ThinkPoint - odtraněn ale horzně pomalý pc
Napsal: 21 lis 2010 16:37
Zdravim x) V sobotu jsem chytil ThinkPoint a jako neznalec jsem to podělal reset atd. 
ale když jsem si najel na internet(jiný PC) tak se mi ho podařilo smazat stránku na požádání klidně dodám.
Jakmile jsem pak restartoval PC ThinkPoint už se neukázal , ale PC se seká strašně moc, pak jsem najel na tyhlety pěkné stránky a ihned jsem přečetl pár příspěvků atd. - stáhl jsem si ComboFix a udělal LOG a tu vám ho přikládám .... prosím pomozte mi .. projížděl jsem to anti virákama spy.. atd.
Tu:
ComboFix 10-11-20.06 - MOJE 21.11.2010 15:53:32.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3036.2050 [GMT 1:00]
Spuštěný z: c:\users\MOJE\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\YouTube Downloader Toolbar\SeARchsettings.dll
c:\users\MOJE\AppData\Roaming\completescan
c:\users\MOJE\AppData\Roaming\Desktopicon
c:\users\MOJE\AppData\Roaming\Desktopicon\eBay.ico
c:\users\MOJE\AppData\Roaming\Desktopicon\uninst.exe
c:\users\MOJE\AppData\Roaming\chrtmp
c:\users\MOJE\AppData\Roaming\inst.exe
c:\users\MOJE\AppData\Roaming\install
c:\users\MOJE\AppData\Roaming\scgdfgasfbh.bat
c:\users\MOJE\FAVORI~1\CGS12_TBYB_EN.exe
c:\users\MOJE\Favorites\CGS12_TBYB_EN.exe
c:\windows\system32\vbzlib1.dll
E:\install.exe
Nakažená kopie c:\windows\system32\wininit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
Nakažená kopie c:\windows\explorer.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-21 do 2010-11-21 )))))))))))))))))))))))))))))))
.
2010-11-21 15:12 . 2010-11-21 15:14 -------- d-----w- c:\users\MOJE\AppData\Local\temp
2010-11-21 15:12 . 2010-11-21 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-20 08:10 . 2010-11-20 08:10 -------- d-----w- c:\users\MOJE\AppData\Local\Threat Expert
2010-11-19 19:45 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-11-19 19:45 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-11-19 19:45 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-11-19 19:45 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-11-19 19:44 . 2010-02-05 08:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-11-19 19:44 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-19 19:44 . 2010-03-10 10:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-19 19:44 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-19 19:44 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-19 19:44 . 2010-11-19 19:45 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-19 19:44 . 2010-11-21 15:14 -------- d-----w- c:\program files\Spyware Doctor
2010-11-19 19:44 . 2010-11-19 20:48 -------- d-----w- c:\programdata\PC Tools
2010-11-19 19:44 . 2010-11-19 19:44 -------- d-----w- c:\users\MOJE\AppData\Roaming\PC Tools
2010-11-16 18:26 . 2010-11-16 18:26 -------- d-----w- c:\program files\GifCreator
2010-11-16 18:10 . 2010-11-16 18:10 -------- d-----w- c:\program files\FoxArc Magic Animator
2010-11-16 18:01 . 2010-11-16 18:09 -------- d-----w- c:\program files\Photo Toucher
2010-11-16 17:44 . 2005-04-30 22:00 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-11-16 17:44 . 2010-11-16 17:44 -------- d-----w- c:\program files\Common Files\SourceTec
2010-11-16 17:43 . 2010-11-16 17:43 -------- d-----w- c:\program files\SourceTec
2010-11-16 17:33 . 2005-06-15 02:16 926984 ----a-w- c:\windows\system32\wodFtpDLX.OCX
2010-11-16 17:33 . 2010-11-16 17:33 -------- d-----w- c:\users\MOJE\AppData\Roaming\InstallShield Installation Information
2010-11-16 17:33 . 2010-11-16 17:33 -------- d-----w- c:\users\MOJE\AppData\Roaming\CoffeeCup Software
2010-11-16 17:28 . 2010-11-16 17:28 -------- d-----w- c:\program files\Tales Animator
2010-11-16 17:13 . 2009-12-16 02:30 66800 ----a-w- c:\windows\UnDeployV.exe
2010-11-16 17:06 . 2010-11-16 17:06 -------- d-----w- c:\program files\AVTJet Studio
2010-11-09 18:45 . 2010-11-19 20:10 -------- d-sh--r- c:\users\Public\Microsoft-5858-2574
2010-11-02 13:56 . 2010-11-02 13:57 -------- d-----w- c:\users\MOJE\AppData\Roaming\PhotoFiltre Studio X
2010-11-02 13:56 . 2010-11-02 13:56 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-10-27 16:21 . 2010-11-19 20:10 -------- d-sh--r- c:\users\Public\D-2785-7947-8747
2010-10-27 06:48 . 2010-10-27 15:43 -------- d-----w- c:\users\MOJE\AppData\Roaming\PhotoScape
2010-10-27 06:48 . 2010-10-27 06:48 -------- d-----w- c:\program files\PhotoScape
2010-10-24 06:45 . 2010-10-24 06:45 -------- d-----w- c:\users\MOJE\AppData\Local\Speedchecker
2010-10-24 06:37 . 2010-10-24 06:45 -------- d-----w- c:\program files\Zrychleni Pocitace
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 07:11 . 2010-10-13 15:34 462112 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2010-05-04 2349080]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2010-05-04 09:18 2349080 ----a-w- c:\program files\Free_Lunch_Design\tbFre1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 15:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2010-05-04 2349080]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2010-05-04 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-08-14 2198248]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-23 39408]
"Google Update"="c:\users\MOJE\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-17 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"SearchSettings"="c:\program files\YouTube Downloader Toolbar\SearchSettings.exe" [2010-02-19 974848]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"PCSpeedUp"="c:\program files\Zrychleni Pocitace\PCSpeedUp.exe" [2010-09-21 856312]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]
c:\users\MOJE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-03-29 38224]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-18 3753224]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
R3 XDva341;XDva341;c:\windows\system32\XDva341.sys [x]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-02-05 70408]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-12-17 123280]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-12-17 41616]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-12-17 110096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
2010-11-21 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-12-07 14:35]
2010-11-21 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-07 08:55]
2010-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 17:20]
2010-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 17:20]
2010-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170660372-3488450625-92763971-1000Core.job
- c:\users\MOJE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 06:38]
2010-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170660372-3488450625-92763971-1000UA.job
- c:\users\MOJE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 06:38]
2010-11-21 c:\windows\Tasks\Registry Reviver-MOJE-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2010-05-27 10:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\MOJE\AppData\Roaming\Mozilla\Firefox\Profiles\ne3tjli1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/sm
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\MOJE\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\MOJE\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\MOJE\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\MOJE\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-Animated Screen - c:\program files\Animated Screen\PY_UNINSTAL.EXE SOFTWARE\PySoft\Animated_Screen
AddRemove-eBay Icon - c:\users\MOJE\AppData\Roaming\Desktopicon\uninst.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(3856)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\taskhost.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-11-21 16:22:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-21 15:22
Před spuštěním: Volných bajtů: 23 064 317 952
Po spuštění: Volných bajtů: 23 232 708 608
- - End Of File - - 7D6D4281982CD08ECAA6A7A7172BBE0C
ale když jsem si najel na internet(jiný PC) tak se mi ho podařilo smazat stránku na požádání klidně dodám.Jakmile jsem pak restartoval PC ThinkPoint už se neukázal , ale PC se seká strašně moc, pak jsem najel na tyhlety pěkné stránky a ihned jsem přečetl pár příspěvků atd. - stáhl jsem si ComboFix a udělal LOG a tu vám ho přikládám .... prosím pomozte mi .. projížděl jsem to anti virákama spy.. atd.
Tu:
ComboFix 10-11-20.06 - MOJE 21.11.2010 15:53:32.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3036.2050 [GMT 1:00]
Spuštěný z: c:\users\MOJE\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\YouTube Downloader Toolbar\SeARchsettings.dll
c:\users\MOJE\AppData\Roaming\completescan
c:\users\MOJE\AppData\Roaming\Desktopicon
c:\users\MOJE\AppData\Roaming\Desktopicon\eBay.ico
c:\users\MOJE\AppData\Roaming\Desktopicon\uninst.exe
c:\users\MOJE\AppData\Roaming\chrtmp
c:\users\MOJE\AppData\Roaming\inst.exe
c:\users\MOJE\AppData\Roaming\install
c:\users\MOJE\AppData\Roaming\scgdfgasfbh.bat
c:\users\MOJE\FAVORI~1\CGS12_TBYB_EN.exe
c:\users\MOJE\Favorites\CGS12_TBYB_EN.exe
c:\windows\system32\vbzlib1.dll
E:\install.exe
Nakažená kopie c:\windows\system32\wininit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
Nakažená kopie c:\windows\explorer.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-21 do 2010-11-21 )))))))))))))))))))))))))))))))
.
2010-11-21 15:12 . 2010-11-21 15:14 -------- d-----w- c:\users\MOJE\AppData\Local\temp
2010-11-21 15:12 . 2010-11-21 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-20 08:10 . 2010-11-20 08:10 -------- d-----w- c:\users\MOJE\AppData\Local\Threat Expert
2010-11-19 19:45 . 2010-01-22 08:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-11-19 19:45 . 2010-01-22 08:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-11-19 19:45 . 2010-01-22 08:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-11-19 19:45 . 2010-01-22 08:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-11-19 19:44 . 2010-02-05 08:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-11-19 19:44 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-19 19:44 . 2010-03-10 10:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-19 19:44 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-19 19:44 . 2010-02-05 08:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-19 19:44 . 2010-11-19 19:45 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-19 19:44 . 2010-11-21 15:14 -------- d-----w- c:\program files\Spyware Doctor
2010-11-19 19:44 . 2010-11-19 20:48 -------- d-----w- c:\programdata\PC Tools
2010-11-19 19:44 . 2010-11-19 19:44 -------- d-----w- c:\users\MOJE\AppData\Roaming\PC Tools
2010-11-16 18:26 . 2010-11-16 18:26 -------- d-----w- c:\program files\GifCreator
2010-11-16 18:10 . 2010-11-16 18:10 -------- d-----w- c:\program files\FoxArc Magic Animator
2010-11-16 18:01 . 2010-11-16 18:09 -------- d-----w- c:\program files\Photo Toucher
2010-11-16 17:44 . 2005-04-30 22:00 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-11-16 17:44 . 2010-11-16 17:44 -------- d-----w- c:\program files\Common Files\SourceTec
2010-11-16 17:43 . 2010-11-16 17:43 -------- d-----w- c:\program files\SourceTec
2010-11-16 17:33 . 2005-06-15 02:16 926984 ----a-w- c:\windows\system32\wodFtpDLX.OCX
2010-11-16 17:33 . 2010-11-16 17:33 -------- d-----w- c:\users\MOJE\AppData\Roaming\InstallShield Installation Information
2010-11-16 17:33 . 2010-11-16 17:33 -------- d-----w- c:\users\MOJE\AppData\Roaming\CoffeeCup Software
2010-11-16 17:28 . 2010-11-16 17:28 -------- d-----w- c:\program files\Tales Animator
2010-11-16 17:13 . 2009-12-16 02:30 66800 ----a-w- c:\windows\UnDeployV.exe
2010-11-16 17:06 . 2010-11-16 17:06 -------- d-----w- c:\program files\AVTJet Studio
2010-11-09 18:45 . 2010-11-19 20:10 -------- d-sh--r- c:\users\Public\Microsoft-5858-2574
2010-11-02 13:56 . 2010-11-02 13:57 -------- d-----w- c:\users\MOJE\AppData\Roaming\PhotoFiltre Studio X
2010-11-02 13:56 . 2010-11-02 13:56 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-10-27 16:21 . 2010-11-19 20:10 -------- d-sh--r- c:\users\Public\D-2785-7947-8747
2010-10-27 06:48 . 2010-10-27 15:43 -------- d-----w- c:\users\MOJE\AppData\Roaming\PhotoScape
2010-10-27 06:48 . 2010-10-27 06:48 -------- d-----w- c:\program files\PhotoScape
2010-10-24 06:45 . 2010-10-24 06:45 -------- d-----w- c:\users\MOJE\AppData\Local\Speedchecker
2010-10-24 06:37 . 2010-10-24 06:45 -------- d-----w- c:\program files\Zrychleni Pocitace
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 07:11 . 2010-10-13 15:34 462112 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2010-05-04 2349080]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2010-05-04 09:18 2349080 ----a-w- c:\program files\Free_Lunch_Design\tbFre1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 15:25 1438520 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2010-05-04 2349080]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFre1.dll" [2010-05-04 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2009-08-14 2198248]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-23 39408]
"Google Update"="c:\users\MOJE\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-17 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"SearchSettings"="c:\program files\YouTube Downloader Toolbar\SearchSettings.exe" [2010-02-19 974848]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"PCSpeedUp"="c:\program files\Zrychleni Pocitace\PCSpeedUp.exe" [2010-09-21 856312]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]
c:\users\MOJE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-03-29 38224]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-18 3753224]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
R3 XDva341;XDva341;c:\windows\system32\XDva341.sys [x]
R3 XDva343;XDva343;c:\windows\system32\XDva343.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
R4 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-02-05 70408]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-12-17 123280]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-12-17 41616]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-21 246584]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-12-17 110096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
2010-11-21 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-12-07 14:35]
2010-11-21 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-07 08:55]
2010-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 17:20]
2010-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 17:20]
2010-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170660372-3488450625-92763971-1000Core.job
- c:\users\MOJE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 06:38]
2010-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170660372-3488450625-92763971-1000UA.job
- c:\users\MOJE\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-26 06:38]
2010-11-21 c:\windows\Tasks\Registry Reviver-MOJE-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2010-05-27 10:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/sm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\MOJE\AppData\Roaming\Mozilla\Firefox\Profiles\ne3tjli1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/sm
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - component: c:\program files\YouTube Downloader Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\MOJE\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\MOJE\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\MOJE\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\MOJE\AppData\Roaming\Mozilla\plugins\npPxPlay.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-Animated Screen - c:\program files\Animated Screen\PY_UNINSTAL.EXE SOFTWARE\PySoft\Animated_Screen
AddRemove-eBay Icon - c:\users\MOJE\AppData\Roaming\Desktopicon\uninst.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(3856)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\taskhost.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-11-21 16:22:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-21 15:22
Před spuštěním: Volných bajtů: 23 064 317 952
Po spuštění: Volných bajtů: 23 232 708 608
- - End Of File - - 7D6D4281982CD08ECAA6A7A7172BBE0C
