Facebook chat vir- Flash player.exe

[Dartan-an]

Roguekiller:

Možnost 2
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ondra [Admin rights]
Mode: Remove -- Date : 07/24/2011 11:42:38

Bad processes: 1
[SUSP PATH] ClickClean.exe -- c:\documents and settings\ondra\local settings\data aplikací\google\chrome\user data\default\extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\clickclean.exe -> KILLED

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

Možnost 3

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ondra [Admin rights]
Mode: HOSTSFix -- Date : 07/24/2011 11:42:47

Bad processes: 0

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt


Možnost 4

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ondra [Admin rights]
Mode: ProxyFix -- Date : 07/24/2011 11:42:50

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt


Možnost 5

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Ondra [Admin rights]
Mode: DNSFix -- Date : 07/24/2011 11:42:56

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt

[stell]

Sprav toto>>

cece, rob len toto, Malwarebytes uz nerob,a nestahuj vseliake blobosti na opravu pc.

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Folder::
c:\documents and settings\Ondra\Data aplikací\PriceGong
c:\documents and settings\Ondra\Local Settings\Data aplikací\AskToolbar
c:\documents and settings\Ondra\Local Settings\Data aplikací\ConduitEngine
c:\documents and settings\Ondra\Data aplikací\Toolbar4
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0
c:\windows\av_ico
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\update.tray-10-0-lnk
c:\windows\update.tray-10-0
c:\program files\Common Files\Spigot
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22E4A387-EBFC-442B-B46A-4E7957176FE0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7124C800-B6B8-4A2E-BEC0-8B9ECCEA2149}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{7124c800-b6b8-4a2e-bec0-8b9eccea2149}]
[-HKEY_CLASSES_ROOT\TBSB02843.TBSB02843.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\TBSB02843.TBSB02843]  
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7124C800-B6B8-4A2E-BEC0-8B9ECCEA2149}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{7124c800-b6b8-4a2e-bec0-8b9eccea2149}]
[-HKEY_CLASSES_ROOT\TBSB02843.TBSB02843.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\TBSB02843.TBSB02843] 
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"SearchSettings"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SweetIM"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"facemoods"=-
"ApnUpdater"=-
Driver::
Application Updater

File::
c:\windows\Tasks\Registry Reviver-Marek-Startup.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\Tasks\SmartDefrag_Startup.job
c:\windows\unrar.exe
c:\documents and settings\ondra\local settings\data aplikací\google\chrome\user data\default\extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\clickclean.exe
DDS::
uStart Page = hxxp://start.facemoods.com/?a=ost
Extra::
FireFox::
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\0zieh489.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ost
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.2.6&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =302398&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =302398&p=

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[Dartan-an]

Udělal jsem to tedy, nechal jsem Combofix pracovat a když jsem přišel byl zrestartovaný počítač a chtělo to pouze heslo pro přihlášení a log z toho nemůžu nikde najít, mám to udělat znovu?

[stell]

pozri ci mas na C:\combofix.txt. ale ten novy, combofix.txt1

[Dartan-an]

právě že to nikde není, když zadám tuto cestu napíše to, že to neexistuje a že mám zkontrolovat zda je to správně zadáno...

[stell]

spust este raz script, a cakaj na log,

[Dartan-an]

I s tím postupem co jste psal? (vytvořit CFScript.txt přenést na Combofix atd.)
Omlouvám se, že Vás obtěžuji neustálými dotazy, ale opravdu nevím

[stell]

Ano takto>>

cece, rob len toto, Malwarebytes uz nerob,a nestahuj vseliake blobosti na opravu pc.

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Folder::
c:\documents and settings\Ondra\Data aplikací\PriceGong
c:\documents and settings\Ondra\Local Settings\Data aplikací\AskToolbar
c:\documents and settings\Ondra\Local Settings\Data aplikací\ConduitEngine
c:\documents and settings\Ondra\Data aplikací\Toolbar4
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0
c:\windows\av_ico
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\update.tray-10-0-lnk
c:\windows\update.tray-10-0
c:\program files\Common Files\Spigot
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22E4A387-EBFC-442B-B46A-4E7957176FE0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7124C800-B6B8-4A2E-BEC0-8B9ECCEA2149}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{7124c800-b6b8-4a2e-bec0-8b9eccea2149}]
[-HKEY_CLASSES_ROOT\TBSB02843.TBSB02843.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\TBSB02843.TBSB02843]  
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7124C800-B6B8-4A2E-BEC0-8B9ECCEA2149}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{7124c800-b6b8-4a2e-bec0-8b9eccea2149}]
[-HKEY_CLASSES_ROOT\TBSB02843.TBSB02843.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\TBSB02843.TBSB02843] 
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"SearchSettings"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SweetIM"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"facemoods"=-
"ApnUpdater"=-
Driver::
Application Updater

File::
c:\windows\Tasks\Registry Reviver-Marek-Startup.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\Tasks\SmartDefrag_Startup.job
c:\windows\unrar.exe
c:\documents and settings\ondra\local settings\data aplikací\google\chrome\user data\default\extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\clickclean.exe
DDS::
uStart Page = hxxp://start.facemoods.com/?a=ost
Extra::
FireFox::
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\0zieh489.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ost
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.2.6&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =302398&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =302398&p=

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[Dartan-an]

Log z Combofixu:


ComboFix 11-07-23.04 - Ondra 24.07.2011 12:32:33.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1022.413 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ondra\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ondra\Plocha\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
FILE ::
"c:\documents and settings\ondra\local settings\data aplikací\google\chrome\user data\default\extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\clickclean.exe"
"c:\windows\Tasks\Registry Reviver-Marek-Startup.job"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
"c:\windows\Tasks\SmartDefrag_Startup.job"
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\program files\Common Files\Spigot\wtxpcom\chrome.manifest
c:\program files\Common Files\Spigot\wtxpcom\install.rdf
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\av_ico\ico_norton_start.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\update.tray-10-0-lnk
c:\windows\update.tray-10-0
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APPLICATION_UPDATER
-------\Service_Application Updater
-------\Legacy_APPLICATION_UPDATER
-------\Service_Application Updater
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-24 do 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-23 16:14 . 2011-07-23 16:14 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\PriceGong
2011-07-23 16:13 . 2011-07-23 16:17 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\AskToolbar
2011-07-23 16:13 . 2011-07-23 16:14 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\ConduitEngine
2011-07-23 16:13 . 2011-07-23 16:13 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Toolbar4
2011-07-23 10:20 . 2011-07-23 10:22 -------- d-----w- c:\program files\trend micro
2011-07-23 10:20 . 2011-07-23 10:20 -------- d-----w- C:\rsit
2011-07-23 10:00 . 2011-07-23 10:00 -------- d-----w- c:\program files\Symantec
2011-07-23 10:00 . 2011-07-23 10:00 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-23 10:00 . 2011-07-23 10:00 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-23 10:00 . 2011-07-23 10:00 -------- d-----w- c:\program files\Norton Internet Security
2011-07-23 09:54 . 2011-07-23 09:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PCSettings
2011-07-23 09:43 . 2011-07-23 09:43 -------- d-----w- c:\program files\NortonInstaller
2011-07-23 09:39 . 2011-07-23 10:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Norton
2011-07-23 07:34 . 2011-07-23 07:34 -------- d-----w- c:\documents and settings\Marek\Data aplikací\Malwarebytes
2011-07-22 20:54 . 2011-07-22 20:54 -------- d-----w- c:\documents and settings\Ondra\Data aplikací\Malwarebytes
2011-07-22 20:54 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-22 20:54 . 2011-07-22 20:54 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-22 20:54 . 2011-07-22 20:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-22 20:54 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 16:54 . 2011-07-22 16:54 -------- d-----w- c:\documents and settings\Guest\Local Settings\Data aplikací\Adobe
2011-07-22 16:48 . 2011-07-22 17:05 246272 ----a-w- c:\windows\unrar.exe
2011-07-22 16:46 . 2011-07-22 16:46 -------- d-----w- c:\documents and settings\NetworkService\Nabídka Start
2011-07-22 16:44 . 2011-07-22 16:44 -------- d-----w- c:\documents and settings\Administrator
2011-07-22 16:32 . 2011-07-22 16:32 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-22 15:55 . 1998-06-24 00:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-07-22 15:55 . 2002-10-17 10:35 26096 ----a-w- c:\windows\system32\xmlinst.exe
2011-07-22 15:55 . 2002-04-24 12:43 35840 ----a-w- c:\windows\system32\comdlg32.oca
2011-07-22 15:55 . 2002-04-09 17:23 29184 ----a-w- c:\windows\system32\MSINET.oca
2011-07-22 15:55 . 2000-03-17 08:21 36864 ----a-w- c:\windows\system32\xmlparse.dll
2011-07-22 15:55 . 2000-03-17 08:21 69632 ----a-w- c:\windows\system32\xmltok.dll
2011-07-22 15:49 . 2011-07-22 15:55 -------- d-----w- c:\program files\Ubisoft
2011-07-22 11:28 . 2011-07-22 11:28 -------- d-----w- c:\documents and settings\Valerie\Local Settings\Data aplikací\Sony Ericsson
2011-07-19 08:02 . 2011-07-19 08:02 -------- d-----w- c:\program files\pdfforge Toolbar
2011-07-18 17:57 . 2011-07-18 17:57 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\Apple Computer
2011-07-17 13:06 . 2011-07-17 13:06 -------- d-----w- c:\program files\IObit Toolbar
2011-07-08 17:56 . 2011-07-08 17:56 -------- d-----w- c:\documents and settings\Guest\Local Settings\Data aplikací\Google
2011-07-08 17:56 . 2011-07-22 16:50 -------- d-----w- c:\documents and settings\Guest\Data aplikací\IObit
2011-07-07 17:20 . 2011-07-07 17:20 -------- d-----w- c:\documents and settings\Ondra\Local Settings\Data aplikací\Symantec
2011-07-07 13:55 . 2011-07-07 13:55 -------- d-----w- c:\documents and settings\Valerie\Data aplikací\Tific
2011-07-07 13:55 . 2011-07-07 13:55 -------- d-----w- c:\documents and settings\Valerie\Local Settings\Data aplikací\Symantec
2011-07-04 07:09 . 2011-07-04 07:10 -------- d-----w- c:\program files\Planet Horse
2011-07-04 07:08 . 2011-07-04 07:09 -------- d-----w- c:\documents and settings\Valerie\Data aplikací\DAEMON Tools Lite
2011-07-03 20:15 . 2011-07-03 20:15 1409 ----a-w- c:\windows\QTFont.for
2011-07-03 14:57 . 2011-07-03 14:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-03 14:57 . 2011-07-03 14:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-25 12:55 . 2011-06-25 12:55 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2011-06-25 08:44 . 2011-06-29 18:46 -------- d-----w- c:\documents and settings\Valerie\Data aplikací\go
2011-06-25 08:36 . 2011-06-29 20:00 -------- d-----w- c:\documents and settings\Valerie\Data aplikací\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 12:51 . 2009-09-14 17:11 138160 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-08 12:50 . 2009-09-15 17:31 271200 -c--a-w- c:\windows\system32\PnkBstrB.xtr
2011-07-08 12:50 . 2009-09-14 17:10 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-15 11:39 . 2011-06-15 11:39 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-12 13:38 . 2011-05-20 14:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-12 13:36 . 2011-06-13 13:43 718208 ----a-w- c:\windows\system32\ezGOSvcApp.exe
2011-06-06 11:35 . 2006-03-02 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-08 09:04 . 2009-09-14 17:10 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-08 09:04 . 2009-09-14 17:10 271200 -c--a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-02 15:32 . 2009-09-14 13:25 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-03-02 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-03-02 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-03-02 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:06 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:06 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:06 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-07-03 14:57 . 2011-04-13 19:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-24_08.15.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-24 10:44 . 2011-07-24 10:44 16384 c:\windows\temp\Perflib_Perfdata_268.dat
+ 2011-07-24 10:42 . 2011-07-24 10:42 16384 c:\windows\temp\Perflib_Perfdata_218.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2011-01-17 14:54 175912 ----a-w- c:\program files\MyAshampoo\prxtbMyA0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Valerie\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\Marek\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Ubisoft register.lnk - c:\program files\Ubisoft\Register\schedule.exe [2011-7-22 28672]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^SMART Board Tools.lnk]
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 -c--a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"Ashampoo Core Tuner"="c:\program files\Ashampoo\Ashampoo Core Tuner\ct.exe" -TRAY
"JMB36X IDE Setup"=c:\windows\JM\JMInsIDE.exe
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"e:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"e:\\Program Files\\CoJBiBGame_x86.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Product Drivers\\UCService.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [15.6.2011 13:41 13496]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.9.2009 7:49 691696]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SymDS.sys [15.6.2011 11:15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SymEFA.sys [15.6.2011 11:15 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20110701.001\BHDrvx86.sys [19.5.2011 21:37 810616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.6.2011 13:39 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.sys [15.6.2011 11:15 136312]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [15.6.2011 12:07 353168]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.9.2009 18:08 247096]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [23.7.2011 12:00 130008]
R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Product Drivers\UCService.exe [25.1.2011 18:10 846704]
R2 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [8.2.2007 1:06 49152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [23.7.2011 12:49 105592]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [29.5.2010 15:20 16384]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [29.5.2010 15:20 9856]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20110722.031\IDSXpx86.sys [22.7.2011 4:16 355256]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [25.12.2009 18:44 27632]
S2 gupdate1ca871463227f02;Služba Google Update (gupdate1ca871463227f02);c:\program files\Google\Update\GoogleUpdate.exe [27.12.2009 18:48 133104]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [2.7.2010 11:53 406016]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [18.9.2009 16:06 13224]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [29.5.2010 15:20 17408]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27.12.2009 18:48 133104]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [6.4.2011 20:18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [6.4.2011 20:18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [6.4.2011 20:18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [6.4.2011 20:18 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [6.4.2011 20:18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [6.4.2011 20:18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [6.4.2011 20:18 115752]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [25.1.2011 18:13 1678704]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [6.4.2011 20:16 155344]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.3.2006 14:00 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-23 c:\windows\Tasks\ASC4_AutoUpdate.job
- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-06-15 12:46]
.
2011-07-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-09-14 13:13]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f03f1d63b08.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 16:48]
.
2011-07-24 c:\windows\Tasks\Registry Reviver-Marek-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2010-05-27 11:33]
.
2011-07-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29]
.
2011-07-24 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2011-06-15 18:19]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.254
FF - ProfilePath - c:\documents and settings\Ondra\Data aplikací\Mozilla\Firefox\Profiles\0zieh489.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 12:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-515967899-839522115-1005\Software\SecuROM\License information*]
"datasecu"=hex:c6,7b,06,20,16,a8,05,13,94,1d,41,98,7e,00,9f,84,2b,96,d3,a9,35,
19,df,f1,68,84,67,2d,9e,88,20,a8,f9,77,20,bb,a0,d7,0e,65,4c,07,ae,37,7e,3a,\
"rkeysecu"=hex:87,78,0a,12,f1,dd,32,d9,24,ee,38,53,48,09,98,64
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3680)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-24 12:46:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-24 10:46
ComboFix2.txt 2011-07-24 08:18
.
Před spuštěním: 9 664 348 160
Po spuštění: 9 593 085 952
.
- - End Of File - - 2180E611B97207BDE8EB9723DCAFFB0A

[stell]

Ok, spust prikazovy riadok a napis tento prikaz
AT/Delete /Yes
enter>>

Najdi a zmaz rucne
c:\windows\unrar.exe

a napis ako sa chova pc

[Dartan-an]

Tak snad hotovo akorát ten unrar.exe se jmenoval jen unrar, tak jsem to smazal a počítač se chová normálně, měl by být nějaký rozdíl?

[stell]

nooo, dufam ze si zmazal toto
2011-07-22 16:48 . 2011-07-22 17:05 246272 ----a-w- c:\windows\unrar.exe

odinstaluj combofix. do start>>spustit vloz tento prikaz
combofix /uninstall
ak si vypol obnovu a vycistil CCleanerom, tak ako je v navode, tak to je vsetko

[Dartan-an]

Tu obnovu mám mít vypnutou napořád? já ji vypnul jen na restart a pak znovu zapnul...
Očistu CCleanerem ještě nemám, provedu. A ještě se chci zeptat zda mám použít i programy TFC a TDSSKILLER?

Jinak Vám moc děkuji za pomoc, zachránil jste mě.

[stell]

Obnovu spravne si spravil, tak uz len s CCleaner a hotovo
Nemas zaco

[Dartan-an]

Chápu tedy dobře, že programy TFC a TDSSKILLER už použít nemusím?
Děkuji mockrát a přeji pěkný zbytek víkendu (o který jsem vás skoro připravil...).