Preventivka :)

Zpráva

JrMn · #1 Příspěvek od **JrMn** » 25 čer 2011 10:18

Log je tu, bol prilis velky, a rozdelit ho bolo tazke ;(.

-> http://pastebin.com/BHvPxXf6

#2 Příspěvek od **vyosek** » 25 čer 2011 13:07

Zdravim a pekny den preji

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Doufam, ze ten ESET Smart Security zase neni nelegalni

JrMn · #3 Příspěvek od **JrMn** » 25 čer 2011 16:15

Zdravim vyosek,

tu je druhy log:

info.txt logfile of random's system information tool 1.08 2011-06-25 11:12:58

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe -maintain plugin
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Reader 9.4.5 MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
Adobe Shockwave Player-->MsiExec.exe /X{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Alien Swarm-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/630
Battlefield Heroes-->"C:\Program Files (x86)\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files (x86)\EA Games\Battlefield Heroes\Uninstall.xml"
Bloodline Champions-->MsiExec.exe /I{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}
BOINC-->MsiExec.exe /I{48F04AD2-77E9-45F3-8A4F-F5D38E519F02}
Cain & Abel v4.9.36-->C:\PROGRA~2\Cain\UNINSTAL.EXE C:\PROGRA~2\Cain\Install.log
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{E0897770-46C9-4322-AD44-8BFA6BE217B2}
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Counter-Strike: Condition Zero-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/80
Counter-Strike: Source-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink MediaShow-->"C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\setup.exe" /z-uninstall
CyberLink MediaShow-->"C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Dedicated Server-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/5
DotAlicious Gaming Client-->"C:\Program Files (x86)\DotAlicious Gaming Client\uninstall.exe"
DotAzilla-->C:\Program Files (x86)\DotAzilla\Uninstall.exe
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
EA Download Manager-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
ESL Wire 1.9.7-->"C:\Program Files\EslWire\unins000.exe"
ESU for Microsoft Windows 7-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Eurobattle.net-->"C:\Windows\Eurobattle.net\uninstall.exe" "/U:C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\Uninstall\uninstall.xml"
Ever Step-->"C:\Program Files (x86)\EverStep\uninstall.exe"
Flight Control HD-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/62000
Fraps (remove only)-->"C:\Program Files (x86)\Fraps\uninstall.exe"
Garena 2010-->C:\Program Files (x86)\Garena\uninst.exe
Garry's Mod-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/4000
Half-Life Dedicated Server Update Tool-->C:\PROGRA~2\Valve\HLServer\UNWISE.EXE C:\PROGRA~2\Valve\HLServer\INSTALL.LOG
HP Advisor-->MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
HP Quick Launch Buttons-->"C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0009 uninst
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17B4760F-334B-475D-829F-1A3E94A6A4E6}\setup.exe" -l0x9 -removeonly
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Update-->MsiExec.exe /X{D46D081B-F60E-467E-A7C4-117B70D76731}
HP User Guides -->MsiExec.exe /X{4D5927FF-F3A0-4E03-9DE9-8265499164CF}
HP Wireless Assistant-->MsiExec.exe /X{54CC7901-804D-4155-B353-21F0CC9112AB}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
ICCup Launcher-->"C:\Program Files (x86)\ICCup\Launcher\unins000.exe"
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Java(TM) 6 Update 17 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416017FF}
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
League of Legends-->"C:\Program Files (x86)\League of Legends\unins000.exe"
LightScribe System Software-->MsiExec.exe /X{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}
LogMeIn Hamachi-->C:\Windows\SysWOW64\\msiexec.exe /i {EEF985E8-8B36-4230-B174-117A2381C17F} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{EEF985E8-8B36-4230-B174-117A2381C17F}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
Microsoft Help Viewer 1.0-->MsiExec.exe /X{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011041B-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2008 (64-bit)-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"
Microsoft SQL Server 2008 (64-bit)-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{5340A3B5-3853-4745-BED2-DD9FF5371331}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{FA7394B8-CE65-4F9E-AC99-F372AD365424}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{FBD367D1-642F-47CF-B79B-9BE48FB34007}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{DF167CE3-60E7-44EA-99EC-2507C51F37AE}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}
Microsoft SQL Server 2008 Setup Support Files -->MsiExec.exe /X{B40EE88B-400A-4266-A17B-E3DE64E94431}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Compact 3.5 SP2 x64 ENU-->MsiExec.exe /I{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{0826F9E4-787E-481D-83E0-BC6A57B056D5}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053-->MsiExec.exe /X{B6E3757B-5E77-3915-866A-CCFC4B8D194C}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175-->MsiExec.exe /X{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU-->MsiExec.exe /X{BCA26999-EC22-3007-BB79-638913079C9A}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
mIRC-->C:\Program Files (x86)\mIRC\uninstall.exe _?=C:\Program Files (x86)\mIRC
Mozilla Firefox (3.6.16)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Mumble 1.2.3-->MsiExec.exe /I{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}
muvee Reveal-->MsiExec.exe /X{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
Opera 10.60-->MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F}
Opera 10.61-->MsiExec.exe /X{70858C67-8761-4444-895A-0A8B2E9E144E}
Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}
Opera 11.00-->MsiExec.exe /X{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}
Opera 11.11-->"C:\Program Files (x86)\Opera\Opera.exe" /uninstall
Poker Night at the Inventory-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/31280
PoxNora 1.4.7.0-->C:\Program Files (x86)\PoxNora\uninstall.exe
Python 3.1.2 (64-bit)-->MsiExec.exe /I{D40AF016-506C-43FB-A738-BD54FA8C1E86}
QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}
RaidCall-->C:\Program Files (x86)\raidcall\uninst.exe
Realtek Ethernet Controller Driver For Windows Vista and Later-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0009 -removeonly
Recovery Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
ROCCAT Kone[+] Mouse Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B99CB207-4704-4C51-9309-0FA90AA26DD4}\Setup.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846}
Source SDK Base 2006-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/215
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stream Player-->msiexec /qb /x {2F9B5E4A-6DC2-0530-C505-E4DD042D7620}
Stream Player-->MsiExec.exe /I{2F9B5E4A-6DC2-0530-C505-E4DD042D7620}
Super Meat Boy-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/40800
Swarm Arena-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/46600
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}
Team Fortress 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/440
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
T-Mobile Communication Center 3.67.62.99-->"C:\Program Files (x86)\T-Mobile Communication Center\unins000.exe"
TrackMania Nations Forever-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/11020
Ubuntu-->C:\ubuntu\uninstall-wubi.exe
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Vegas Pro 9.0 (64-bit)-->MsiExec.exe /X{88EAF577-71FA-46F2-8E42-AEA33E35AFB1}
Ventrilo Client for Windows x64-->MsiExec.exe /X{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}
VLC media player 1.1.10-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
VOIPlay-->C:\Program Files (x86)\VOIPlay\voiplay_uninstall.exe
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-win7x64-brcm.inf_amd64_neutral_9f61c0dbf5607025\bcbtums-win7x64-brcm.inf
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbtums-vistax64-brcm.inf_amd64_neutral_669857059b361c7a\bcbtums-vistax64-brcm.inf
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)-->C:\PROGRA~1\DIFX\84B2E36983483FEB\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\bcbthid64.inf_amd64_neutral_737f347105a3e66a\bcbthid64.inf
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
WinPcap 4.1.2-->C:\Program Files (x86)\WinPcap\uninstall.exe
WinRAR archivátor-->C:\Program Files\WinRAR\uninstall.exe
Wireshark 1.4.4-->"C:\Program Files\Wireshark\uninstall.exe"
World of Warcraft-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"
XSplit-->MsiExec.exe /X{240A113B-5DA3-4471-A094-36C79D5D840C}

======Hosts File======

::1 localhost

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=4
"OnlineServices"=Online Services
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Common Files\Adobe\AGL;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PCBRAND"=Pavilion
"Platform"=MCD
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=2502
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------

Nie, uz je legalny.

Ak si dobre pamatam, prednedavnom ste bol iba Radca, gratulujem k povyseniu

.

#4 Příspěvek od **vyosek** » 25 čer 2011 18:48

Ano, uz jsem povysil na moderatora, dekuji za gratulaci. Ale je to jak mi psal kolega, gratuluji ke starostem navic

Je to spise dukaz duvery a vice moznosti se o forum starat

Nejakou tu havet si tam chovate, takze s ni zatocime

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

JrMn · #5 Příspěvek od **JrMn** » 26 čer 2011 00:14

ComboFix 11-06-25.05 - JrMn . 06. 2011 0:55.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1033.18.3958.2016 [GMT 2:00]
Running from: c:\users\JrMn\Downloads\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JrMn\AppData\Local\.#
c:\users\JrMn\AppData\Local\.#\MBX@1280@3A19E0.###
c:\users\JrMn\AppData\Local\.#\MBX@CA4@2E19E0.###
c:\users\JrMn\AppData\Local\.#\MBX@DEC@5B19E0.###
c:\users\JrMn\AppData\Local\.#\MBX@EE0@1DC19E0.###
c:\users\JrMn\AppData\Local\NlezR10.dll
c:\users\JrMn\AppData\Roaming\minus
c:\users\JrMn\AppData\Roaming\minus\minus.ini
c:\users\JrMn\AppData\Roaming\winlogon_96.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))))
.
.
2011-06-25 23:08 . 2011-06-25 23:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-25 22:52 . 2011-06-25 22:52 -------- d-----w- C:\32788R22FWJFW
2011-06-24 11:23 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{274633B9-8F7D-439B-B77A-8E1A2E991350}\mpengine.dll
2011-06-23 12:44 . 2011-06-23 18:00 -------- d-----w- c:\users\JrMn\workspace
2011-06-23 12:20 . 2011-06-23 12:20 -------- d-----w- c:\windows\system32\SPReview
2011-06-23 12:19 . 2011-06-23 12:19 -------- d-----w- c:\windows\system32\EventProviders
2011-06-21 13:25 . 2010-11-20 13:26 828416 ----a-w- c:\windows\system32\MPSSVC.dll
2011-06-21 13:24 . 2010-11-20 13:33 184704 ----a-w- c:\windows\system32\drivers\pci.sys
2011-06-21 13:23 . 2010-11-20 13:27 503296 ----a-w- c:\windows\system32\srcore.dll
2011-06-21 13:22 . 2010-11-20 13:27 61952 ----a-w- c:\windows\system32\WavDest.dll
2011-06-21 13:21 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-06-21 13:21 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-06-21 13:21 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-06-21 13:21 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-06-21 13:18 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-21 13:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-21 13:18 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-21 13:18 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-21 13:18 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-21 13:17 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-06-21 13:17 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-06-19 21:16 . 2011-06-19 21:16 3584 ----a-r- c:\users\JrMn\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-06-19 21:16 . 2011-06-19 21:16 -------- d-----w- c:\program files (x86)\Windows Installer Clean Up
2011-06-19 21:15 . 2011-06-19 21:15 -------- d-----w- c:\program files (x86)\MSECACHE
2011-06-19 21:06 . 2011-06-19 21:06 -------- d-----w- c:\program files (x86)\Stream Player
2011-06-14 17:04 . 2001-09-04 23:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-06-14 17:04 . 2001-09-04 23:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-06-14 17:04 . 2001-09-04 23:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-06-14 17:04 . 2001-09-04 23:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-06-14 17:04 . 2002-07-25 14:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-06-12 14:54 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-05-31 12:30 . 2011-05-31 12:30 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-05-27 13:42 . 2011-05-27 14:03 -------- d-----w- c:\program files (x86)\PoxNora
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-23 15:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-23 15:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-23 12:29 . 2011-06-23 12:29 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2011-06-23 12:29 . 2011-06-23 12:29 249344 ----a-w- c:\windows\system32\webcheck.dll
2011-05-24 17:14 . 2010-07-11 16:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2010-07-11 16:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-20 19:56 . 2010-07-17 16:02 77360 ----a-w- c:\windows\system32\drivers\Leadtek.sys
2011-04-18 10:11 . 2010-10-30 16:41 179616 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2011-04-09 07:02 . 2011-05-11 17:51 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-15 08:14 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 17:50 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 17:50 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-15 08:14 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-03-31 21:48 . 2011-03-31 21:48 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-03-31 21:48 . 2011-03-31 21:48 84992 ----a-w- c:\windows\system32\frapsv64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"TMCC"="c:\program files (x86)\T-Mobile Communication Center\TMCC.exe" [2010-07-29 774144]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-10-08 322104]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-6-3 204800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 ALSysIO;ALSysIO;c:\users\JrMn\AppData\Local\Temp\ALSysIO64.sys [x]
R3 injectDLL;injectDLL;c:\users\JrMn\Desktop\ProInjector\injectDLL.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-07-02 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
S3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Leadtek;Leadtek USB Network Interface;c:\windows\system32\DRIVERS\Leadtek.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 20:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771932870-3369830453-1068231195-1001Core.job
- c:\users\JrMn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 09:27]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771932870-3369830453-1068231195-1001UA.job
- c:\users\JrMn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-12 09:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 5977600]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-24 172032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-07-02 2903688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 195.91.0.17 194.154.227.17
FF - ProfilePath - c:\users\JrMn\AppData\Roaming\Mozilla\Firefox\Profiles\6np7xdju.default\
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official|esl.eu/eu/lol
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Hkicuwenanojow - c:\users\JrMn\AppData\Local\NlezR10.dll
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\01B115A1CF11BAC4C9848646F190FC00\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Setup.exe"
"ComponentVersion"="2.0.2.12610"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\25E1F06034CBD4D4D9DA91E700CD5D9C\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="adobecp.dll"
"ComponentVersion"="2.0.0.17"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\90A2D107EB418F542933C10EDE00329A\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AdobeAIR.dll"
"ComponentVersion"="2.0.2.12610"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\98D0EE5F5CB32574E9BB35B330E68A90\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="air.exe"
"ComponentVersion"="2.0.2.12610"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9EB9F2B71F1DD4E4A90FDA80F570B333\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="airappinstaller.exe"
"ComponentVersion"="2.0.2.12580"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FC8775A70DB513942842346B032C2437\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="NPSWF32.dll"
"ComponentVersion"="10.1.53.64"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-26 01:12:16
ComboFix-quarantined-files.txt 2011-06-25 23:12
.
Pre-Run: 38 697 840 640 bytes free
Post-Run: 38 341 267 456 bytes free
.
- - End Of File - - 22DA6FDC9CD867DBF07DA4EB902D703E

Inac, nasiel som na harddisku 3 zlozky o ktorych som v zivote nepocul, a teda netusim ani ci mozu byt nebezpecne.

#6 Příspěvek od **vyosek** » 26 čer 2011 08:55

Muzete sem dat screen tech slozek

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"AdobeAAMUpdater-1.0"=-

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771932870-3369830453-1068231195-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771932870-3369830453-1068231195-1001UA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\01B115A1CF11BAC4C9848646F190FC00\D272491B29F1FD6499BED8C59EC14BCE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\25E1F06034CBD4D4D9DA91E700CD5D9C\D272491B29F1FD6499BED8C59EC14BCE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\90A2D107EB418F542933C10EDE00329A\D272491B29F1FD6499BED8C59EC14BCE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\98D0EE5F5CB32574E9BB35B330E68A90\D272491B29F1FD6499BED8C59EC14BCE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9EB9F2B71F1DD4E4A90FDA80F570B333\D272491B29F1FD6499BED8C59EC14BCE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FC8775A70DB513942842346B032C2437\D272491B29F1FD6499BED8C59EC14BCE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

JrMn · #7 Příspěvek od **JrMn** » 26 čer 2011 11:59

Screen asi ich obsah:
http://imgur.com/a/x43Ez

To s tym ComboFixom vykonam neskor, okolo vecera postnem link, zatial dakujem za vsetko

#8 Příspěvek od **vyosek** » 26 čer 2011 12:03

Slozky jsou zaloha ComboFixu - po ukonceni leceni je odstranime - netreba se tedy znepokojovat

JrMn · #9 Příspěvek od **JrMn** » 26 čer 2011 20:09

Hadam, ze to ma mat meno CFScript, ale ma to byt textovy subor? (mam skryte pripony suborov)
Navyse, ked to spravim, zacne to novy scan >_>.

#10 Příspěvek od **vyosek** » 26 čer 2011 20:11

Ono to vypada ze je to novy sken, ale provedou se i prikazy ze skriptu

A pokud mate skryte pripony, tak je to jen CFScript

JrMn · #11 Příspěvek od **JrMn** » 26 čer 2011 20:13

vyosek píše:Ono to vypada ze je to novy sken, ale provedou se i prikazy ze skriptu A pokud mate skryte pripony, tak je to jen CFScript

Uz som to zistil googlenim, navyse som rebootoval zopar krat, ComboFix sa ma pyta ci chcem ukocnit Eset, dam <,yes>, a potom ze este bezi, hned postnem log ;D.

JrMn · #12 Příspěvek od **JrMn** » 26 čer 2011 20:40

ComboFix 11-06-26.01 - JrMn . 06. 2011 21:17:06.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1033.18.3958.2357 [GMT 2:00]
Running from: c:\users\JrMn\Desktop\ComboFix.exe
Command switches used :: c:\users\JrMn\Desktop\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771932870-3369830453-1068231195-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771932870-3369830453-1068231195-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771932870-3369830453-1068231195-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3771932870-3369830453-1068231195-1001UA.job
.
.
((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))
.
.
2011-06-26 19:29 . 2011-06-26 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-26 10:51 . 2011-06-26 10:52 -------- d-----w- c:\users\JrMn\AppData\Roaming\KiTTY
2011-06-24 11:23 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{274633B9-8F7D-439B-B77A-8E1A2E991350}\mpengine.dll
2011-06-23 12:44 . 2011-06-23 18:00 -------- d-----w- c:\users\JrMn\workspace
2011-06-23 12:20 . 2011-06-23 12:20 -------- d-----w- c:\windows\system32\SPReview
2011-06-23 12:19 . 2011-06-23 12:19 -------- d-----w- c:\windows\system32\EventProviders
2011-06-21 13:25 . 2010-11-20 13:26 828416 ----a-w- c:\windows\system32\MPSSVC.dll
2011-06-21 13:24 . 2010-11-20 13:33 184704 ----a-w- c:\windows\system32\drivers\pci.sys
2011-06-21 13:23 . 2010-11-20 13:27 503296 ----a-w- c:\windows\system32\srcore.dll
2011-06-21 13:22 . 2010-11-20 13:27 61952 ----a-w- c:\windows\system32\WavDest.dll
2011-06-21 13:21 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-06-21 13:21 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-06-21 13:21 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-06-21 13:21 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-06-21 13:18 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-21 13:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-21 13:18 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-21 13:18 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-21 13:18 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-21 13:17 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-06-21 13:17 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-06-19 21:16 . 2011-06-19 21:16 3584 ----a-r- c:\users\JrMn\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-06-19 21:16 . 2011-06-19 21:16 -------- d-----w- c:\program files (x86)\Windows Installer Clean Up
2011-06-19 21:15 . 2011-06-19 21:15 -------- d-----w- c:\program files (x86)\MSECACHE
2011-06-19 21:06 . 2011-06-19 21:06 -------- d-----w- c:\program files (x86)\Stream Player
2011-06-14 17:04 . 2001-09-04 23:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-06-14 17:04 . 2001-09-04 23:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-06-14 17:04 . 2001-09-04 23:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-06-14 17:04 . 2001-09-04 23:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-06-14 17:04 . 2002-07-25 14:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-06-12 14:54 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-07 10:35 . 2011-06-07 10:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-05-31 12:30 . 2011-05-31 12:30 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-23 15:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-23 15:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-23 12:29 . 2011-06-23 12:29 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2011-06-23 12:29 . 2011-06-23 12:29 249344 ----a-w- c:\windows\system32\webcheck.dll
2011-05-24 17:14 . 2010-07-11 16:27 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2010-07-11 16:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-20 19:56 . 2010-07-17 16:02 77360 ----a-w- c:\windows\system32\drivers\Leadtek.sys
2011-04-18 10:11 . 2010-10-30 16:41 179616 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2011-04-09 07:02 . 2011-05-11 17:51 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-15 08:14 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 17:50 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 17:50 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-15 08:14 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-03-31 21:48 . 2011-03-31 21:48 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-03-31 21:48 . 2011-03-31 21:48 84992 ----a-w- c:\windows\system32\frapsv64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"TMCC"="c:\program files (x86)\T-Mobile Communication Center\TMCC.exe" [2010-07-29 774144]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-10-08 322104]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-6-3 204800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\JrMn\AppData\Local\Temp\ALSysIO64.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 injectDLL;injectDLL;c:\users\JrMn\Desktop\ProInjector\injectDLL.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-07-02 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Leadtek;Leadtek USB Network Interface;c:\windows\system32\DRIVERS\Leadtek.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 20:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 5977600]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-24 172032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-07-02 2903688]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\JrMn\AppData\Roaming\Mozilla\Firefox\Profiles\6np7xdju.default\
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official|esl.eu/eu/lol
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\01B115A1CF11BAC4C9848646F190FC00\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Setup.exe"
"ComponentVersion"="2.0.2.12610"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\25E1F06034CBD4D4D9DA91E700CD5D9C\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="adobecp.dll"
"ComponentVersion"="2.0.0.17"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\90A2D107EB418F542933C10EDE00329A\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="AdobeAIR.dll"
"ComponentVersion"="2.0.2.12610"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\98D0EE5F5CB32574E9BB35B330E68A90\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="air.exe"
"ComponentVersion"="2.0.2.12610"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9EB9F2B71F1DD4E4A90FDA80F570B333\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="airappinstaller.exe"
"ComponentVersion"="2.0.2.12580"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\FC8775A70DB513942842346B032C2437\D272491B29F1FD6499BED8C59EC14BCE]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="NPSWF32.dll"
"ComponentVersion"="10.1.53.64"
"ProductVersion"="2.0.2"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
------------------------ Other Running Processes ------------------------
.
c:\progra~2\T-MOBI~1\drivers\8B589B~1\FMMSER~1.EXE
c:\progra~2\T-MOBI~1\FOFDMU~1.EXE
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2011-06-26 21:37:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-26 19:37
.
Pre-Run: 42 107 981 824 bytes free
Post-Run: 41 797 873 664 bytes free
.
- - End Of File - - 7156249B1D74BA0C329EE9B3036CF7E8

#13 Příspěvek od **vyosek** » 27 čer 2011 19:31

Jak se chova PC

JrMn · #14 Příspěvek od **JrMn** » 29 čer 2011 12:42

Zdravim,
-> PC funguje normalne,
ale mam jednu otazku, pred nedavnom som mal nainstalovany program HSS (HotSpot Shield), ktory som nasledne odinstaloval, (je to VPN), no ked si otvorim Network Meter gadget, aby som zvolil adapter, vzdy tam este vidim ten ich adapter, vid. obrazok -> http://imgur.com/1JbzL, ale ked otvorim Device Manager, tak tam uz nic nie je, ci nie je v pocitaci nejaky zvysok toho ovladaca/programu?

-> Ked otvorim Event Viewer (Win + R -> eventvwr), vyskoci: Event Log Service is unavailible, verify that service is running.
Ale ked si otvorim services.msg, tak sluzba s nazvom Event Log tam nie je.

#15 Příspěvek od **vyosek** » 29 čer 2011 13:32

zkuste ten gadget odinstalovat a znovu nainstalovat

Kliknete na tu sluzbu v msconfig pravym a dejte vlastnosti - podivejte se, ci je spusteny a typ spousteni je automaticky

VIRY.CZ

Preventivka :)

Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)

Re: Preventivka :)