kontrola logu - pomalé otváranie aplikacii a spomalený pc

[AndreaP]

zdravím a hned sa musím ospravedlniť, že som sem takto vhupla, ale skutočne už som zúfalá. Môj pc blbne stále viac a viac, má zabezpečenú ochranu avast ale asi ani tá už nedokáže vyliečiť viry, ktoré pc odniekaľ zohnal. Viem už, že som nemala sťahovať combofix bez súhlasu, ale už to asi nenapravím, tak sa naozaj musím len ospravedlniť, ale takýto log mi vypísal. Dokážete mi, aj ked som porušila podmienky s tým pomôcť? Ešte raz prosíím o ospravedlnenie.

ComboFix 12-08-10.02 - Andrea 13.08.2012 11:30:33.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.446.140 [GMT 2:00]
Running from: c:\documents and settings\Andrea\Desktop\123.exe.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\123.exe
c:\123.exe\CF2444.3XE
c:\123.exe\CregC_01
c:\123.exe\swreg.3XE
c:\docume~1\Andrea\LOCALS~1\Temp\61e4dc9e-b0a3-4e40-99a9-4cd9049f7d99\CliSecureRT.dll
c:\documents and settings\Andrea\Application Data\PriceGong
c:\documents and settings\Andrea\Local Settings\Temp\61e4dc9e-b0a3-4e40-99a9-4cd9049f7d99\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 08:57 . 2012-08-13 08:57 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8650BCC9-DE40-4C74-AC31-F8AD17A0FA68}\MpKsldb491116.sys
2012-08-12 15:01 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8650BCC9-DE40-4C74-AC31-F8AD17A0FA68}\mpengine.dll
2012-08-10 10:13 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-06 13:15 . 2012-08-06 13:15 1544704 ----a-w- c:\windows\is-MU3M6.exe
2012-08-06 10:45 . 2012-08-06 10:45 -------- d-----w- c:\documents and settings\Andrea\Application Data\Canneverbe Limited
2012-08-06 10:45 . 2012-08-06 10:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2012-08-03 19:31 . 2012-08-03 19:31 -------- d-----w- c:\documents and settings\Andrea\Application Data\ESET
2012-08-03 19:29 . 2012-08-03 19:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-08-03 19:24 . 2012-08-03 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-08-03 16:54 . 2012-08-03 16:54 -------- d-----w- c:\documents and settings\Andrea\Local Settings\Application Data\Sun
2012-08-03 16:43 . 2012-08-03 16:43 -------- d-----w- c:\program files\Oracle
2012-08-03 16:43 . 2012-08-03 16:43 -------- d-----w- c:\documents and settings\Andrea\Application Data\Oracle
2012-08-03 15:45 . 2012-08-03 20:37 -------- d-----w- c:\program files\OpenApp
2012-08-03 15:42 . 2012-08-03 15:46 -------- d-----w- c:\program files\smartdl
2012-08-01 17:13 . 2012-08-01 17:13 184700 ----a-w- C:\torrent.exe
2012-07-29 18:37 . 2012-08-12 21:35 -------- d-----w- c:\documents and settings\Andrea\Local Settings\Application Data\NCH_EN
2012-07-29 18:36 . 2012-07-29 18:37 -------- d-----w- c:\program files\NCH_EN
2012-07-29 18:29 . 2012-08-05 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-07-29 18:29 . 2012-07-29 18:31 -------- d-----w- c:\program files\NCH Software
2012-07-29 18:29 . 2012-08-05 18:31 -------- d-----w- c:\documents and settings\Andrea\Application Data\NCH Software
2012-07-29 18:13 . 2012-08-03 15:37 -------- d-----w- c:\documents and settings\Andrea\Local Settings\Application Data\MyAshampoo
2012-07-29 18:13 . 2012-08-03 15:34 -------- d-----w- c:\documents and settings\Andrea\Local Settings\Application Data\ConduitEngine
2012-07-29 18:13 . 2012-08-12 21:37 -------- d-----w- c:\program files\MyAshampoo
2012-07-29 18:12 . 2012-07-29 18:12 -------- d-----w- c:\program files\Ashampoo
2012-07-29 15:13 . 2012-07-29 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService
2012-07-29 15:10 . 2012-07-29 15:10 -------- d-----w- c:\documents and settings\Andrea\Local Settings\Application Data\Savings Sidekick
2012-07-29 15:09 . 2012-04-08 22:40 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-29 15:09 . 2012-07-29 15:10 -------- d-----w- c:\program files\ffdshow
2012-07-29 15:08 . 2012-07-29 15:08 -------- d-----w- c:\program files\Haali
2012-07-29 15:07 . 2012-08-06 16:50 -------- d-----w- c:\program files\Savings Sidekick
2012-07-29 15:07 . 2012-07-29 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Codecs Pack
2012-07-29 14:48 . 2012-07-29 18:35 -------- d-----w- c:\documents and settings\Andrea\Local Settings\Application Data\CRE
2012-07-29 14:48 . 2012-07-29 14:48 -------- d-----w- c:\program files\Conduit
2012-07-29 14:46 . 2012-07-30 07:29 -------- d-----w- c:\program files\BitTorrent
2012-07-29 14:46 . 2012-08-13 09:58 -------- d-----w- c:\documents and settings\Andrea\Application Data\BitTorrent
2012-07-29 14:46 . 2012-07-29 14:46 -------- d-----w- c:\documents and settings\Andrea\Local Settings\Application Data\BitTorrent
2012-07-29 14:01 . 2012-07-29 15:16 608 ----a-w- C:\user.js
2012-07-29 14:01 . 2012-07-29 14:01 -------- d-----w- c:\program files\BabylonToolbar
2012-07-29 13:59 . 2012-07-29 13:59 -------- d-----w- c:\program files\GotClip
2012-07-29 13:16 . 2012-07-29 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-07-29 13:16 . 2012-07-29 13:16 -------- d-----w- c:\documents and settings\Andrea\Application Data\Babylon
2012-07-19 11:37 . 2011-08-15 14:43 102936 ----a-w- c:\windows\AdbWinApi.dll
2012-07-19 11:37 . 2011-08-15 14:43 584584 ----a-w- c:\windows\adb.exe
2012-07-19 11:37 . 2012-07-19 11:38 -------- d-----w- c:\program files\Handset USB Driver
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-13 09:48 . 2011-04-11 21:39 1409 ----a-w- c:\windows\QTFont.for
2012-08-03 09:20 . 2012-05-12 10:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 09:20 . 2012-02-07 18:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-05 20:07 . 2012-04-24 10:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-05 20:06 . 2012-08-03 16:43 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-05 20:06 . 2012-01-09 16:18 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-02 13:15 . 2007-06-13 18:50 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2012-07-02 13:15 . 2007-06-13 18:50 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2012-07-02 13:15 . 2007-06-13 18:50 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2012-06-14 08:10 . 2012-06-14 08:10 261383 ----a-w- C:\mzdy0006_20120614.zip
2012-06-13 13:19 . 2001-08-23 11:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-10-12 21:07 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2001-08-23 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2001-08-23 11:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-03 08:44 . 2008-10-12 16:36 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-06-02 13:19 . 2007-06-19 19:38 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-06-19 19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-06-01 19:11 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-06-01 19:11 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-06-01 19:11 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-06-19 19:38 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-06-01 19:11 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-06-01 18:47 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2001-08-23 11:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-06-19 19:38 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-06-01 19:11 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-06-01 18:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-12-21 08:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-12-21 08:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-12-21 08:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2001-08-23 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-28 07:21 . 2012-05-28 07:21 312430 ----a-w- C:\mzdy0005_120528.zip
2012-05-16 07:58 . 2001-08-23 11:00 667136 ----a-w- c:\windows\system32\wininet.dll
2004-10-01 13:00 . 2007-06-01 20:04 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-07-14 00:17 . 2012-08-03 15:57 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\prxtbPHP0.dll" [2011-05-09 176936]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-06-04 130904]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 13:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-05-09 08:49 176936 ----a-w- c:\program files\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-11-29 13:26 3908192 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2011-05-09 09:49 176936 ----a-w- c:\program files\PHPNukeEN\prxtbPHP0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-06-04 14:12 1310040 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\prxtbPHP0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\prxtbPHP0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
"{37483B40-C254-4A72-BDA4-22EE90182C1E}"= "c:\program files\NCH_EN\prxtbNCH_.dll" [2011-05-09 176936]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 68856]
"KiesTrayAgent"="c:\program files\Samsung\Kies\/\KiesTrayAgent.exe" [2012-03-06 3508624]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-06 943504]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21416]
"AROReminder"="c:\program files\ARO 2012\ARO.exe" [2012-07-06 2553752]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-07-29 6077848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-07-12 1397760]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-25 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-06 3508624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.3.2012 8:40 120152]
R1 MpKsldb491116;MpKsldb491116;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8650BCC9-DE40-4C74-AC31-F8AD17A0FA68}\MpKsldb491116.sys [13.8.2012 10:57 29904]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [13.6.2007 20:50 51072]
R2 Codecs Pack;Codecs Pack;c:\documents and settings\All Users\Application Data\Codecs Pack\2.2.529.166\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.exe [29.7.2012 17:07 1692192]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [7.3.2012 15:40 913144]
R2 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [1.6.2007 22:53 17072]
S1 jjurwobc;jjurwobc;\??\c:\windows\system32\drivers\jjurwobc.sys --> c:\windows\system32\drivers\jjurwobc.sys [?]
S1 jumevbvq;jumevbvq;\??\c:\windows\system32\drivers\jumevbvq.sys --> c:\windows\system32\drivers\jumevbvq.sys [?]
S1 kcqaeceo;kcqaeceo;\??\c:\windows\system32\drivers\kcqaeceo.sys --> c:\windows\system32\drivers\kcqaeceo.sys [?]
S1 kxpiynog;kxpiynog;\??\c:\windows\system32\drivers\kxpiynog.sys --> c:\windows\system32\drivers\kxpiynog.sys [?]
S1 mwdopgwd;mwdopgwd;\??\c:\windows\system32\drivers\mwdopgwd.sys --> c:\windows\system32\drivers\mwdopgwd.sys [?]
S1 pacxsuhn;pacxsuhn;\??\c:\windows\system32\drivers\pacxsuhn.sys --> c:\windows\system32\drivers\pacxsuhn.sys [?]
S1 swegkubb;swegkubb;\??\c:\windows\system32\drivers\swegkubb.sys --> c:\windows\system32\drivers\swegkubb.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.3.2010 11:31 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [12.5.2012 12:58 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [31.3.2012 19:40 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [31.3.2012 18:54 20032]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [19.10.2010 17:52 36640]
S3 ghsmdm;Handset USB Modem;c:\windows\system32\drivers\ghsmdm.sys [19.7.2012 13:38 113432]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.3.2010 11:31 135664]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [19.7.2012 13:38 15896]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys --> c:\windows\system32\Drivers\pcouffin.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [31.3.2012 19:40 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [31.3.2012 19:40 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [31.3.2012 19:40 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [31.3.2012 19:40 114280]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [29.8.2007 17:16 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [29.8.2007 17:16 85696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 09:20]
.
2012-08-13 c:\windows\Tasks\Codecs Pack.job
- c:\windows\system32\sc.exe [2001-08-23 10:39]
.
2012-08-05 c:\windows\Tasks\ExpressBurnReminder.job
- c:\program files\NCH Software\ExpressBurn\expressburn.exe [2012-07-29 18:29]
.
2012-08-11 c:\windows\Tasks\ExpressRipReminder.job
- c:\program files\NCH Software\ExpressRip\expressrip.exe [2012-07-29 18:31]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 09:31]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 09:31]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1292428093-725345543-1003Core.job
- c:\documents and settings\Andrea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-18 10:37]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1292428093-725345543-1003UA.job
- c:\documents and settings\Andrea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-18 10:37]
.
2012-08-08 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2012-07-29 18:32]
.
2012-08-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-06 19:33]
.
2012-08-08 c:\windows\Tasks\WavePadReminder.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-07-29 18:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Andrea\Application Data\Mozilla\Firefox\Profiles\97t7ufki.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2086743&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2086743&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114022&tt=3012_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - f80e481a0000000000000019d13f899c
FF - user.js: extensions.BabylonToolbar.instlDay - 15550
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.117:14
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 11:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(656)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(504)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\documents and settings\All Users\Application Data\Codecs Pack\2.2.529.166\{16cdff19-861d-48e3-a751-d99a27784753}\codecmngr.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\documents and settings\Andrea\My Documents\PROGRAMY\CDBurnerXP\NMSAccessU.exe
c:\windows\RTHDCPL.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2012-08-13 12:11:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-13 10:11
ComboFix2.txt 2012-08-12 20:20
.
Pre-Run: 84 923 506 688 bytes free
Post-Run: 29 adresárov, 84 919 197 696 voľných bajtov
.
- - End Of File - - 5DA70732DC188956750BC8D66CACC397

[Márty84]

Tak kdyz uz jsem vas nasel v cizim tematu, najdu si vas i zde

Na logu se pracuje, bude to nejakou dobu trvat.

[Márty84]

Jake pouzivate zabezpeceni? Mate tam
AV: ESET Smart Security 5.2
AV: Microsoft Security Essentials
FW: AVG Firewall

[AndreaP]

Ďakujem veľmi pekne a ešte raz sa ospravedlňujem.Mam tam eset smart 5.2. A ms esentials

[Márty84]

Jedno z toho odinstalujte. Perou se mezi sebou a muze to pusobit problemy.

A na to AVG pouzijte tohle http://download.avg.com/filedir/util/su ... 1_1184.exe


Za chvili tu hodim dalsi postup

[AndreaP]

avg som odstránila, a možno pomôže informácia, eset tu mám zatial len krátko a blbne mi to už aj pred inštaláciou eset. Len dúfam že nebude treba preinštalovať celý OS win

[Márty84]

Jeste jedna otazka, nez zacnem mazat.

Vidim tam soubor C:\mzdy0006_20120614.zip

Je to domaci, nebo firemni pocitac?

[AndreaP]

Domáci

[Márty84]

I tak jeden z tech antiviru odinstalujte. Dva antiviry v pc je cesta do pekel. Kde se dva perou, treti (virus) vyhrava


Pokud nemate, zazalohujte si dulezita data!!! Je tam toho fakt dost a nemusi se to podarit


Pokud tam jeste neni, presunte ComboFix na plochu.
Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\drivers\jjurwobc.sys
c:\windows\system32\drivers\jumevbvq.sys
c:\windows\system32\drivers\kcqaeceo.sys
c:\windows\system32\drivers\kxpiynog.sys
c:\windows\system32\drivers\mwdopgwd.sys
c:\windows\system32\drivers\pacxsuhn.sys
c:\windows\system32\drivers\swegkubb.sys
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\Codecs Pack.job
c:\windows\Tasks\ExpressBurnReminder.job
c:\windows\Tasks\ExpressRipReminder.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1292428093-725345543-1003UA.job
c:\windows\Tasks\prismShakeIcon.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\Tasks\WavePadReminder.job

Folder::
c:\program files\Ask.com
c:\program files\MyAshampoo
c:\documents and settings\Andrea\Local Settings\Application Data\MyAshampoo
c:\documents and settings\Andrea\Local Settings\Application Data\ConduitEngine
c:\program files\BabylonToolbar
c:\documents and settings\All Users\Application Data\Babylon
c:\documents and settings\Andrea\Application Data\Babylon

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"=-
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=-
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"=-
"{37483b40-c254-4a72-bda4-22ee90182c1e}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[-HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[-HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"=-
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"=-
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{37483b40-c254-4a72-bda4-22ee90182c1e}"=-
[-HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[-HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[-HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"=-
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
"{37483B40-C254-4A72-BDA4-22EE90182C1E}"=-
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"=-
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[-HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
[-HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[-HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"KiesTrayAgent"=-
"KiesHelper"=-
"KiesPDLR"=-
"BitTorrent"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=-
"QuickTime Task"=-
"HP Software Update"=-
"KiesTrayAgent"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"ApnUpdater"=-
"SunJavaUpdateSched"=-
"SweetIM"=-

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2790392
mStart Page = hxxp://home.sweetim.com
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

Firefox::
FF - ProfilePath - c:\documents and settings\Andrea\Application Data\Mozilla\Firefox\Profiles\97t7ufki.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT20867 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114022&tt=3012_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - f80e481a0000000000000019d13f899c
FF - user.js: extensions.BabylonToolbar.instlDay - 15550
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.117:14
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false

Driver::
jjurwobc
jumevbvq
kcqaeceo
kxpiynog
mwdopgwd
pacxsuhn
swegkubb
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

[AndreaP]

Možno sprostá otázka, ale ten text treba skopirovat do combofixu na ploche alebo do iného poznamkoveho bloku?

[Márty84]

Ten text do poznamkoveho bloku. Ten poznamkovy blok ulozite na plochu a pojmenujete CFScript.

A pak ten poznamkovy blok pretahnete mysi nad ikonu ComboFixu a pustite

[AndreaP]

Uz som spustila tak čakám co to spraví, zatial combofix beží

[Márty84]

OK

A to pisete z jineho pc?

[AndreaP]

Áno samozrejme

[Márty84]

No jen jsem se ptal, pac to by bylo divne. Ale stat se muze vsechno, takze jistota je jistota