VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

nenecha nainstalovat nod a nepusti me na net

https://forum.viry.cz:443/viewtopic.php?t=119705

Stránka 1 z 2

nenecha nainstalovat nod a nepusti me na net

Napsal: 18 úno 2012 00:21
od planeter
zdravim... prosim o pomoc...
avast nasel trojana...
nod nejde nainstalovat...
pripojeni k netu nefunkcni...
dekuji...

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomáš at 2012-02-18 00:03:57
Microsoft Windows 7 Home Premium
System drive C: has 4 GB (4%) free of 102 GB
Total RAM: 3327 MB (68% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-10 342128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-10 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-10 342128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-08-28 1486848]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-02 98304]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"Adobe Reader Speed Launcher"=C:\Program Files\AdobeReader\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-08-23 887976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-01-15 39408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]
"Microsoft Firevall Engine"=c:\windows\mdm.exe []
"Windows Login access"=C:\Users\Tomáš\AppData\Roaming\web2net.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
TP-LINK Wireless Utility.lnk - C:\Program Files\TP-LINK\COMMON\TWCU.exe

C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\windows\mdm.exe"="c:\windows\mdm.exe:*:Enabled:Microsoft Firevall Engine"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=AC3ACM.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.DIVX"=DivX.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-17 23:58:40 ----D---- C:\rsit
2012-02-17 23:58:40 ----D---- C:\Program Files\trend micro
2012-02-14 19:18:37 ----D---- C:\ProgramData\AVAST Software
2012-02-14 19:18:37 ----D---- C:\Program Files\AVAST Software
2012-02-14 19:15:04 ----D---- C:\Program Files\avast
2012-02-13 18:00:38 ----D---- C:\Program Files\ESET
2012-02-12 23:04:42 ----HD---- C:\ProgramData\Common Files
2012-02-12 23:04:12 ----D---- C:\ProgramData\MFAData
2012-02-12 17:18:04 ----D---- C:\Windows\system32\kazaabackupfiles
2012-02-09 18:13:30 ----ASH---- C:\Windows\system32\dds_trash_log.cmd
2012-01-23 10:47:40 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-23 10:47:39 ----A---- C:\Windows\system32\webio.dll
2012-01-23 10:47:39 ----A---- C:\Windows\system32\sspicli.dll
2012-01-23 10:47:39 ----A---- C:\Windows\system32\schannel.dll
2012-01-23 10:47:39 ----A---- C:\Windows\system32\lsass.exe
2012-01-23 10:47:39 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-01-23 10:47:39 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-23 10:47:39 ----A---- C:\Windows\system32\drivers\cng.sys
2012-01-23 10:47:38 ----A---- C:\Windows\system32\sspisrv.dll
2012-01-23 10:47:38 ----A---- C:\Windows\system32\secur32.dll

======List of files/folders modified in the last 1 month======

2012-02-17 23:59:52 ----D---- C:\Windows\System32
2012-02-17 23:59:52 ----D---- C:\Windows\inf
2012-02-17 23:59:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-17 23:58:40 ----RD---- C:\Program Files
2012-02-17 23:52:10 ----D---- C:\Windows
2012-02-17 22:24:46 ----D---- C:\Users\Tomáš\AppData\Roaming\Skype
2012-02-17 22:23:11 ----SHD---- C:\Windows\Installer
2012-02-17 22:22:39 ----D---- C:\Windows\Temp
2012-02-17 22:22:39 ----D---- C:\Windows\system32\DriverStore
2012-02-17 22:22:39 ----D---- C:\Windows\system32\drivers
2012-02-17 22:22:39 ----D---- C:\Windows\system32\catroot
2012-02-17 22:19:01 ----SHD---- C:\System Volume Information
2012-02-17 22:07:05 ----D---- C:\Windows\system32\NDF
2012-02-15 10:11:16 ----D---- C:\Windows\Microsoft.NET
2012-02-15 10:11:15 ----RSD---- C:\Windows\assembly
2012-02-14 19:29:32 ----D---- C:\Windows\system32\config
2012-02-14 19:19:22 ----D---- C:\Windows\winsxs
2012-02-14 19:18:37 ----HD---- C:\ProgramData
2012-02-14 19:18:33 ----D---- C:\Windows\system32\catroot2
2012-02-13 17:53:05 ----D---- C:\ProgramData\Norton
2012-02-13 17:53:04 ----D---- C:\Windows\system32\Tasks
2012-02-13 00:00:22 ----D---- C:\Windows\system32\drivers\etc
2012-01-30 16:59:57 ----SD---- C:\Users\Tomáš\AppData\Roaming\Microsoft
2012-01-27 00:21:24 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-20 09:25:32 ----RD---- C:\Program Files\Skype
2012-01-20 09:25:30 ----D---- C:\ProgramData\Skype
2012-01-20 09:25:26 ----D---- C:\Program Files\Common Files
2012-01-20 09:24:54 ----D---- C:\Users\Tomáš\AppData\Roaming\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 14392]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-02-06 44608]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 13216]
R3 netr28u;TP-LINK Wireless USB Adapter; C:\Windows\system32\DRIVERS\netr28u.sys [2010-06-25 854368]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-06-24 159776]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-08-17 1077760]
R4 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R4 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R4 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
S3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 USB Wireless USB Adapter(R);USB Wireless USB Adapter(R) Service for Wireless USB Adapter; C:\Windows\system32\DRIVERS\vnetusbr.sys [2002-08-06 87168]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S4 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 CcmExec;CTMFLT; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DvmMDES;DeviceVM Meta Data Export Service; C:\ASUS.SYS\config\DVMExportService.exe [2009-07-17 319488]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe []
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\TP-LINK\COMMON\RaRegistry.exe [2010-06-25 185632]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-12-01 655624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-15 182768]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]

-----------------EOF-----------------

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 18 úno 2012 08:10
od riffman
zdravim

stahnete si OTM

spustte a do leveho chlivku oznaceneho jako Paste Instructions for Items to be Moved zkopriujte nasledujici text:

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Firevall Engine"=-
"Windows Login access"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\windows\mdm.exe"=-

:commands
[Reboot]
kliknete na MoveIt a pak mne sem zkopirujte to, co se vam objevi v zelenem chlivku

pokud OTM bude pozadovat restart, provedte jej a pak mne sem zkopirujte obsah logu umisteneho v C:\_OTM\MovedFiles

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 18 úno 2012 10:09
od planeter
dobry den...
result here...

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Firevall Engine deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Login access deleted successfully.

OTM by OldTimer - Version 3.1.19.0 log created on 02182012_100212

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 18 úno 2012 11:03
od riffman
aktualni log z RSIT by nebyl?

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 18 úno 2012 11:07
od planeter
Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomáš at 2012-02-18 11:05:59
Microsoft Windows 7 Home Premium
System drive C: has 4 GB (4%) free of 102 GB
Total RAM: 3327 MB (77% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-10 342128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-10 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-01-10 342128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-08-28 1486848]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-02 98304]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"Adobe Reader Speed Launcher"=C:\Program Files\AdobeReader\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-08-23 887976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-01-15 39408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-10-13 17351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
TP-LINK Wireless Utility.lnk - C:\Program Files\TP-LINK\COMMON\TWCU.exe

C:\Users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\windows\mdm.exe"="c:\windows\mdm.exe:*:Enabled:Microsoft Firevall Engine"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=AC3ACM.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"msacm.voxacm160"=vct3216.acm
"msacm.scg726"=scg726.acm
"msacm.alf2cd"=alf2cd.acm
"vidc.dvsd"=mcdvd_32.dll
"vidc.DIVX"=DivX.dll
"vidc.mpg4"=mpg4c32.dll
"vidc.mp42"=mpg4c32.dll
"vidc.mp43"=mpg4c32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-18 10:02:12 ----D---- C:\_OTM
2012-02-17 23:58:40 ----D---- C:\rsit
2012-02-17 23:58:40 ----D---- C:\Program Files\trend micro
2012-02-14 19:18:37 ----D---- C:\ProgramData\AVAST Software
2012-02-14 19:18:37 ----D---- C:\Program Files\AVAST Software
2012-02-14 19:15:04 ----D---- C:\Program Files\avast
2012-02-13 18:00:38 ----D---- C:\Program Files\ESET
2012-02-12 23:04:42 ----HD---- C:\ProgramData\Common Files
2012-02-12 23:04:12 ----D---- C:\ProgramData\MFAData
2012-02-12 17:18:04 ----D---- C:\Windows\system32\kazaabackupfiles
2012-02-09 18:13:30 ----ASH---- C:\Windows\system32\dds_trash_log.cmd
2012-01-23 10:47:40 ----A---- C:\Windows\system32\lsasrv.dll
2012-01-23 10:47:39 ----A---- C:\Windows\system32\webio.dll
2012-01-23 10:47:39 ----A---- C:\Windows\system32\sspicli.dll
2012-01-23 10:47:39 ----A---- C:\Windows\system32\schannel.dll
2012-01-23 10:47:39 ----A---- C:\Windows\system32\lsass.exe
2012-01-23 10:47:39 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-01-23 10:47:39 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-01-23 10:47:39 ----A---- C:\Windows\system32\drivers\cng.sys
2012-01-23 10:47:38 ----A---- C:\Windows\system32\sspisrv.dll
2012-01-23 10:47:38 ----A---- C:\Windows\system32\secur32.dll

======List of files/folders modified in the last 1 month======

2012-02-18 11:01:47 ----D---- C:\Windows
2012-02-18 10:02:04 ----D---- C:\Windows\System32
2012-02-18 10:02:04 ----D---- C:\Windows\inf
2012-02-18 10:02:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-18 08:46:57 ----D---- C:\Users\Tomáš\AppData\Roaming\Skype
2012-02-17 23:58:40 ----RD---- C:\Program Files
2012-02-17 22:23:11 ----SHD---- C:\Windows\Installer
2012-02-17 22:22:39 ----D---- C:\Windows\Temp
2012-02-17 22:22:39 ----D---- C:\Windows\system32\DriverStore
2012-02-17 22:22:39 ----D---- C:\Windows\system32\drivers
2012-02-17 22:22:39 ----D---- C:\Windows\system32\catroot
2012-02-17 22:19:01 ----SHD---- C:\System Volume Information
2012-02-17 22:07:05 ----D---- C:\Windows\system32\NDF
2012-02-15 10:11:16 ----D---- C:\Windows\Microsoft.NET
2012-02-15 10:11:15 ----RSD---- C:\Windows\assembly
2012-02-14 19:29:32 ----D---- C:\Windows\system32\config
2012-02-14 19:19:22 ----D---- C:\Windows\winsxs
2012-02-14 19:18:37 ----HD---- C:\ProgramData
2012-02-14 19:18:33 ----D---- C:\Windows\system32\catroot2
2012-02-13 17:53:05 ----D---- C:\ProgramData\Norton
2012-02-13 17:53:04 ----D---- C:\Windows\system32\Tasks
2012-02-13 00:00:22 ----D---- C:\Windows\system32\drivers\etc
2012-01-30 16:59:57 ----SD---- C:\Users\Tomáš\AppData\Roaming\Microsoft
2012-01-27 00:21:24 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-20 09:25:32 ----RD---- C:\Program Files\Skype
2012-01-20 09:25:30 ----D---- C:\ProgramData\Skype
2012-01-20 09:25:26 ----D---- C:\Program Files\Common Files
2012-01-20 09:24:54 ----D---- C:\Users\Tomáš\AppData\Roaming\skypePM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 14392]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-02-06 44608]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 13216]
R3 netr28u;TP-LINK Wireless USB Adapter; C:\Windows\system32\DRIVERS\netr28u.sys [2010-06-25 854368]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-06-24 159776]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-08-17 1077760]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
S3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 USB Wireless USB Adapter(R);USB Wireless USB Adapter(R) Service for Wireless USB Adapter; C:\Windows\system32\DRIVERS\vnetusbr.sys [2002-08-06 87168]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 CcmExec;CTMFLT; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DvmMDES;DeviceVM Meta Data Export Service; C:\ASUS.SYS\config\DVMExportService.exe [2009-07-17 319488]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\TP-LINK\COMMON\RaRegistry.exe [2010-06-25 185632]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-12-01 655624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-15 182768]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]

-----------------EOF-----------------

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 19 úno 2012 07:36
od riffman
stahnete a ulozte na plochu ComboFix

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano

dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 19 úno 2012 21:04
od planeter
zdravim vas...
pouzil jsem combo fix dle instrukcí a prikladam log...
po restartu se obnovilo pripojeni k netu, super...
nejde ale spustit ie kterej byl nejspíš smazan, ale podle toho co sem se docet na vasem foru
to zese takova skoda není... :iefox:
sem se chtel zeptat co ste v tom logu objevil, neco vazneho?
obdivuju vas ze se vtom orjentujete, a poznate ze jeneco spatne, ale hlave
fandim vasemu nadseni pomahat lidem vod tech potvor... :thumbsup:


ComboFix 12-02-19.02 - Tomáš 19.02.2012 20:17:48.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3327.2734 [GMT 1:00]
Spuštěný z: c:\users\TomßÜ\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\adobereader
c:\program files\adobereader\Esl\AiodLite.dll
c:\program files\adobereader\Reader\A3DUtility.exe
c:\program files\adobereader\Reader\ACE.dll
c:\program files\adobereader\Reader\AcroBroker.exe
c:\program files\adobereader\Reader\Acrofx32.dll
c:\program files\adobereader\Reader\AcroRd32.dll
c:\program files\adobereader\Reader\AcroRd32.exe
c:\program files\adobereader\Reader\AcroRd32Info.exe
c:\program files\adobereader\Reader\AcroRdIF.dll
c:\program files\adobereader\Reader\AcroTextExtractor.exe
c:\program files\adobereader\Reader\AdobeCollabSync.CZE
c:\program files\adobereader\Reader\AdobeCollabSync.exe
c:\program files\adobereader\Reader\AdobeLinguistic.dll
c:\program files\adobereader\Reader\AdobeUpdater.dll
c:\program files\adobereader\Reader\AdobeXMP.dll
c:\program files\adobereader\Reader\AGM.dll
c:\program files\adobereader\Reader\AGMGPUOptIn.ini
c:\program files\adobereader\Reader\ahclient.dll
c:\program files\adobereader\Reader\AIR\nppdf32.CZE
c:\program files\adobereader\Reader\AIR\nppdf32.dll
c:\program files\adobereader\Reader\AMT\AUMProduct.aup
c:\program files\adobereader\Reader\AMT\AUMProduct.cer
c:\program files\adobereader\Reader\atl.dll
c:\program files\adobereader\Reader\authplay.dll
c:\program files\adobereader\Reader\AXE8SharedExpat.dll
c:\program files\adobereader\Reader\AXSLE.dll
c:\program files\adobereader\Reader\BIB.dll
c:\program files\adobereader\Reader\BIBUtils.dll
c:\program files\adobereader\Reader\Browser\nppdf32.CZE
c:\program files\adobereader\Reader\Browser\nppdf32.dll
c:\program files\adobereader\Reader\ccme_base.dll
c:\program files\adobereader\Reader\CoolType.dll
c:\program files\adobereader\Reader\cryptocme2.dll
c:\program files\adobereader\Reader\cryptocme2.sig
c:\program files\adobereader\Reader\Eula.exe
c:\program files\adobereader\Reader\icucnv36.dll
c:\program files\adobereader\Reader\icudt36.dll
c:\program files\adobereader\Reader\IDTemplates\CZE\AdobeID.pdf
c:\program files\adobereader\Reader\IDTemplates\CZE\DefaultID.pdf
c:\program files\adobereader\Reader\IDTemplates\ENU\AdobeID.pdf
c:\program files\adobereader\Reader\IDTemplates\ENU\DefaultID.pdf
c:\program files\adobereader\Reader\Javascripts\JSByteCodeWin.bin
c:\program files\adobereader\Reader\JP2KLib.dll
c:\program files\adobereader\Reader\Legal\CZE\eula.ini
c:\program files\adobereader\Reader\Legal\CZE\license.html
c:\program files\adobereader\Reader\Legal\ENU\eula.ini
c:\program files\adobereader\Reader\Legal\ENU\license.html
c:\program files\adobereader\Reader\logsession.dll
c:\program files\adobereader\Reader\LogTransport2.dll
c:\program files\adobereader\Reader\LogTransport2.exe
c:\program files\adobereader\Reader\Onix32.dll
c:\program files\adobereader\Reader\PDFPrevHndlr.dll
c:\program files\adobereader\Reader\PDFSigQFormalRep.pdf
c:\program files\adobereader\Reader\pe.dll
c:\program files\adobereader\Reader\plug_ins\Accessibility.api
c:\program files\adobereader\Reader\plug_ins\accessibility.CZE
c:\program files\adobereader\Reader\plug_ins\AcroForm.api
c:\program files\adobereader\Reader\plug_ins\Acroform.CZE
c:\program files\adobereader\Reader\plug_ins\AcroForm\adobepdf.xdc
c:\program files\adobereader\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp
c:\program files\adobereader\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp
c:\program files\adobereader\Reader\plug_ins\AcroForm\PMP\QRCode.pmp
c:\program files\adobereader\Reader\plug_ins\AcroSign.prc
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\CZE\Dynamic.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\CZE\Faces.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\CZE\Pointers.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\CZE\SignHere.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\CZE\Standard.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\CZE\StandardBusiness.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf
c:\program files\adobereader\Reader\plug_ins\Annotations\Stamps\Words.pdf
c:\program files\adobereader\Reader\plug_ins\Annots.api
c:\program files\adobereader\Reader\plug_ins\Annots.CZE
c:\program files\adobereader\Reader\plug_ins\DigSig.api
c:\program files\adobereader\Reader\plug_ins\DigSig.CZE
c:\program files\adobereader\Reader\plug_ins\DVA.api
c:\program files\adobereader\Reader\plug_ins\DVA.CZE
c:\program files\adobereader\Reader\plug_ins\eBook.api
c:\program files\adobereader\Reader\plug_ins\eBook.CZE
c:\program files\adobereader\Reader\plug_ins\EScript.api
c:\program files\adobereader\Reader\plug_ins\EScript.CZE
c:\program files\adobereader\Reader\plug_ins\HLS.api
c:\program files\adobereader\Reader\plug_ins\HLS.CZE
c:\program files\adobereader\Reader\plug_ins\Checkers.api
c:\program files\adobereader\Reader\plug_ins\Checkers.CZE
c:\program files\adobereader\Reader\plug_ins\IA32.api
c:\program files\adobereader\Reader\plug_ins\IA32.CZE
c:\program files\adobereader\Reader\plug_ins\MakeAccessible.api
c:\program files\adobereader\Reader\plug_ins\makeaccessible.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia.api
c:\program files\adobereader\Reader\plug_ins\Multimedia.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\Flash.mpp
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\Real.mpp
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP_CZE\Flash.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP_CZE\Mcimpp.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP_CZE\QuickTime.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP_CZE\Real.CZE
c:\program files\adobereader\Reader\plug_ins\Multimedia\MPP_CZE\WindowsMedia.CZE
c:\program files\adobereader\Reader\plug_ins\PDDom.api
c:\program files\adobereader\Reader\plug_ins\pddom.CZE
c:\program files\adobereader\Reader\plug_ins\PPKLite.api
c:\program files\adobereader\Reader\plug_ins\PPKLite.CZE
c:\program files\adobereader\Reader\plug_ins\ReadOutLoud.api
c:\program files\adobereader\Reader\plug_ins\ReadOutLoud.CZE
c:\program files\adobereader\Reader\plug_ins\reflow.api
c:\program files\adobereader\Reader\plug_ins\reflow.CZE
c:\program files\adobereader\Reader\plug_ins\SaveAsRTF.api
c:\program files\adobereader\Reader\plug_ins\SaveAsRTF.CZE
c:\program files\adobereader\Reader\plug_ins\Search.api
c:\program files\adobereader\Reader\plug_ins\Search.CZE
c:\program files\adobereader\Reader\plug_ins\SendMail.api
c:\program files\adobereader\Reader\plug_ins\SendMail.CZE
c:\program files\adobereader\Reader\plug_ins\Spelling.api
c:\program files\adobereader\Reader\plug_ins\Spelling.CZE
c:\program files\adobereader\Reader\plug_ins\Updater.api
c:\program files\adobereader\Reader\plug_ins\updater.CZE
c:\program files\adobereader\Reader\plug_ins\weblink.api
c:\program files\adobereader\Reader\plug_ins\WebLink.CZE
c:\program files\adobereader\Reader\plug_ins3d\2d.x3d
c:\program files\adobereader\Reader\plug_ins3d\3difr.x3d
c:\program files\adobereader\Reader\plug_ins3d\drvDX8.x3d
c:\program files\adobereader\Reader\plug_ins3d\drvDX9.x3d
c:\program files\adobereader\Reader\plug_ins3d\drvSOFT.x3d
c:\program files\adobereader\Reader\plug_ins3d\prc\MyriadCAD.otf
c:\program files\adobereader\Reader\plug_ins3d\prcr.x3d
c:\program files\adobereader\Reader\plug_ins3d\tesselate.x3d
c:\program files\adobereader\Reader\pmd.cer
c:\program files\adobereader\Reader\RdLang32.CZE
c:\program files\adobereader\Reader\reader_sl.exe
c:\program files\adobereader\Reader\rt3d.dll
c:\program files\adobereader\Reader\RTC.der
c:\program files\adobereader\Reader\SPPlugins\ADMPlugin.apl
c:\program files\adobereader\Reader\sqlite.dll
c:\program files\adobereader\Reader\Tracker\add_reviewer.gif
c:\program files\adobereader\Reader\Tracker\bl.gif
c:\program files\adobereader\Reader\Tracker\br.gif
c:\program files\adobereader\Reader\Tracker\create_form.gif
c:\program files\adobereader\Reader\Tracker\distribute_form.gif
c:\program files\adobereader\Reader\Tracker\email_all.gif
c:\program files\adobereader\Reader\Tracker\email_initiator.gif
c:\program files\adobereader\Reader\Tracker\end_review.gif
c:\program files\adobereader\Reader\Tracker\ended_review_or_form.gif
c:\program files\adobereader\Reader\Tracker\form_responses.gif
c:\program files\adobereader\Reader\Tracker\forms_distributed.gif
c:\program files\adobereader\Reader\Tracker\forms_received.gif
c:\program files\adobereader\Reader\Tracker\forms_super.gif
c:\program files\adobereader\Reader\Tracker\info.gif
c:\program files\adobereader\Reader\Tracker\main.css
c:\program files\adobereader\Reader\Tracker\open_original_form.gif
c:\program files\adobereader\Reader\Tracker\pdf.gif
c:\program files\adobereader\Reader\Tracker\review_browser.gif
c:\program files\adobereader\Reader\Tracker\review_email.gif
c:\program files\adobereader\Reader\Tracker\review_same_reviewers.gif
c:\program files\adobereader\Reader\Tracker\review_shared.gif
c:\program files\adobereader\Reader\Tracker\reviewers.gif
c:\program files\adobereader\Reader\Tracker\reviews_joined.gif
c:\program files\adobereader\Reader\Tracker\reviews_sent.gif
c:\program files\adobereader\Reader\Tracker\reviews_super.gif
c:\program files\adobereader\Reader\Tracker\rss.gif
c:\program files\adobereader\Reader\Tracker\server_issue.gif
c:\program files\adobereader\Reader\Tracker\server_lg.gif
c:\program files\adobereader\Reader\Tracker\server_ok.gif
c:\program files\adobereader\Reader\Tracker\stop_collection_data.gif
c:\program files\adobereader\Reader\Tracker\submission_history.gif
c:\program files\adobereader\Reader\Tracker\tl.gif
c:\program files\adobereader\Reader\Tracker\tr.gif
c:\program files\adobereader\Reader\Tracker\trash.gif
c:\program files\adobereader\Reader\Tracker\turnOffNotificationInAcrobat.gif
c:\program files\adobereader\Reader\Tracker\turnOffNotificationInTray.gif
c:\program files\adobereader\Reader\Tracker\turnOnNotificationInAcrobat.gif
c:\program files\adobereader\Reader\Tracker\turnOnNotificationInTray.gif
c:\program files\adobereader\Reader\Tracker\warning.gif
c:\program files\adobereader\Reader\ViewerPS.dll
c:\program files\adobereader\ReadMe.htm
c:\program files\adobereader\ReadMeCZE.htm
c:\program files\adobereader\Resource\CMap\Identity-H
c:\program files\adobereader\Resource\CMap\Identity-V
c:\program files\adobereader\Resource\ENUtxt.pdf
c:\program files\adobereader\Resource\Font\AdobePiStd.otf
c:\program files\adobereader\Resource\Font\CourierStd-Bold.otf
c:\program files\adobereader\Resource\Font\CourierStd-BoldOblique.otf
c:\program files\adobereader\Resource\Font\CourierStd-Oblique.otf
c:\program files\adobereader\Resource\Font\CourierStd.otf
c:\program files\adobereader\Resource\Font\MinionPro-Bold.otf
c:\program files\adobereader\Resource\Font\MinionPro-BoldIt.otf
c:\program files\adobereader\Resource\Font\MinionPro-It.otf
c:\program files\adobereader\Resource\Font\MinionPro-Regular.otf
c:\program files\adobereader\Resource\Font\MyriadPro-Bold.otf
c:\program files\adobereader\Resource\Font\MyriadPro-BoldIt.otf
c:\program files\adobereader\Resource\Font\MyriadPro-It.otf
c:\program files\adobereader\Resource\Font\MyriadPro-Regular.otf
c:\program files\adobereader\Resource\Font\PFM\SY______.PFM
c:\program files\adobereader\Resource\Font\PFM\zx______.pfm
c:\program files\adobereader\Resource\Font\PFM\zy______.pfm
c:\program files\adobereader\Resource\Font\SY______.PFB
c:\program files\adobereader\Resource\Font\ZX______.PFB
c:\program files\adobereader\Resource\Font\ZY______.PFB
c:\program files\adobereader\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.cs.txt
c:\program files\adobereader\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.cs_CZ.txt
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\11.00\cze.fca
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\11.00\cze.hyp
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\11.00\cze108.hsp
c:\program files\adobereader\Resource\Linguistics\Providers\Proximity\11.00\cze32.clx
c:\program files\adobereader\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp
c:\program files\adobereader\Resource\TypeSupport\Unicode\ICU\icudt26l.dat
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Mac\TURKISH.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT
c:\program files\adobereader\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT
c:\program files\adobereader\Setup Files\{AC76BA86-7AD7-1029-7B44-A93000000001}\AdbeRdr930_cs_CZ.msi
c:\windows\$NtUninstallKB12755$\3422783938
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\kazaabackupfiles
.
c:\windows\system32\drivers\afd.sys chyběl.
Obnovena kopie z - c:\windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
.
c:\windows\system32\drivers\netbt.sys chyběl.
Obnovena kopie z - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
.
c:\windows\system32\drivers\cdrom.sys chyběl.
Obnovena kopie z - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
.
c:\windows\system32\drivers\Serial.sys chyběl.
Obnovena kopie z - c:\windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
.
c:\windows\system32\drivers\tdx.sys chyběl.
Obnovena kopie z - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-19 do 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 19:25 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9BC9E06-4FE8-44A3-B6E6-112BD14D0D7A}\mpengine.dll
2012-02-19 19:24 . 2012-02-19 19:24 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5103DD8-7FEB-4ADB-B817-9560BE3D8A5C}\offreg.dll
2012-02-19 19:23 . 2012-02-19 19:25 -------- d-----w- c:\users\Tomáš\AppData\Local\temp
2012-02-19 19:23 . 2012-02-19 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 19:23 . 2010-11-20 08:39 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-19 19:23 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\Serial.sys
2012-02-19 19:23 . 2010-11-20 08:38 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-19 19:23 . 2010-11-20 08:39 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-19 19:23 . 2011-04-25 03:24 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-18 09:02 . 2012-02-18 09:02 -------- d-----w- C:\_OTM
2012-02-17 22:58 . 2012-02-17 22:58 -------- d-----w- C:\rsit
2012-02-17 22:58 . 2012-02-17 22:58 -------- d-----w- c:\program files\trend micro
2012-02-14 18:18 . 2012-02-17 21:14 -------- d-----w- c:\programdata\AVAST Software
2012-02-14 18:18 . 2012-02-14 18:18 -------- d-----w- c:\program files\AVAST Software
2012-02-14 18:15 . 2012-02-14 18:17 -------- d-----w- c:\program files\avast
2012-02-13 17:00 . 2012-02-13 17:00 -------- d-----w- c:\program files\ESET
2012-02-12 22:54 . 2012-02-12 22:54 -------- d-----w- c:\users\Tomáš\AppData\Local\ESET
2012-02-12 22:04 . 2012-02-12 22:04 -------- d--h--w- c:\programdata\Common Files
2012-02-12 22:04 . 2012-02-12 22:04 -------- d-----w- c:\programdata\MFAData
2012-02-09 17:13 . 2012-02-19 19:25 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-07 07:32 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5103DD8-7FEB-4ADB-B817-9560BE3D8A5C}\mpengine.dll
2012-01-23 09:47 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-23 09:47 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-23 09:47 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-23 09:47 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-23 09:47 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-23 09:47 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-23 09:47 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-23 09:47 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-23 09:47 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-23 09:47 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2010-01-08 11:12 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:23 . 2011-12-14 20:09 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-10-08 17:21 . 2011-10-08 17:21 4061464 ----a-w- c:\program files\CuteWriter.exe
2011-10-08 17:20 . 2011-10-08 17:20 5254656 ----a-w- c:\program files\converter.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-15 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 1486848]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
.
c:\users\Tomáš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
TP-LINK Wireless Utility.lnk - c:\program files\TP-LINK\COMMON\TWCU.exe [2011-9-9 1638400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 USB Wireless USB Adapter(R);USB Wireless USB Adapter(R) Service for Wireless USB Adapter;c:\windows\system32\DRIVERS\vnetusbr.sys [2002-08-06 87168]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 netr28u;TP-LINK Wireless USB Adapter;c:\windows\system32\DRIVERS\netr28u.sys [2010-06-25 854368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1077760]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CcmExec
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 09:12]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 09:12]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://zonedirector.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 10.0.18.137 88.86.107.86
TCP: Interfaces\{71B17C9D-7CA3-4A17-9BC4-A7FD478D1D51}: NameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\AdobeReader\Reader\Reader_sl.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ca,51,45,60,15,3b,ee,f6,00,7a,4b,28,e3,97,f2,c3,d9,b5,9e,a9,4f,
70,64,5c,a3,4b,8e,8a,68,01,4e,7e,cf,07,11,73,61,df,0b,f0,93,7f,f6,b1,98,07,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ca,51,45,60,15,3b,ee,f6,00,7a,4b,28,e3,97,f2,c3,d9,b5,9e,a9,4f,
70,64,5c,a3,4b,8e,8a,68,01,4e,7e,cf,07,11,73,61,df,0b,f0,93,7f,f6,b1,98,07,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\TP-LINK\COMMON\RaRegistry.exe
c:\windows\system32\taskhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2012-02-19 20:29:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-19 19:29
.
Před spuštěním: Volných bajtů: 11 667 218 432
Po spuštění: Volných bajtů: 12 670 570 496
.
- - End Of File - - F6E206CF38D9B4FF82D0A0A7CAEB050D

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 19 úno 2012 21:48
od riffman
hele, tohle jste si zvladnul zahmyzit sam? :shocked1:

ja vas ted jeste poprosim o aktualni log z RSITU :)

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 19 úno 2012 21:50
od planeter
to zvladla pritelkine...
zeby ksichtbook?
log za momentek...

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 19 úno 2012 21:52
od riffman
mozna by bylo fajn ho sosnout znova, aby obsahoval i hijackthis

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 19 úno 2012 21:58
od planeter
o ou...
at skousim spustit jakejkoliv program vcetne RSIT tak na me vyskoci oznamení:
"pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni"

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 19 úno 2012 22:00
od riffman
wow...mate po ruce instalacni DVD s Windows?

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 19 úno 2012 22:01
od planeter
no, instalovali to v obchode...

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 19 úno 2012 22:04
od riffman
ach jo...muzete nejak blize specifikovat pocitac?

jde o to, ze pravdepodobne doslo k vyraznemu poskozeni systemu malware

Re: nenecha nainstalovat nod a nepusti me na net

Napsal: 19 úno 2012 22:06
od planeter
uf po restartu naskocil...
log za momentek
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz