\Users\OEM\AppData\Roaming\TeamViewer
2011-02-27 14:41:12 ----AD---- C:\ProgramData\TEMP
2011-02-27 14:40:36 ----D---- C:\Users\OEM\AppData\Roaming\AnvSoft
2011-02-27 14:40:09 ----D---- C:\Program Files\AnvSoft
2011-02-15 18:46:08 ----A---- C:\Windows\system32\npptNT2.sys
2011-02-14 17:46:19 ----D---- C:\Users\OEM\AppData\Roaming\.minecraft
2011-02-13 15:34:16 ----D---- C:\Users\OEM\AppData\Roaming\dvdcss
2011-02-11 17:48:37 ----A---- C:\Windows\system32\shsvcs.dll
2011-02-11 15:00:44 ----HD---- C:\Program Files\InstallJammer Registry
2011-02-11 15:00:40 ----D---- C:\Users\OEM\AppData\Roaming\Gmote
2011-02-10 17:10:08 ----A---- C:\Program Files\autoupdate.exe
2011-02-09 13:41:35 ----D---- C:\Users\OEM\AppData\Roaming\Opera
2011-02-09 13:41:27 ----D---- C:\Program Files\Opera
2011-02-09 06:26:07 ----A---- C:\Windows\system32\win32k.sys
2011-02-09 06:26:02 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-02-09 06:26:02 ----A---- C:\Windows\system32\ntdll.dll
2011-02-09 06:26:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-02-09 06:25:52 ----A---- C:\Windows\system32\FntCache.dll
2011-02-09 06:25:52 ----A---- C:\Windows\system32\DWrite.dll
2011-02-09 06:25:52 ----A---- C:\Windows\system32\d3d10warp.dll
2011-02-09 06:25:51 ----A---- C:\Windows\system32\MFH264Dec.dll
2011-02-09 06:25:51 ----A---- C:\Windows\system32\d2d1.dll
2011-02-09 06:25:50 ----A---- C:\Windows\system32\xpsservices.dll
2011-02-09 06:25:50 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-02-09 06:25:50 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-09 06:25:50 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-02-09 06:25:50 ----A---- C:\Windows\system32\MFHEAACdec.dll
2011-02-09 06:25:49 ----A---- C:\Windows\system32\OpcServices.dll
2011-02-09 06:25:49 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-02-09 06:25:49 ----A---- C:\Windows\system32\mfmp4src.dll
2011-02-09 06:25:49 ----A---- C:\Windows\system32\dxgi.dll
2011-02-09 06:25:49 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-02-09 06:25:48 ----A---- C:\Windows\system32\mf.dll
2011-02-09 06:25:48 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-02-09 06:25:48 ----A---- C:\Windows\system32\d3d10_1.dll
2011-02-09 06:25:47 ----A---- C:\Windows\system32\shdocvw.dll
2011-02-09 06:25:47 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2011-02-09 06:25:47 ----A---- C:\Windows\system32\d3d10.dll
2011-02-09 06:25:46 ----A---- C:\Windows\system32\stobject.dll
2011-02-09 06:25:46 ----A---- C:\Windows\system32\mfplat.dll
2011-02-09 06:25:46 ----A---- C:\Windows\system32\d3d10level9.dll
2011-02-09 06:25:46 ----A---- C:\Windows\system32\d3d10core.dll
2011-02-09 06:25:44 ----A---- C:\Windows\system32\mfps.dll
2011-02-09 06:25:44 ----A---- C:\Windows\system32\cdd.dll
2011-02-09 06:25:43 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2011-02-09 06:25:23 ----A---- C:\Windows\system32\mshtml.dll
2011-02-09 06:25:22 ----A---- C:\Windows\system32\ieframe.dll
2011-02-09 06:25:17 ----A---- C:\Windows\system32\wininet.dll
2011-02-09 06:25:17 ----A---- C:\Windows\system32\urlmon.dll
2011-02-09 06:25:17 ----A---- C:\Windows\system32\msfeeds.dll
2011-02-09 06:25:17 ----A---- C:\Windows\system32\iertutil.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\occache.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\mstime.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\mshtmled.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\licmgr10.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\jsproxy.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\ieUnatt.exe
2011-02-09 06:25:16 ----A---- C:\Windows\system32\ieui.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\iesysprep.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\iesetup.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\iernonce.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\iepeers.dll
2011-02-09 06:25:16 ----A---- C:\Windows\system32\iedkcs32.dll
2011-02-09 06:25:12 ----A---- C:\Windows\system32\msfeedssync.exe
2011-02-09 06:25:12 ----A---- C:\Windows\system32\ie4uinit.exe
2011-02-09 06:25:04 ----A---- C:\Windows\system32\shell32.dll
2011-02-09 06:25:03 ----A---- C:\Windows\system32\shlwapi.dll
2011-02-09 06:25:01 ----A---- C:\Windows\system32\atmlib.dll
2011-02-09 06:25:01 ----A---- C:\Windows\system32\atmfd.dll
2011-02-07 00:10:37 ----A---- C:\Windows\NeroDigital.ini
2011-02-06 23:47:26 ----D---- C:\Program Files\Ask.com
2011-02-06 23:46:33 ----D---- C:\Program Files\The KMPlayer
2011-02-06 14:56:31 ----A---- C:\Windows\system32\XAudio2_2.dll
2011-02-06 14:56:31 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2011-02-06 14:56:30 ----A---- C:\Windows\system32\d3dx10_39.dll
2011-02-06 14:56:30 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2011-02-06 14:56:29 ----A---- C:\Windows\system32\D3DX9_39.dll
2011-02-05 12:08:26 ----D---- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter

======List of files/folders modified in the last 1 months======

2011-12-09 03:35:00 ----A---- C:\Program Files\package.ini
2011-03-02 15:13:55 ----D---- C:\Windows\temp
2011-03-02 15:13:41 ----D---- C:\Program Files\trend micro
2011-03-02 14:48:32 ----D---- C:\Users\OEM\AppData\Roaming\Skype
2011-03-02 10:58:35 ----D---- C:\Windows\system32\drivers
2011-03-02 10:13:37 ----D---- C:\Users\OEM\AppData\Roaming\HpUpdate
2011-03-02 10:13:29 ----SHD---- C:\Windows\Installer
2011-03-02 10:13:29 ----SD---- C:\Users\OEM\AppData\Roaming\Microsoft
2011-03-02 10:13:29 ----D---- C:\Config.Msi
2011-03-02 09:08:43 ----SHD---- C:\System Volume Information
2011-03-02 08:11:11 ----D---- C:\Users\OEM\AppData\Roaming\skypePM
2011-03-02 07:14:24 ----D---- C:\Windows\Prefetch
2011-02-28 19:55:00 ----RD---- C:\Program Files
2011-02-27 16:08:55 ----D---- C:\Windows\System32
2011-02-27 16:08:55 ----D---- C:\Windows\inf
2011-02-27 16:08:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-27 14:41:12 ----D---- C:\ProgramData
2011-02-25 21:35:18 ----D---- C:\Users\OEM\AppData\Roaming\uTorrent
2011-02-25 18:13:51 ----D---- C:\Windows\Microsoft.NET
2011-02-25 14:40:50 ----D---- C:\Windows\rescache
2011-02-25 14:40:16 ----D---- C:\Windows\winsxs
2011-02-25 09:23:22 ----D---- C:\Windows\system32\catroot
2011-02-25 09:23:16 ----D---- C:\Windows\system32\catroot2
2011-02-20 20:12:55 ----D---- C:\Program Files\Garena
2011-02-19 22:15:53 ----D---- C:\Program Files\aTube Catcher
2011-02-15 18:20:12 ----HD---- C:\Program Files\InstallShield Installation Information
2011-02-15 12:46:13 ----D---- C:\Windows\Minidump
2011-02-15 12:46:09 ----D---- C:\Windows
2011-02-13 12:22:57 ----D---- C:\Program Files\log
2011-02-13 12:19:57 ----D---- C:\Program Files\user
2011-02-13 00:23:34 ----D---- C:\Windows\Logs
2011-02-10 17:23:07 ----A---- C:\Program Files\config.ini
2011-02-10 17:17:27 ----D---- C:\Program Files\pak
2011-02-10 17:08:41 ----D---- C:\Program Files\logs
2011-02-10 09:29:37 ----D---- C:\Program Files\Windows Mail
2011-02-10 09:29:34 ----D---- C:\Windows\system32\migration
2011-02-10 09:29:34 ----D---- C:\Program Files\Internet Explorer
2011-02-10 09:10:15 ----D---- C:\Windows\Debug
2011-02-10 09:10:12 ----A---- C:\Windows\system32\mrt.exe
2011-02-07 18:23:04 ----D---- C:\ProgramData\Norton
2011-02-07 15:48:43 ----A---- C:\Windows\win.ini
2011-02-06 23:47:31 ----D---- C:\Windows\system32\Tasks
2011-02-06 14:26:05 ----D---- C:\ProgramData\PMB Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2008-04-15 312344]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-01-13 23632]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-01-13 294608]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-01-13 47440]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-01-13 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 50704]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-09 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-06-12 26600]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-06-09 2366752]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-03 9905096]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-10-26 1095936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 245936]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S0 FVXSCSI;FVXSCSI; C:\Windows\system32\DRIVERS\fvxscsi.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 fcdabus;fcdabus; C:\Windows\system32\DRIVERS\fcdabus.sys []
S3 fsRamDsk;RamDisk Drive Service; C:\Windows\system32\DRIVERS\fsRamDsk.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\OEM\AppData\Local\Temp\TDO1BFE.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-09-29 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-01-13 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-10-03 219752]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-09-20 75064]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-02 165192]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-14 135664]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 TeamViewer6;TeamViewer 6; C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-14 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 02 bře 2011 16:35

Zdravim a pekny den preji

Uvolnete volne misto alespon na 8 giga - windows se dusi

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

C:\Users\OEM\AppData\Roaming\MSSecurity\wscntfy.exe
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"NBKeyScan"=-
"SunJavaUpdateSched"=-
"DivXUpdate"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"YSearchProtection"=-
"QuickTime Task"=-
"AppleSyncNotifier"=-
"iTunesHelper"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"swg"=-
"ehTray.exe"=-
"Skype"=-
"Messenger (Yahoo!)"=-
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"DAEMON Tools Lite"=-
"Search Protection"=-
"Yahoo! Updater"=-
"Windows Security Center Notification App"=-
"WMPNSCFG"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-

:services
gupdate
gusvc

:files
C:\Program Files\Ask.com
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-836076233-113199199-2145366803-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-836076233-113199199-2145366803-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{E13D2CB0-ED17-47B5-AE74-5F4CC2BB9EAD}.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

cv-47 · #3 Příspěvek od **cv-47** » 04 bře 2011 14:37

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NBKeyScan deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\YSearchProtection deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AppleSyncNotifier deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ehTray.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Messenger (Yahoo!) deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Updater deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Security Center Notification App deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
C:\Program Files\Ask.com folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-836076233-113199199-2145366803-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-836076233-113199199-2145366803-1000UA.job moved successfully.
C:\Windows\tasks\User_Feed_Synchronization-{E13D2CB0-ED17-47B5-AE74-5F4CC2BB9EAD}.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP43D3.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4926.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4CE8.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP73F0.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP74C4.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP937E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA092.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC1C8.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD15B.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDA0C.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp folder moved successfully.
C:\Windows\Installer\MSI146D.tmp moved successfully.
C:\Windows\Installer\MSI1B4C.tmp moved successfully.
C:\Windows\Installer\MSI20C8.tmp moved successfully.
C:\Windows\Installer\MSI237F.tmp moved successfully.
C:\Windows\Installer\MSI2A64.tmp moved successfully.
C:\Windows\Installer\MSI30B.tmp moved successfully.
C:\Windows\Installer\MSI3666.tmp moved successfully.
C:\Windows\Installer\MSI3825.tmp moved successfully.
C:\Windows\Installer\MSI3CC7.tmp moved successfully.
C:\Windows\Installer\MSI3CFC.tmp moved successfully.
C:\Windows\Installer\MSI3DC0.tmp moved successfully.
C:\Windows\Installer\MSI3ED9.tmp moved successfully.
C:\Windows\Installer\MSI4259.tmp moved successfully.
C:\Windows\Installer\MSI43FE.tmp moved successfully.
C:\Windows\Installer\MSI4484.tmp moved successfully.
C:\Windows\Installer\MSI469D.tmp moved successfully.
C:\Windows\Installer\MSI4B30.tmp moved successfully.
C:\Windows\Installer\MSI6098.tmp moved successfully.
C:\Windows\Installer\MSI69DA.tmp moved successfully.
C:\Windows\Installer\MSI7375.tmp moved successfully.
C:\Windows\Installer\MSI73B3.tmp moved successfully.
C:\Windows\Installer\MSI75F0.tmp moved successfully.
C:\Windows\Installer\MSI7950.tmp moved successfully.
C:\Windows\Installer\MSI7EFF.tmp moved successfully.
C:\Windows\Installer\MSI8024.tmp moved successfully.
C:\Windows\Installer\MSI81F7.tmp moved successfully.
C:\Windows\Installer\MSI820E.tmp moved successfully.
C:\Windows\Installer\MSI8368.tmp moved successfully.
C:\Windows\Installer\MSI85F2.tmp moved successfully.
C:\Windows\Installer\MSI8BDD.tmp moved successfully.
C:\Windows\Installer\MSI8E63.tmp moved successfully.
C:\Windows\Installer\MSI8F01.tmp moved successfully.
C:\Windows\Installer\MSI9D68.tmp moved successfully.
C:\Windows\Installer\MSIAF03.tmp moved successfully.
C:\Windows\Installer\MSIB15A.tmp moved successfully.
C:\Windows\Installer\MSIB3BF.tmp moved successfully.
C:\Windows\Installer\MSIB57F.tmp moved successfully.
C:\Windows\Installer\MSIB5AD.tmp moved successfully.
C:\Windows\Installer\MSIB9A6.tmp moved successfully.
C:\Windows\Installer\MSIBBE7.tmp moved successfully.
C:\Windows\Installer\MSIBED5.tmp moved successfully.
C:\Windows\Installer\MSIC0E7.tmp moved successfully.
C:\Windows\Installer\MSIC106.tmp moved successfully.
C:\Windows\Installer\MSIC15A.tmp moved successfully.
C:\Windows\Installer\MSIC2E0.tmp moved successfully.
C:\Windows\Installer\MSIC4F.tmp moved successfully.
C:\Windows\Installer\MSIC789.tmp moved successfully.
C:\Windows\Installer\MSIC93E.tmp moved successfully.
C:\Windows\Installer\MSIC956.tmp moved successfully.
C:\Windows\Installer\MSICB66.tmp moved successfully.
C:\Windows\Installer\MSICE2D.tmp moved successfully.
C:\Windows\Installer\MSID10F.tmp moved successfully.
C:\Windows\Installer\MSID39A.tmp moved successfully.
C:\Windows\Installer\MSID5DD.tmp moved successfully.
C:\Windows\Installer\MSID9D7.tmp moved successfully.
C:\Windows\Installer\MSIDCE8.tmp moved successfully.
C:\Windows\Installer\MSIDD4.tmp moved successfully.
C:\Windows\Installer\MSIE08E.tmp moved successfully.
C:\Windows\Installer\MSIECDD.tmp moved successfully.
C:\Windows\Installer\MSIEE02.tmp moved successfully.
C:\Windows\Installer\MSIF78A.tmp moved successfully.
C:\Windows\temp\BIT1B3D.tmp moved successfully.
C:\Windows\temp\BIT1C1B.tmp moved successfully.
C:\Windows\temp\BIT3D70.tmp moved successfully.
C:\Windows\temp\BIT496E.tmp moved successfully.
C:\Windows\temp\BIT49AE.tmp moved successfully.
C:\Windows\temp\BIT5046.tmp moved successfully.
C:\Windows\temp\BIT53E9.tmp moved successfully.
C:\Windows\temp\BIT72E3.tmp moved successfully.
C:\Windows\temp\BIT87D6.tmp moved successfully.
C:\Windows\twain_32\hpqgnds2.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: OEM
->Temp folder emptied: 237873763 bytes
->Temporary Internet Files folder emptied: 519008994 bytes
->Java cache emptied: 15676490 bytes
->FireFox cache emptied: 113092247 bytes
->Google Chrome cache emptied: 205735480 bytes
->Apple Safari cache emptied: 1875968 bytes
->Opera cache emptied: 39181583 bytes
->Flash cache emptied: 112047172 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5552218 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 34720 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,192.00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 03042011_020509

Files moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\TMP00000082318CDC6BBF1FACE2 moved successfully.

Registry entries deleted on Reboot...

Z VirusTotal
AhnLab-V3 2011.03.04.03 2011.03.04 -
AntiVir 7.11.4.66 2011.03.04 BDS/Vecebot.y
Antiy-AVL 2.0.3.7 2011.03.04 Backdoor/Win32.Vecebot.gen
Avast 4.8.1351.0 2011.02.23 -
Avast5 5.0.677.0 2011.03.04 -
AVG 10.0.0.1190 2011.03.04 -
BitDefender 7.2 2011.03.04 -
CAT-QuickHeal 11.00 2011.03.04 Backdoor.Vecebot.y
ClamAV 0.96.4.0 2011.03.04 -
Commtouch 5.2.11.5 2011.03.04 -
Comodo 7868 2011.03.04 -
DrWeb 5.0.2.03300 2011.03.04 -
Emsisoft 5.1.0.2 2011.03.04 Backdoor.Win32.Vecebot!IK
eSafe 7.0.17.0 2011.03.03 -
eTrust-Vet 36.1.8197 2011.03.04 -
F-Prot 4.6.2.117 2011.03.04 -
F-Secure 9.0.16440.0 2011.03.04 -
Fortinet 4.2.254.0 2011.03.04 W32/Vecebot.Y!tr.bdr
GData 21 2011.03.04 -
Ikarus T3.1.1.97.0 2011.03.04 Backdoor.Win32.Vecebot
Jiangmin 13.0.900 2011.03.04 Backdoor/Vecebot.h
K7AntiVirus 9.91.4021 2011.03.04 -
Kaspersky 7.0.0.125 2011.03.04 Backdoor.Win32.Vecebot.y
McAfee 5.400.0.1158 2011.03.04 Artemis!E2626ECC4E54
McAfee-GW-Edition 2010.1C 2011.03.03 Artemis!E2626ECC4E54
Microsoft 1.6603 2011.03.04 -
NOD32 5925 2011.03.04 -
Norman 6.07.03 2011.03.04 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.03 Suspicious file
PCTools 7.0.3.5 2011.03.04 -
Prevx 3.0 2011.03.04 -
Rising 23.47.04.05 2011.03.04 Trojan.Win32.Generic.127BE111
Sophos 4.63.0 2011.03.04 -
SUPERAntiSpyware 4.40.0.1006 2011.03.04 -
Symantec 20101.3.0.103 2011.03.04 WS.Reputation.1
TheHacker 6.7.0.1.143 2011.03.02 -
TrendMicro 9.200.0.1012 2011.03.04 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.04 -
VBA32 3.12.14.3 2011.03.02 Backdoor.Vecebot.y
VIPRE 8600 2011.03.04 -
ViRobot 2011.3.4.4340 2011.03.04 -
VirusBuster 13.6.234.0 2011.03.04 -

promin za zpozneni jsem nemohl na pocitac

#4 Příspěvek od **vyosek** » 04 bře 2011 20:29

vyosek píše: Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)
C:\Users\OEM\AppData\Roaming\MSSecurity\wscntfy.exe

Kliknete na Prochazet

Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat

Kliknete na Send File

Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse

Vysledek analyzy sem vlozte (jako odkaz)

cv-47 · #5 Příspěvek od **cv-47** » 05 bře 2011 09:07

http://www.virustotal.com/file-scan/rep ... 1299245464

#6 Příspěvek od **vyosek** » 05 bře 2011 10:35

Tak jeste jeden skript pro OTM

Kód: Vybrat vše

:files
C:\Users\OEM\AppData\Roaming\MSSecurity\wscntfy.exe

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Security Center Notification App"=-

:commands
[REBOOT]

cv-47 · #7 Příspěvek od **cv-47** » 05 bře 2011 21:35

Ahoj kdyz jsem to dal tak se zadnej log neobjevil
ale objevil se ruzne jakoby pruhledne slozky po celem pocitaci v C nevim co to je

#8 Příspěvek od **vyosek** » 05 bře 2011 21:54

Jsou to skryte slozky, po ukonceni cisteni je opet zakryjem

Stahnete Avenger (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

Kód: Vybrat vše

Files to delete:
C:\Users\OEM\AppData\Roaming\MSSecurity\wscntfy.exe

Registry values to delete:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Windows Security Center Notification App

Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

cv-47 · #9 Příspěvek od **cv-47** » 06 bře 2011 08:39

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Sat Mar 05 23:43:12 2011

23:43:06: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run|Windows Security Center Notification App"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line. (Registry value deletion mode)

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\Users\OEM\AppData\Roaming\MSSecurity\wscntfy.exe" not found!
Deletion of file "C:\Users\OEM\AppData\Roaming\MSSecurity\wscntfy.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

#10 Příspěvek od **vyosek** » 06 bře 2011 09:08

Jak se chova PC

cv-47 · #11 Příspěvek od **cv-47** » 06 bře 2011 17:39

jo uz mnohem rychlejsi

diky a uz je to asi tak cisty jo? jestli ji tak dik moc a muzes

#12 Příspěvek od **vyosek** » 06 bře 2011 18:38

Cisto ano ale jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za 14 dni

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Prosim o kontrolu RSIT (notas)

Prosim o kontrolu RSIT (notas)

Re: Prosim o kontrolu RSIT (notas)

Re: Prosim o kontrolu RSIT (notas)

Re: Prosim o kontrolu RSIT (notas)

Re: Prosim o kontrolu RSIT (notas)

Re: Prosim o kontrolu RSIT (notas)

Re: Prosim o kontrolu RSIT (notas)

Re: Prosim o kontrolu RSIT (notas)

Re: Prosim o kontrolu RSIT (notas)

Re: Prosim o kontrolu RSIT (notas)

Re: Prosim o kontrolu RSIT (notas)

Re: Prosim o kontrolu RSIT (notas)