VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

rada s MWAV

https://forum.viry.cz:443/viewtopic.php?t=123512

Stránka 7 z 7

Re: rada s MWAV

Napsal: 25 čer 2013 16:07
od MartinW
ComboFix 13-06-24.01 - uzivatel . 06. 2013 15:37:14.3.4 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.391 [GMT 2:00]
Running from: d:\!data!\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\QTSBandwidthCache
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\muzapp.exe
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((( Files Created from 2013-05-25 to 2013-06-25 )))))))))))))))))))))))))))))))
.
.
2013-06-23 08:56 . 2013-06-23 08:56 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\PCHealth
2013-06-23 08:01 . 2013-06-23 08:51 -------- d-----w- c:\windows\SxsCaPendDel
2013-06-23 07:37 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-06-22 18:59 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-06-22 18:58 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2013-06-22 18:58 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-06-22 17:59 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-06-22 17:57 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-06-22 17:56 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-22 17:56 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-06-22 17:49 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-06-22 17:43 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-06-22 17:42 . 2013-05-07 22:30 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-06-22 17:40 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-06-22 17:40 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-06-22 17:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-06-22 17:38 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-06-22 16:42 . 2013-06-22 16:42 -------- d-----w- c:\windows\system32\scripting
2013-06-22 16:42 . 2013-06-22 16:42 -------- d-----w- c:\windows\l2schemas
2013-06-22 16:42 . 2013-06-22 16:42 -------- d-----w- c:\windows\system32\en
2013-06-22 16:42 . 2013-06-22 16:42 -------- d-----w- c:\windows\system32\bits
2013-06-22 16:28 . 2013-06-22 16:28 -------- d-----w- c:\windows\EHome
2013-06-22 15:47 . 2013-06-22 15:47 -------- d-sh--w- c:\documents and settings\uzivatel\PrivacIE
2013-06-22 15:45 . 2013-06-22 15:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-06-22 15:45 . 2013-06-22 15:45 -------- d-sh--w- c:\documents and settings\uzivatel\IETldCache
2013-06-22 15:39 . 2013-06-22 15:41 -------- dc-h--w- c:\windows\ie8
2013-06-22 15:39 . 2013-06-22 15:40 -------- d-----w- c:\windows\system32\sk-SK
2013-06-22 15:34 . 2013-05-07 22:30 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-06-22 15:34 . 2013-05-07 22:30 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-06-22 15:34 . 2013-05-07 22:30 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-06-22 15:34 . 2013-05-07 22:30 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-06-22 15:34 . 2013-05-07 22:30 2005504 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-06-22 15:33 . 2013-05-07 22:30 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-06-22 15:33 . 2013-05-07 22:30 11112960 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-06-22 15:21 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2013-06-22 15:20 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2013-06-22 15:19 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2013-06-22 15:18 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2013-06-22 15:17 . 2008-04-14 00:11 12800 ------w- c:\windows\system32\credssp.dll
2013-06-16 10:37 . 2013-06-17 15:04 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Skype
2013-06-16 10:37 . 2013-06-16 10:37 -------- d-----w- c:\program files\Common Files\Skype
2013-06-15 13:07 . 2013-06-15 13:09 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Zoner
2013-06-15 13:07 . 2013-06-15 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Zoner
2013-06-15 13:07 . 2013-06-15 13:07 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\Zoner
2013-06-15 13:06 . 2013-06-15 13:06 -------- d-----w- c:\program files\Zoner
2013-06-12 12:52 . 2013-06-12 12:52 -------- d-----w- c:\program files\Lavalys
2013-06-11 11:20 . 2013-06-11 11:20 -------- d-----w- c:\program files\Common Files\Nikon
2013-06-11 11:19 . 2013-06-11 12:47 -------- d-----w- c:\program files\RAW PhotoDesk
2013-06-11 10:01 . 2013-06-11 10:01 -------- d-----w- c:\documents and settings\uzivatel\Application Data\RawTherapeeAlpha
2013-06-10 15:46 . 2013-06-10 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2013-06-10 15:29 . 2013-06-10 15:29 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2013-06-09 12:31 . 2013-06-09 12:31 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Apple Computer
2013-06-09 11:44 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-06-09 11:44 . 2004-08-03 22:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2013-06-09 11:40 . 2013-06-09 11:40 -------- d-----w- c:\program files\QuickTime
2013-06-09 11:40 . 2013-06-09 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2013-06-09 11:40 . 2013-06-09 11:40 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\Apple
2013-06-09 11:39 . 2013-06-09 11:39 -------- d-----w- c:\program files\Apple Software Update
2013-06-09 11:39 . 2013-06-09 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2013-06-09 11:39 . 2013-06-09 11:39 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\Apple Computer
2013-06-09 11:38 . 2001-09-05 01:18 77824 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-06-09 11:38 . 2001-09-05 01:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2013-06-09 11:38 . 2001-09-05 01:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-06-09 11:38 . 2001-09-05 01:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-06-09 11:38 . 2008-02-26 01:00 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-06-09 11:37 . 2013-06-09 11:45 -------- d-----w- c:\documents and settings\uzivatel\Application Data\FUJIFILM
2013-06-09 11:36 . 2013-06-22 13:05 -------- d-----w- c:\program files\FinePixViewer
2013-06-09 11:36 . 2006-07-12 12:39 208896 ----a-w- c:\windows\system32\FFRafShellEx.dll
2013-06-09 11:36 . 2004-07-24 19:28 155648 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2013-06-09 11:36 . 2003-09-03 14:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2013-06-09 11:36 . 2013-06-09 11:36 -------- d-----w- c:\documents and settings\uzivatel\Application Data\InstallShield
2013-05-26 16:45 . 2013-05-26 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 09:08 . 2013-03-05 21:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-23 09:08 . 2013-03-05 21:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2006-02-28 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31 . 2006-02-28 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-07 14:30 . 2013-03-21 13:06 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18643048]
"Zoner Photo Studio Autoupdate"="c:\program files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE" [2012-10-18 752736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-02 74752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2013-6-9 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-11-07 12:41 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-10-23 15:10 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-10-23 16:58 906648 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 15:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 10:46 159744 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 10:46 135168 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-01 09:22 7618560 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-06-01 09:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-06-01 09:22 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 12:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-15 10:46 131072 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-09-30 17:01 16864768 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-12-14 16:19 132624 ------w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-10-23 15:05 2615624 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [21. 3. 2013 15:30 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21. 3. 2013 15:30 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21. 3. 2013 15:30 368176]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [17. 12. 2011 19:56 30656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21. 3. 2013 15:30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [21. 3. 2013 15:30 66336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9. 1. 2011 16:29 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24. 7. 2008 19:46 12856]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16. 11. 2009 18:33 50704]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28. 2. 2013 19:25 161384]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [21. 3. 2013 15:30 164736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 08:08 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 09:08]
.
2013-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
.
2013-06-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-21 22:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://www.hageltech.com/dumeter/uninstall?pro ... b5b&edl=30
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=061613
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=061613&q=
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{D8278076-BC68-4484-9233-6E7F1628B56C} - (no file)
HKCU-Run-DU Meter - c:\program files\DU Meter\DUMeter.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ApnTBMon - c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
MSConfigStartUp-DU Meter - c:\program files\DU Meter\DUMeter.exe
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-25 15:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\relog_ap.dll
.
Completion time: 2013-06-25 15:54:54
ComboFix-quarantined-files.txt 2013-06-25 13:54
.
Pre-Run: 93 074 010 112 bytes free
Post-Run: 15 adresárov, 93 265 620 992 voľných bajtov
.
- - End Of File - - 4D8F46AC7C4BD03BBEDDE93596E084AE
8F558EB6672622401DA993E1E865C861

Re: rada s MWAV

Napsal: 25 čer 2013 18:10
od Rudy
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Firefox::
FF - ProfilePath - c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=061613
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF& ... =061613&q=
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::
Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: rada s MWAV

Napsal: 27 čer 2013 14:39
od MartinW
ComboFix 13-06-27.01 - uzivatel . 06. 2013 15:14:00.5.4 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.1014.614 [GMT 2:00]
Running from: d:\!data!\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\uzivatel\Desktop\CFScript.txt..txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\chrome.manifest
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\chrome\skin\logmein32.png
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\chrome\skin\logmein64.png
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\install.rdf
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\META-INF\manifest.mf
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\META-INF\zigbert.rsa
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\META-INF\zigbert.sf
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x64\avutil-51.dll
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x64\LMIGuardian.exe
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x64\LMIGuardianDll.dll
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x64\LMIGuardianEvt.dll
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x64\LMIProxyHelper.exe
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x64\ractrlkeyhook.dll
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x64\swscale-2.dll
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x86\avutil-51.dll
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x86\LMIGuardian.exe
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x86\LMIGuardianDll.dll
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x86\LMIGuardianEvt.dll
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x86\LMIProxyHelper.exe
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x86\ractrlkeyhook.dll
c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\extensions\LogMeInClient@logmein.com\plugins\x86\swscale-2.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-05-27 to 2013-06-27 )))))))))))))))))))))))))))))))
.
.
2013-06-23 08:56 . 2013-06-23 08:56 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\PCHealth
2013-06-23 08:01 . 2013-06-23 08:51 -------- d-----w- c:\windows\SxsCaPendDel
2013-06-23 07:37 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-06-22 18:59 . 2012-06-02 13:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-06-22 18:58 . 2011-02-08 13:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2013-06-22 18:58 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-06-22 17:59 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-06-22 17:57 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-06-22 17:56 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-22 17:56 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-06-22 17:49 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-06-22 17:43 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-06-22 17:42 . 2013-05-07 22:30 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-06-22 17:40 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-06-22 17:40 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-06-22 17:40 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-06-22 17:38 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-06-22 16:42 . 2013-06-22 16:42 -------- d-----w- c:\windows\system32\scripting
2013-06-22 16:42 . 2013-06-22 16:42 -------- d-----w- c:\windows\l2schemas
2013-06-22 16:42 . 2013-06-22 16:42 -------- d-----w- c:\windows\system32\en
2013-06-22 16:42 . 2013-06-22 16:42 -------- d-----w- c:\windows\system32\bits
2013-06-22 16:28 . 2013-06-22 16:28 -------- d-----w- c:\windows\EHome
2013-06-22 15:47 . 2013-06-22 15:47 -------- d-sh--w- c:\documents and settings\uzivatel\PrivacIE
2013-06-22 15:45 . 2013-06-22 15:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-06-22 15:45 . 2013-06-22 15:45 -------- d-sh--w- c:\documents and settings\uzivatel\IETldCache
2013-06-22 15:39 . 2013-06-22 15:41 -------- dc-h--w- c:\windows\ie8
2013-06-22 15:39 . 2013-06-22 15:40 -------- d-----w- c:\windows\system32\sk-SK
2013-06-22 15:34 . 2013-05-07 22:30 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-06-22 15:34 . 2013-05-07 22:30 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-06-22 15:34 . 2013-05-07 22:30 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-06-22 15:34 . 2013-05-07 22:30 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-06-22 15:34 . 2013-05-07 22:30 2005504 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-06-22 15:33 . 2013-05-07 22:30 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-06-22 15:33 . 2013-05-07 22:30 11112960 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-06-22 15:21 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2013-06-22 15:20 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2013-06-22 15:19 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2013-06-22 15:18 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2013-06-22 15:17 . 2008-04-14 00:11 12800 ------w- c:\windows\system32\credssp.dll
2013-06-16 10:37 . 2013-06-17 15:04 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Skype
2013-06-16 10:37 . 2013-06-16 10:37 -------- d-----w- c:\program files\Common Files\Skype
2013-06-15 13:07 . 2013-06-15 13:09 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Zoner
2013-06-15 13:07 . 2013-06-15 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Zoner
2013-06-15 13:07 . 2013-06-15 13:07 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\Zoner
2013-06-15 13:06 . 2013-06-15 13:06 -------- d-----w- c:\program files\Zoner
2013-06-12 12:52 . 2013-06-12 12:52 -------- d-----w- c:\program files\Lavalys
2013-06-11 11:20 . 2013-06-11 11:20 -------- d-----w- c:\program files\Common Files\Nikon
2013-06-11 11:19 . 2013-06-11 12:47 -------- d-----w- c:\program files\RAW PhotoDesk
2013-06-11 10:01 . 2013-06-11 10:01 -------- d-----w- c:\documents and settings\uzivatel\Application Data\RawTherapeeAlpha
2013-06-10 15:46 . 2013-06-10 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2013-06-10 15:29 . 2013-06-10 15:29 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2013-06-09 12:31 . 2013-06-09 12:31 -------- d-----w- c:\documents and settings\uzivatel\Application Data\Apple Computer
2013-06-09 11:44 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-06-09 11:44 . 2004-08-03 22:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2013-06-09 11:40 . 2013-06-09 11:40 -------- d-----w- c:\program files\QuickTime
2013-06-09 11:40 . 2013-06-09 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2013-06-09 11:40 . 2013-06-09 11:40 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\Apple
2013-06-09 11:39 . 2013-06-09 11:39 -------- d-----w- c:\program files\Apple Software Update
2013-06-09 11:39 . 2013-06-09 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2013-06-09 11:39 . 2013-06-09 11:39 -------- d-----w- c:\documents and settings\uzivatel\Local Settings\Application Data\Apple Computer
2013-06-09 11:38 . 2001-09-05 01:18 77824 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-06-09 11:38 . 2001-09-05 01:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2013-06-09 11:38 . 2001-09-05 01:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-06-09 11:38 . 2001-09-05 01:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-06-09 11:38 . 2008-02-26 01:00 614532 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-06-09 11:37 . 2013-06-09 11:45 -------- d-----w- c:\documents and settings\uzivatel\Application Data\FUJIFILM
2013-06-09 11:36 . 2013-06-22 13:05 -------- d-----w- c:\program files\FinePixViewer
2013-06-09 11:36 . 2006-07-12 12:39 208896 ----a-w- c:\windows\system32\FFRafShellEx.dll
2013-06-09 11:36 . 2004-07-24 19:28 155648 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2013-06-09 11:36 . 2003-09-03 14:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2013-06-09 11:36 . 2013-06-09 11:36 -------- d-----w- c:\documents and settings\uzivatel\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 09:08 . 2013-03-05 21:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-23 09:08 . 2013-03-05 21:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2006-02-28 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31 . 2006-02-28 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-07 14:30 . 2013-03-21 13:06 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18643048]
"Zoner Photo Studio Autoupdate"="c:\program files\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE" [2012-10-18 752736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-02 74752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2013-6-9 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-11-07 12:41 92072 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-10-23 15:10 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-10-23 16:58 906648 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 15:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 10:46 159744 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-15 10:46 135168 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-01 09:22 7618560 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-06-01 09:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-06-01 09:22 1519616 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 12:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-15 10:46 131072 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-09-30 17:01 16864768 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-12-14 16:19 132624 ------w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-10-23 15:05 2615624 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [21. 3. 2013 15:30 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21. 3. 2013 15:30 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21. 3. 2013 15:30 368176]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [17. 12. 2011 19:56 30656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21. 3. 2013 15:30 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [21. 3. 2013 15:30 66336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9. 1. 2011 16:29 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24. 7. 2008 19:46 12856]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16. 11. 2009 18:33 50704]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28. 2. 2013 19:25 161384]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [21. 3. 2013 15:30 164736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 08:08 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-05 09:08]
.
2013-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
.
2013-06-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-21 22:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Connection Wizard,ShellNext = hxxp://www.hageltech.com/dumeter/uninstall?pro ... b5b&edl=30
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\documents and settings\uzivatel\Application Data\Mozilla\Firefox\Profiles\pns2mckl.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-27 15:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-06-27 15:35:34 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-27 13:35
ComboFix2.txt 2013-06-25 13:54
.
Pre-Run: 92 931 764 224 bytes free
Post-Run: 15 adresárov, 92 861 243 392 voľných bajtov
.
- - End Of File - - 34C82E0ABF879894D9BD3B46098CA430
8F558EB6672622401DA993E1E865C861

Re: rada s MWAV

Napsal: 27 čer 2013 18:02
od Rudy
Log je již OK. Nastala nějaká změna?

Re: rada s MWAV

Napsal: 28 čer 2013 10:29
od MartinW
po zapnuti PC je uvodne pripojenie na net a snaha o prezeranie webu zla.trva aj minuty,kym sa spusti net,nasledne nacitanie stranok zamrza,cele to trva par minut,potom akoby sa PC spametal a vsetko funguje ako ma.

Re: rada s MWAV

Napsal: 28 čer 2013 17:32
od Rudy
Zkuste přeinstalovat ovladač síť, nebo wifi karty (podle toho, přes kterou se připojujete).

Re: rada s MWAV

Napsal: 04 črc 2013 08:43
od MartinW
preinstalovanim sa nic nezmenilo,ale odinstaloval som Zoner Photo Studio a citelne sa to zlepsilo.

Re: rada s MWAV

Napsal: 04 črc 2013 17:15
od Rudy
Zajímavé. Tento program by se sítí neměl mít celkem nic společného.

Re: rada s MWAV

Napsal: 08 črc 2013 11:06
od MartinW
zrejma som to zakrikol.nebol som par dni na PC a dnes po zapnuti opat ten isty problem,spomaleny chod v uvode a pismo sa javí ako mierne rozmazane (jemny film sa robi od pisma smerom do prava) aj pri praci v PC bez pripojenia.

Re: rada s MWAV

Napsal: 08 črc 2013 17:52
od Rudy
Zkuste přeinstalovat gr. ovladač. Problém ale může mít i gr. karta.

Re: rada s MWAV

Napsal: 10 črc 2013 11:48
od MartinW
dnes som dal vacsiu RAM o 1 GB (koli novemu programu) a odozva PC sa pekne zrychlila a zaroven problem s jemne rozmazanym pismom je prec,snad to vydrzi.
zatial dakujem

Re: rada s MWAV

Napsal: 10 črc 2013 11:58
od Rudy
Na zrychlení RAMka vliv má, ale že by i na kvalitu zobrazení? Vy máte integrovanou grafiku?

Re: rada s MWAV

Napsal: 10 črc 2013 16:15
od MartinW
ano ,Intel(R) 82945G Express Chipset Family (64 MB)

Re: rada s MWAV

Napsal: 10 črc 2013 17:04
od Rudy
Pak je to možné. Grafika rekvíruje určité procento (nastavuje se v biosu) z oper. paměti. Při přidání RAM je sice procento stejné (pokud nebylo nastaveno jinak), ale objem je vyšší. Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 7 z 7

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz