ako odstranit aviru?
Napsal: 06 črc 2010 22:24
ahojte. mam problem s antivirusom. nedari sa mi odinstalovat antivir "avira" resp. sucasti tohoto antivirusu. co mam prosim Vas robit?
Stránka 1 z 2
Re: ako odstranit aviru?
Napsal: 06 črc 2010 22:31
Zkuste použít RevoUninstaller: http://www.stahuj.centrum.cz/utility_a_ ... installer/ .
Re: ako odstranit aviru?
Napsal: 06 črc 2010 23:09
RevoUninstaller tie sucasti nenasiel
Re: ako odstranit aviru?
Napsal: 06 črc 2010 23:54
omlouvam se za vstup Rudy 
pro rivers2:
1.mozna vam to pomuze
dole prelozeno pres google-- F8 boot nouzovej rezim- a tady rucne smazat soubory+potom avira cleaner:
http://translate.google.cz/translate?hl ... =firefox-a
2.stahnete Avira cleaner http://dl.antivir.de/down/windows/regis ... ner_en.zip
3.rozbalte avira cleaner--spustit a tady vybrat select all a click na Delete
4.restart
pro rivers2:
1.mozna vam to pomuze
dole prelozeno pres google-- F8 boot nouzovej rezim- a tady rucne smazat soubory+potom avira cleaner:http://translate.google.cz/translate?hl ... =firefox-a
2.stahnete Avira cleaner http://dl.antivir.de/down/windows/regis ... ner_en.zip
3.rozbalte avira cleaner--spustit a tady vybrat select all a click na Delete
4.restart
Re: ako odstranit aviru?
Napsal: 07 črc 2010 09:04
skusam sa cez F8, dostat do nudzoveho rezimu ale nejako sa mi to nedari. nie je na to nejaky iny trik? pouzivam win7
nudzovy rezim vyrieseny cez msconfig...
nudzovy rezim vyrieseny cez msconfig...
Re: ako odstranit aviru?
Napsal: 07 črc 2010 12:57
rivers2 píše:skusam sa cez F8, dostat do nudzoveho rezimu ale nejako sa mi to nedari. nie je na to nejaky iny trik? pouzivam win7
nudzovy rezim vyrieseny cez msconfig...
http://windows.microsoft.com/cs-CZ/wind ... -safe-modeRe: ako odstranit aviru?
Napsal: 07 črc 2010 13:13
nudzovy rezim som poriesil a vsetko co sa dalo zmazal. az na tuto kniznicu:
nejde mi z nicim odstranit
nejde mi z nicim odstranit
Re: ako odstranit aviru?
Napsal: 07 črc 2010 13:34
pomoci tohoto programku Killbox smazte: http://www.viry.cz/forum/viewtopic.php?f=15&t=43207
vlozenim prislusne cesty k souboru do okenka Full Path Of File To Delete (pokud se tedy jedna o jeden soubor), zatrzenim voleb Single File, Delete On Reboot a Unregister Dll Before Deleting a kliknutim na bily krizek v cervenem kolecku; takto mate zajisteno, ze bude zaznam knihovny smazan z registru a po restartu smazana z disku.
Re: ako odstranit aviru?
Napsal: 07 črc 2010 13:54
KillBox nepomohol:
Re: ako odstranit aviru?
Napsal: 07 črc 2010 14:01
udelejte tohle:
1.stahnete Avira cleaner http://dl.antivir.de/down/windows/regis ... ner_en.zip
2.F8 boot nouzovej rezim
3.rozbalte avira cleaner--spustit a tady vybrat select all a click na Delete
4.restart
1.stahnete Avira cleaner http://dl.antivir.de/down/windows/regis ... ner_en.zip
2.F8 boot nouzovej rezim
3.rozbalte avira cleaner--spustit a tady vybrat select all a click na Delete
4.restart
Re: ako odstranit aviru?
Napsal: 07 črc 2010 14:13
no, urobil som to tak ale ziadna zmena. ta Avira je stale tam, a nie a nie ju odstranit...
Re: ako odstranit aviru?
Napsal: 07 črc 2010 14:32
1.zkusit reinstal avira+uninstal
jak nepujde
2.zjistit ktera sluzba AVIRA jeste bezi a rucne zastavit+smazat napr pres Window 7 Manager(optimizer-->>service manager) http://www.yamicsoft.com/windows7manager/index.html
3.pozadat Rudyho pres combofix smazat
jak nepujde
2.zjistit ktera sluzba AVIRA jeste bezi a rucne zastavit+smazat napr pres Window 7 Manager(optimizer-->>service manager) http://www.yamicsoft.com/windows7manager/index.html
3.pozadat Rudyho pres combofix smazat
Re: ako odstranit aviru?
Napsal: 07 črc 2010 18:16
Udělejte sken ComboFix a vložte log.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Re: ako odstranit aviru?
Napsal: 07 črc 2010 18:37
ComboFix 10-07-06.05 - Jozo . 07. 2010 19:27:52.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.3070.2052 [GMT 2:00]
Running from: c:\users\Jozo\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Jozo\AppData\Roaming\Desktopicon
c:\users\Jozo\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Jozo\AppData\Roaming\Desktopicon\uninst.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.
2010-07-07 17:33 . 2010-07-07 17:33 -------- d-----w- c:\users\Jozo\AppData\Local\temp
2010-07-07 17:33 . 2010-07-07 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-07 17:23 . 2010-07-07 17:23 -------- d-----w- C:\32788R22FWJFW
2010-07-07 13:21 . 2010-07-07 13:23 23124 ----a-w- c:\windows\hpqins15.dat
2010-07-07 12:32 . 2010-07-07 12:32 -------- d-----w- c:\program files\Auslogics
2010-07-07 11:47 . 2010-07-07 17:33 -------- d-----w- c:\users\Jozo\AppData\Local\CrashDumps
2010-07-06 22:39 . 2010-07-07 14:00 -------- d-----w- c:\users\Jozo\AppData\Roaming\skypePM
2010-07-06 22:36 . 2010-07-07 15:26 -------- d-----w- c:\users\Jozo\AppData\Roaming\Skype
2010-07-06 22:36 . 2010-07-06 22:36 -------- d-----w- c:\program files\Common Files\Skype
2010-07-06 22:36 . 2010-07-06 22:36 -------- d-----r- c:\program files\Skype
2010-07-06 22:28 . 2010-07-06 22:36 -------- d-----w- c:\programdata\Skype
2010-07-06 22:07 . 2010-07-06 22:07 -------- d-----w- c:\program files\VS Revo Group
2010-07-06 21:54 . 2010-07-06 21:54 198064 ----a-w- c:\users\Jozo\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-07-06 21:54 . 2010-07-06 21:54 -------- d-----w- c:\users\Jozo\AppData\Roaming\IDM
2010-07-06 21:54 . 2010-07-06 21:56 -------- d-----w- c:\program files\Internet Download Manager
2010-07-06 21:05 . 2010-07-06 21:11 -------- d-----w- c:\program files\Unlocker
2010-07-03 09:15 . 2010-07-03 09:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-07-03 07:20 . 2010-07-03 07:20 -------- d-----w- c:\windows\system32\Wat
2010-07-03 07:07 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-03 07:07 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-03 07:07 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-03 07:07 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-03 07:07 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-03 07:05 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-07-03 06:54 . 2010-07-03 06:58 -------- d-----w- c:\users\Jozo\AppData\Local\Tific
2010-07-03 06:46 . 2010-07-03 06:46 -------- d-----w- c:\users\Jozo\AppData\Roaming\Tific
2010-07-03 06:46 . 2010-07-03 06:46 -------- d-----w- c:\users\Jozo\AppData\Local\Symantec
2010-07-03 06:45 . 2010-07-03 06:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-03 06:45 . 2010-07-03 07:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-03 06:45 . 2010-07-03 06:45 -------- d-----w- c:\program files\Symantec
2010-07-03 06:45 . 2010-07-06 21:45 -------- d-----w- c:\windows\system32\drivers\NIS
2010-07-03 06:45 . 2010-07-03 06:45 -------- d-----w- c:\program files\Norton Internet Security
2010-07-03 06:45 . 2010-07-03 08:10 -------- d-----w- c:\programdata\Norton
2010-07-03 06:44 . 2010-07-06 20:16 -------- d-----w- c:\programdata\NortonInstaller
2010-07-03 06:44 . 2010-07-03 06:44 -------- d-----w- c:\program files\NortonInstaller
2010-07-02 15:39 . 2010-07-02 16:21 -------- d-----w- c:\program files\CCleaner
2010-07-02 15:05 . 2010-07-02 15:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-02 10:49 . 2010-07-02 10:49 61440 ----a-w- c:\windows\system32\lpremove.exe
2010-07-02 10:49 . 2010-07-02 10:49 6144 ----a-w- c:\windows\system32\lpksetupproxyserv.dll
2010-07-02 10:49 . 2010-07-02 10:49 477696 ----a-w- c:\windows\system32\lpksetup.exe
2010-07-02 10:49 . 2010-07-02 10:49 26624 ----a-w- c:\windows\system32\LangCleanupSysprepAction.dll
2010-07-02 10:49 . 2010-07-02 10:49 10240 ----a-w- c:\windows\system32\MUILanguageCleanup.dll
2010-07-02 10:49 . 2010-07-02 10:49 179712 ----a-w- c:\windows\system32\notepad.exe
2010-07-02 10:49 . 2010-07-02 10:49 179712 ----a-w- c:\windows\notepad.exe
2010-07-02 10:39 . 2009-07-21 11:40 404737 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2010-07-02 10:39 . 2009-06-03 13:26 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2010-07-02 10:39 . 2009-04-09 07:20 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2010-07-02 10:39 . 2009-02-27 08:59 8961 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2010-07-02 10:39 . 2009-02-24 10:16 117505 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2010-07-02 10:39 . 2008-12-05 08:32 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2010-07-02 10:25 . 2010-07-02 10:25 -------- d-----w- c:\programdata\WEBREG
2010-07-02 10:25 . 2010-07-02 10:25 -------- d-----w- c:\users\Jozo\AppData\Local\HP
2010-07-02 10:25 . 2010-07-02 10:25 -------- d-----w- c:\users\Jozo\AppData\Roaming\HP
2010-07-02 10:23 . 2010-07-02 10:23 -------- d-----w- c:\programdata\HP Product Assistant
2010-07-02 10:22 . 2010-07-02 10:22 -------- d-----w- c:\program files\Common Files\HP
2010-07-02 10:22 . 2010-07-02 10:22 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-07-02 10:21 . 2010-07-06 22:16 -------- d-----w- c:\program files\HP
2010-07-02 10:19 . 2010-07-06 22:17 210512 ----a-w- c:\windows\hpoins21.dat
2010-07-02 10:19 . 2009-10-08 01:28 5474 ------w- c:\windows\hpomdl21.dat
2010-07-02 10:19 . 2010-07-02 16:21 -------- d-----w- c:\programdata\HP
2010-07-02 10:19 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll
2010-07-02 10:19 . 2009-07-08 10:51 966656 ----a-w- c:\windows\system32\hpotiop5.dll
2010-07-02 10:19 . 2009-07-08 10:51 729088 ----a-w- c:\windows\system32\hpowiax5.dll
2010-07-02 10:19 . 2009-07-08 10:51 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2010-07-02 10:19 . 2009-07-08 10:51 303104 ----a-w- c:\windows\system32\hpovst12.dll
2010-07-02 10:07 . 2007-11-06 07:06 32080 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-07-02 10:07 . 2007-11-06 07:06 131672 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2010-07-02 10:07 . 2007-11-06 07:06 11568 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2010-07-02 10:07 . 2008-01-21 15:43 4244744 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-07-02 10:07 . 2008-01-21 15:43 13576 ----a-w- c:\windows\system32\wnaspi32.dll
2010-07-02 10:07 . 2008-01-21 15:43 247560 ----a-w- c:\windows\system32\prgiso.dll
2010-07-02 10:07 . 2007-11-06 07:06 39472 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-07-02 10:06 . 2010-07-02 10:07 -------- d-----w- c:\program files\Paragon Software
2010-07-02 10:05 . 2010-07-02 10:05 -------- d-----w- c:\users\Jozo\AppData\Roaming\URSoft
2010-07-02 10:05 . 2010-07-02 10:05 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-07-02 09:59 . 2009-12-09 16:31 20992 ----a-w- c:\users\Jozo\AppData\Roaming\Thunderbird\Profiles\58180bza.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
2010-07-02 09:58 . 2010-07-02 09:58 -------- d-----w- c:\users\Jozo\AppData\Roaming\Thunderbird
2010-07-02 09:58 . 2010-07-02 09:58 -------- d-----w- c:\users\Jozo\AppData\Local\Thunderbird
2010-07-02 09:57 . 2010-07-02 09:57 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-02 09:53 . 2010-02-25 09:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-07-02 09:53 . 2010-02-25 08:56 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-07-02 09:53 . 2010-02-25 08:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-07-02 09:53 . 2010-07-02 09:53 -------- d-----w- c:\users\Jozo\AppData\Roaming\TuneUp Software
2010-07-02 09:53 . 2010-07-02 09:53 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-02 09:53 . 2010-07-02 09:53 -------- d-----w- c:\programdata\TuneUp Software
2010-07-02 09:52 . 2010-07-02 09:52 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-07-02 09:51 . 2010-07-02 09:52 -------- d-----w- C:\totalcmd
2010-07-02 09:51 . 2010-07-02 09:51 -------- d-----w- c:\users\Jozo\AppData\Roaming\GHISLER
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-07-02 09:50 . 2010-07-02 09:50 -------- d-----w- c:\users\Jozo\AppData\Roaming\Nero
2010-07-02 09:49 . 2006-03-17 12:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2010-07-02 09:49 . 2010-07-02 09:49 -------- d-----w- c:\program files\Nero
2010-07-02 09:49 . 2010-07-02 09:49 -------- d-----w- c:\programdata\Nero
2010-07-02 09:49 . 2006-03-17 09:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2010-07-02 09:49 . 2006-03-17 09:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2010-07-02 09:49 . 2006-03-17 09:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2010-07-02 09:49 . 2006-03-17 09:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2010-07-02 09:49 . 2010-07-02 09:49 -------- d-----w- c:\program files\Common Files\Nero
2010-07-02 09:44 . 2010-07-02 09:44 -------- d-----w- c:\program files\Alcohol Soft
2010-07-02 09:41 . 2010-07-02 09:41 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-02 09:34 . 2010-07-02 10:39 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-02 09:34 . 2009-05-08 11:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-07-02 09:34 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-02 09:34 . 2009-02-24 10:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-07-02 09:34 . 2010-07-02 16:21 -------- d-----w- c:\program files\Avira
2010-07-02 09:34 . 2010-07-02 16:18 -------- d-----w- c:\programdata\Avira
2010-07-02 09:26 . 2010-07-02 09:26 53248 ----a-r- c:\users\Jozo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-02 09:26 . 2010-07-02 09:26 -------- d-----w- c:\users\Jozo\AppData\Roaming\Leadertech
2010-07-02 09:25 . 2010-07-02 09:28 -------- d-----w- c:\programdata\Logishrd
2010-07-02 09:25 . 2010-07-02 09:25 -------- d-----w- c:\program files\Logitech
2010-07-02 09:25 . 2010-07-02 09:26 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-02 09:25 . 2010-07-02 09:27 -------- d-----w- c:\users\Jozo\AppData\Roaming\Logitech
2010-07-02 09:25 . 2010-07-02 09:25 -------- d-----w- c:\users\Jozo\AppData\Roaming\Logishrd
2010-07-02 09:18 . 2010-07-07 15:07 -------- d-----w- c:\users\Jozo\AppData\Roaming\DMCache
2010-07-02 09:17 . 2010-07-02 09:17 -------- d-----w- c:\program files\MozBackup
2010-07-02 09:13 . 2010-07-06 20:10 109208 ----a-w- c:\users\Jozo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-02 09:13 . 2010-07-02 09:13 -------- d-----w- c:\windows\system32\Macromed
2010-07-02 09:12 . 2010-07-02 09:12 -------- d-----w- c:\users\Jozo\AppData\Local\Mozilla
2010-07-02 08:47 . 2010-07-02 07:57 -------- d-----w- c:\windows\Panther
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 22:39 . 2010-07-06 22:39 48 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-03 07:20 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-07-03 06:45 . 2010-07-03 06:45 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-03 06:45 . 2010-07-03 06:45 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-02 16:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Portable Devices
2010-07-02 16:21 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-07-02 16:21 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-07-02 08:15 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-07-02 07:51 . 2010-07-02 07:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-27 07:24 . 2010-07-03 06:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-07-03 06:40 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 05:18 . 2010-07-03 06:40 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-01 14:49 . 2010-07-03 06:40 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-07-03 06:40 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird -turbo" [X]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-10 3118512]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
c:\users\Jozo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registr cia věrobku.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 13080]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-03 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-02 721904]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-11-06 39472]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2009-05-08 97608]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [2010-06-18 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100706.003\IDSvix86.sys [2010-06-04 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-18 80392]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2009-02-24 69632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-03 102448]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Jozo\AppData\Roaming\Mozilla\Firefox\Profiles\nux3lvb5.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16062&locale=en_EU&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Jozo\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-eBay Icon - c:\users\Jozo\AppData\Roaming\Desktopicon\uninst.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-07 19:35:30
ComboFix-quarantined-files.txt 2010-07-07 17:35
Pre-Run: 97 959 804 928 bytes free
Post-Run: 99 022 368 768 bytes free
- - End Of File - - D2A0AEB7958C07960FBB6B905CC96600
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.3070.2052 [GMT 2:00]
Running from: c:\users\Jozo\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Jozo\AppData\Roaming\Desktopicon
c:\users\Jozo\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Jozo\AppData\Roaming\Desktopicon\uninst.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.
2010-07-07 17:33 . 2010-07-07 17:33 -------- d-----w- c:\users\Jozo\AppData\Local\temp
2010-07-07 17:33 . 2010-07-07 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-07 17:23 . 2010-07-07 17:23 -------- d-----w- C:\32788R22FWJFW
2010-07-07 13:21 . 2010-07-07 13:23 23124 ----a-w- c:\windows\hpqins15.dat
2010-07-07 12:32 . 2010-07-07 12:32 -------- d-----w- c:\program files\Auslogics
2010-07-07 11:47 . 2010-07-07 17:33 -------- d-----w- c:\users\Jozo\AppData\Local\CrashDumps
2010-07-06 22:39 . 2010-07-07 14:00 -------- d-----w- c:\users\Jozo\AppData\Roaming\skypePM
2010-07-06 22:36 . 2010-07-07 15:26 -------- d-----w- c:\users\Jozo\AppData\Roaming\Skype
2010-07-06 22:36 . 2010-07-06 22:36 -------- d-----w- c:\program files\Common Files\Skype
2010-07-06 22:36 . 2010-07-06 22:36 -------- d-----r- c:\program files\Skype
2010-07-06 22:28 . 2010-07-06 22:36 -------- d-----w- c:\programdata\Skype
2010-07-06 22:07 . 2010-07-06 22:07 -------- d-----w- c:\program files\VS Revo Group
2010-07-06 21:54 . 2010-07-06 21:54 198064 ----a-w- c:\users\Jozo\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-07-06 21:54 . 2010-07-06 21:54 -------- d-----w- c:\users\Jozo\AppData\Roaming\IDM
2010-07-06 21:54 . 2010-07-06 21:56 -------- d-----w- c:\program files\Internet Download Manager
2010-07-06 21:05 . 2010-07-06 21:11 -------- d-----w- c:\program files\Unlocker
2010-07-03 09:15 . 2010-07-03 09:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-07-03 07:20 . 2010-07-03 07:20 -------- d-----w- c:\windows\system32\Wat
2010-07-03 07:07 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-03 07:07 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-03 07:07 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-03 07:07 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-03 07:07 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-03 07:05 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-07-03 06:54 . 2010-07-03 06:58 -------- d-----w- c:\users\Jozo\AppData\Local\Tific
2010-07-03 06:46 . 2010-07-03 06:46 -------- d-----w- c:\users\Jozo\AppData\Roaming\Tific
2010-07-03 06:46 . 2010-07-03 06:46 -------- d-----w- c:\users\Jozo\AppData\Local\Symantec
2010-07-03 06:45 . 2010-07-03 06:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-03 06:45 . 2010-07-03 07:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-03 06:45 . 2010-07-03 06:45 -------- d-----w- c:\program files\Symantec
2010-07-03 06:45 . 2010-07-06 21:45 -------- d-----w- c:\windows\system32\drivers\NIS
2010-07-03 06:45 . 2010-07-03 06:45 -------- d-----w- c:\program files\Norton Internet Security
2010-07-03 06:45 . 2010-07-03 08:10 -------- d-----w- c:\programdata\Norton
2010-07-03 06:44 . 2010-07-06 20:16 -------- d-----w- c:\programdata\NortonInstaller
2010-07-03 06:44 . 2010-07-03 06:44 -------- d-----w- c:\program files\NortonInstaller
2010-07-02 15:39 . 2010-07-02 16:21 -------- d-----w- c:\program files\CCleaner
2010-07-02 15:05 . 2010-07-02 15:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-02 10:49 . 2010-07-02 10:49 61440 ----a-w- c:\windows\system32\lpremove.exe
2010-07-02 10:49 . 2010-07-02 10:49 6144 ----a-w- c:\windows\system32\lpksetupproxyserv.dll
2010-07-02 10:49 . 2010-07-02 10:49 477696 ----a-w- c:\windows\system32\lpksetup.exe
2010-07-02 10:49 . 2010-07-02 10:49 26624 ----a-w- c:\windows\system32\LangCleanupSysprepAction.dll
2010-07-02 10:49 . 2010-07-02 10:49 10240 ----a-w- c:\windows\system32\MUILanguageCleanup.dll
2010-07-02 10:49 . 2010-07-02 10:49 179712 ----a-w- c:\windows\system32\notepad.exe
2010-07-02 10:49 . 2010-07-02 10:49 179712 ----a-w- c:\windows\notepad.exe
2010-07-02 10:39 . 2009-07-21 11:40 404737 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2010-07-02 10:39 . 2009-06-03 13:26 345345 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2010-07-02 10:39 . 2009-04-09 07:20 79105 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2010-07-02 10:39 . 2009-02-27 08:59 8961 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2010-07-02 10:39 . 2009-02-24 10:16 117505 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2010-07-02 10:39 . 2008-12-05 08:32 126721 ----a-w- c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2010-07-02 10:25 . 2010-07-02 10:25 -------- d-----w- c:\programdata\WEBREG
2010-07-02 10:25 . 2010-07-02 10:25 -------- d-----w- c:\users\Jozo\AppData\Local\HP
2010-07-02 10:25 . 2010-07-02 10:25 -------- d-----w- c:\users\Jozo\AppData\Roaming\HP
2010-07-02 10:23 . 2010-07-02 10:23 -------- d-----w- c:\programdata\HP Product Assistant
2010-07-02 10:22 . 2010-07-02 10:22 -------- d-----w- c:\program files\Common Files\HP
2010-07-02 10:22 . 2010-07-02 10:22 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-07-02 10:21 . 2010-07-06 22:16 -------- d-----w- c:\program files\HP
2010-07-02 10:19 . 2010-07-06 22:17 210512 ----a-w- c:\windows\hpoins21.dat
2010-07-02 10:19 . 2009-10-08 01:28 5474 ------w- c:\windows\hpomdl21.dat
2010-07-02 10:19 . 2010-07-02 16:21 -------- d-----w- c:\programdata\HP
2010-07-02 10:19 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll
2010-07-02 10:19 . 2009-07-08 10:51 966656 ----a-w- c:\windows\system32\hpotiop5.dll
2010-07-02 10:19 . 2009-07-08 10:51 729088 ----a-w- c:\windows\system32\hpowiax5.dll
2010-07-02 10:19 . 2009-07-08 10:51 364544 ----a-w- c:\windows\system32\hppldcoi.dll
2010-07-02 10:19 . 2009-07-08 10:51 303104 ----a-w- c:\windows\system32\hpovst12.dll
2010-07-02 10:07 . 2007-11-06 07:06 32080 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-07-02 10:07 . 2007-11-06 07:06 131672 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2010-07-02 10:07 . 2007-11-06 07:06 11568 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2010-07-02 10:07 . 2008-01-21 15:43 4244744 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-07-02 10:07 . 2008-01-21 15:43 13576 ----a-w- c:\windows\system32\wnaspi32.dll
2010-07-02 10:07 . 2008-01-21 15:43 247560 ----a-w- c:\windows\system32\prgiso.dll
2010-07-02 10:07 . 2007-11-06 07:06 39472 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-07-02 10:06 . 2010-07-02 10:07 -------- d-----w- c:\program files\Paragon Software
2010-07-02 10:05 . 2010-07-02 10:05 -------- d-----w- c:\users\Jozo\AppData\Roaming\URSoft
2010-07-02 10:05 . 2010-07-02 10:05 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-07-02 09:59 . 2009-12-09 16:31 20992 ----a-w- c:\users\Jozo\AppData\Roaming\Thunderbird\Profiles\58180bza.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
2010-07-02 09:58 . 2010-07-02 09:58 -------- d-----w- c:\users\Jozo\AppData\Roaming\Thunderbird
2010-07-02 09:58 . 2010-07-02 09:58 -------- d-----w- c:\users\Jozo\AppData\Local\Thunderbird
2010-07-02 09:57 . 2010-07-02 09:57 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-02 09:53 . 2010-02-25 09:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-07-02 09:53 . 2010-02-25 08:56 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-07-02 09:53 . 2010-02-25 08:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-07-02 09:53 . 2010-07-02 09:53 -------- d-----w- c:\users\Jozo\AppData\Roaming\TuneUp Software
2010-07-02 09:53 . 2010-07-02 09:53 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-07-02 09:53 . 2010-07-02 09:53 -------- d-----w- c:\programdata\TuneUp Software
2010-07-02 09:52 . 2010-07-02 09:52 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-07-02 09:51 . 2010-07-02 09:52 -------- d-----w- C:\totalcmd
2010-07-02 09:51 . 2010-07-02 09:51 -------- d-----w- c:\users\Jozo\AppData\Roaming\GHISLER
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\UC.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\RAR.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKZIP.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\LHA.PIF
2010-07-02 09:51 . 2009-09-24 05:50 545 ----a-w- c:\windows\ARJ.PIF
2010-07-02 09:50 . 2010-07-02 09:50 -------- d-----w- c:\users\Jozo\AppData\Roaming\Nero
2010-07-02 09:49 . 2006-03-17 12:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2010-07-02 09:49 . 2010-07-02 09:49 -------- d-----w- c:\program files\Nero
2010-07-02 09:49 . 2010-07-02 09:49 -------- d-----w- c:\programdata\Nero
2010-07-02 09:49 . 2006-03-17 09:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2010-07-02 09:49 . 2006-03-17 09:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2010-07-02 09:49 . 2006-03-17 09:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2010-07-02 09:49 . 2006-03-17 09:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2010-07-02 09:49 . 2010-07-02 09:49 -------- d-----w- c:\program files\Common Files\Nero
2010-07-02 09:44 . 2010-07-02 09:44 -------- d-----w- c:\program files\Alcohol Soft
2010-07-02 09:41 . 2010-07-02 09:41 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-02 09:34 . 2010-07-02 10:39 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-02 09:34 . 2009-05-08 11:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
2010-07-02 09:34 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-02 09:34 . 2009-02-24 10:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
2010-07-02 09:34 . 2010-07-02 16:21 -------- d-----w- c:\program files\Avira
2010-07-02 09:34 . 2010-07-02 16:18 -------- d-----w- c:\programdata\Avira
2010-07-02 09:26 . 2010-07-02 09:26 53248 ----a-r- c:\users\Jozo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-02 09:26 . 2010-07-02 09:26 -------- d-----w- c:\users\Jozo\AppData\Roaming\Leadertech
2010-07-02 09:25 . 2010-07-02 09:28 -------- d-----w- c:\programdata\Logishrd
2010-07-02 09:25 . 2010-07-02 09:25 -------- d-----w- c:\program files\Logitech
2010-07-02 09:25 . 2010-07-02 09:26 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-02 09:25 . 2010-07-02 09:27 -------- d-----w- c:\users\Jozo\AppData\Roaming\Logitech
2010-07-02 09:25 . 2010-07-02 09:25 -------- d-----w- c:\users\Jozo\AppData\Roaming\Logishrd
2010-07-02 09:18 . 2010-07-07 15:07 -------- d-----w- c:\users\Jozo\AppData\Roaming\DMCache
2010-07-02 09:17 . 2010-07-02 09:17 -------- d-----w- c:\program files\MozBackup
2010-07-02 09:13 . 2010-07-06 20:10 109208 ----a-w- c:\users\Jozo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-02 09:13 . 2010-07-02 09:13 -------- d-----w- c:\windows\system32\Macromed
2010-07-02 09:12 . 2010-07-02 09:12 -------- d-----w- c:\users\Jozo\AppData\Local\Mozilla
2010-07-02 08:47 . 2010-07-02 07:57 -------- d-----w- c:\windows\Panther
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 22:39 . 2010-07-06 22:39 48 ---ha-w- c:\programdata\ezsidmv.dat
2010-07-03 07:20 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-07-03 06:45 . 2010-07-03 06:45 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-03 06:45 . 2010-07-03 06:45 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-02 16:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Portable Devices
2010-07-02 16:21 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-07-02 16:21 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-07-02 08:15 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-07-02 07:51 . 2010-07-02 07:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-27 07:24 . 2010-07-03 06:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-07-03 06:40 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 05:18 . 2010-07-03 06:40 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-01 14:49 . 2010-07-03 06:40 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 07:13 . 2010-07-03 06:40 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird -turbo" [X]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-09-10 3118512]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-05-18 1311312]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
c:\users\Jozo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registr cia věrobku.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 13080]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-03 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-02 721904]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-11-06 39472]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2009-08-30 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2009-05-08 97608]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [2010-06-18 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100706.003\IDSvix86.sys [2010-06-04 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-18 80392]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2009-02-24 69632]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-03 102448]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Jozo\AppData\Roaming\Mozilla\Firefox\Profiles\nux3lvb5.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16062&locale=en_EU&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Jozo\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-eBay Icon - c:\users\Jozo\AppData\Roaming\Desktopicon\uninst.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-07-07 19:35:30
ComboFix-quarantined-files.txt 2010-07-07 17:35
Pre-Run: 97 959 804 928 bytes free
Post-Run: 99 022 368 768 bytes free
- - End Of File - - D2A0AEB7958C07960FBB6B905CC96600
Re: ako odstranit aviru?
Napsal: 07 črc 2010 18:52
Otevřte poznámkový blok a zkopírujte do něj:
http://img138.imageshack.us/img138/6433/cfscript.gif
Problém je v tom, že v PC jsou 2 antiviry (Avira a NIS). Kromě toho, že mohou být příčinou sw kolize, může to být i důvod, že Avira nejde odinstalovat.
Uložte na plochu jako CFScriptr.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.File::
c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE
c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
c:\programdata\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
c:\windows\system32\drivers\avgntflt.sys
c:\windows\system32\drivers\avfwot.sys
c:\windows\system32\drivers\avipbb.sys
c:\windows\system32\drivers\avfwim.sys
Driver::
avgntflt
avfwot
avipbb
avfwim
Folder::
c:\program files\Avira
http://img138.imageshack.us/img138/6433/cfscript.gif
Problém je v tom, že v PC jsou 2 antiviry (Avira a NIS). Kromě toho, že mohou být příčinou sw kolize, může to být i důvod, že Avira nejde odinstalovat.