VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o preventivní kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=132347

Stránka 1 z 1

Prosím o preventivní kontrolu logu

Napsal: 26 srp 2013 15:55
od Pavel525
Dobrý den,
prosím o preventivní kontrolu logu RSIT. Děkuji :)


Logfile of random's system information tool 1.09 (written by random/random)
Run by Pavel at 2013-08-26 16:49:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 40 GB (55%) free of 73 GB
Total RAM: 1536 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:31, on 26.8.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pavel\Plocha\Další programy\RSIT.exe
C:\Program Files\trend micro\Pavel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Documents and Settings\Pavel\Data aplikací\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Documents and Settings\Pavel\Data aplikací\ICQM\icq.exe (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2521371733
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 5720 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\Driver Booster Update.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://tredoxe.blog.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.149 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll


C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\extensions\
donottrackplus@abine.com
https-everywhere@eff.org

C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\searchplugins\
google-ssl.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-30 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-30 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-07-08 1464536]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-03-21 5078504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PeerBlock"=C:\Program Files\PeerBlock\peerblock.exe [2010-11-06 1867888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-03-14 2565520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-03-28 1611160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq]
C:\Documents and Settings\Pavel\Data aplikací\ICQM\icq.exe [2013-07-09 28698984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Pavel\Data aplikací\ICQM\icq.exe"="C:\Documents and Settings\Pavel\Data aplikací\ICQM\icq.exe:*:Enabled:ICQ"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MIDI1"=SYNCOR11.DLL

======List of files/folders created in the last 1 month======

2013-08-26 16:49:12 ----D---- C:\rsit
2013-08-26 13:50:09 ----D---- C:\Program Files\ESET
2013-08-26 13:50:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2013-08-26 13:21:36 ----ASH---- C:\hiberfil.sys
2013-08-26 13:17:19 ----A---- C:\WINDOWS\ntbtlog.txt
2013-08-26 12:53:04 ----HD---- C:\$AVG
2013-08-26 12:51:48 ----D---- C:\Program Files\AVG
2013-08-25 23:06:30 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2013-08-21 18:49:08 ----D---- C:\Program Files\PirateBrowser 0.6b
2013-08-19 13:22:32 ----D---- C:\WINDOWS\Performance
2013-08-17 11:53:18 ----D---- C:\Program Files\Mozilla Firefox
2013-08-16 22:32:45 ----D---- C:\Documents and Settings\Pavel\Data aplikací\PyScripter
2013-08-16 22:32:43 ----D---- C:\Program Files\PyScripter
2013-08-16 22:03:22 ----D---- C:\Python33
2013-08-14 23:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$
2013-08-14 23:41:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$
2013-08-14 23:40:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2863058$
2013-08-14 23:40:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2849470$
2013-08-11 13:15:18 ----D---- C:\Program Files\Time Stopper
2013-08-10 23:37:48 ----D---- C:\Documents and Settings\Pavel\Data aplikací\langmaster.gopas
2013-08-10 23:26:39 ----HD---- C:\VTRoot
2013-08-10 23:26:33 ----A---- C:\WINDOWS\system32\drivers\fvstore.dat
2013-08-09 21:38:52 ----D---- C:\Documents and Settings\Pavel\Data aplikací\jP
2013-08-09 20:48:57 ----D---- C:\Program Files\jPvocabulary-3.2
2013-08-09 20:43:57 ----D---- C:\Documents and Settings\All Users\Data aplikací\Mozilla
2013-08-09 20:43:55 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-08-04 12:05:37 ----D---- C:\WINDOWS\SxsCaPendDel
2013-08-03 22:06:31 ----D---- C:\Program Files\CDex

======List of files/folders modified in the last 1 month======

2013-08-26 16:49:23 ----D---- C:\Program Files\trend micro
2013-08-26 16:49:07 ----D---- C:\Program Files\PeerBlock
2013-08-26 16:48:58 ----D---- C:\WINDOWS\system32\CatRoot2
2013-08-26 16:38:07 ----D---- C:\WINDOWS
2013-08-26 16:37:34 ----D---- C:\WINDOWS\Temp
2013-08-26 16:36:07 ----D---- C:\WINDOWS\system32\config
2013-08-26 16:34:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-08-26 14:27:32 ----D---- C:\Program Files\The KMPlayer
2013-08-26 13:52:11 ----SHD---- C:\WINDOWS\Installer
2013-08-26 13:51:13 ----HD---- C:\WINDOWS\inf
2013-08-26 13:51:13 ----D---- C:\WINDOWS\system32\drivers
2013-08-26 13:50:09 ----RD---- C:\Program Files
2013-08-26 00:01:29 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Skype
2013-08-25 23:13:04 ----D---- C:\Documents and Settings\Pavel\Data aplikací\TuneUp Software
2013-08-25 23:00:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2013-08-25 23:00:08 ----D---- C:\WINDOWS\Prefetch
2013-08-22 06:44:21 ----D---- C:\WINDOWS\system32
2013-08-21 13:38:44 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-19 13:37:28 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-08-19 13:37:12 ----D---- C:\Program Files\SpywareBlaster
2013-08-19 01:39:57 ----D---- C:\Documents and Settings\Pavel\Data aplikací\foobar2000
2013-08-18 12:42:25 ----D---- C:\Program Files\CCleaner
2013-08-18 12:40:08 ----D---- C:\Program Files\foobar2000
2013-08-16 22:04:04 ----SD---- C:\Documents and Settings\Pavel\Data aplikací\Microsoft
2013-08-15 23:51:32 ----D---- C:\WINDOWS\Debug
2013-08-15 23:44:13 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-15 23:44:03 ----RSD---- C:\WINDOWS\assembly
2013-08-14 23:47:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-08-14 23:47:19 ----D---- C:\Program Files\Internet Explorer
2013-08-14 23:46:58 ----D---- C:\WINDOWS\ie8updates
2013-08-14 23:46:47 ----D---- C:\WINDOWS\system32\MRT
2013-08-14 23:42:41 ----A---- C:\WINDOWS\system32\MRT.exe
2013-08-14 23:42:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-08-14 23:39:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-14 23:39:22 ----D---- C:\WINDOWS\WinSxS
2013-08-14 00:10:14 ----D---- C:\Documents and Settings\Pavel\Data aplikací\uTorrent
2013-08-12 23:56:54 ----D---- C:\Documents and Settings\Pavel\Data aplikací\Media Player Classic
2013-08-12 09:30:50 ----D---- C:\WINDOWS\SoftwareDistribution
2013-08-11 14:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2013-08-11 14:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2013-08-11 14:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2013-08-11 14:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2013-08-11 14:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2013-08-11 14:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2013-08-11 14:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2013-08-11 14:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2013-08-11 14:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2013-08-11 14:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$
2013-08-11 14:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2829361$
2013-08-11 14:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2013-08-11 14:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2834886$
2013-08-11 14:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-08-11 14:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2013-08-11 14:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2850851$
2013-08-11 14:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2013-08-11 14:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2013-08-11 14:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2013-08-11 14:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2013-08-11 14:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2013-08-11 14:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2013-08-11 14:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2013-08-11 14:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2013-08-11 14:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2013-08-11 14:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2013-08-11 14:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2013-08-11 14:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2013-08-11 14:01:14 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2013-08-11 14:01:14 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2013-08-11 14:01:07 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2013-06-18 99520]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2013-06-29 466008]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2013-06-18 18528]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2013-07-08 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2013-06-18 32816]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-01-10 161368]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2013-01-10 105784]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2011-04-01 48128]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
R3 pbfilter;pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 aaqere2r;aaqere2r; C:\WINDOWS\system32\drivers\aaqere2r.sys []
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2013-07-08 4801304]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-03-21 1341664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-06-30 182184]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-03 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-06-18 127192]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-17 117656]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
S3 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

Re: Prosím o preventivní kontrolu logu

Napsal: 26 srp 2013 18:43
od Roli
Zdravím, tyhle zbytečnosti fixni v HJT :

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

C:\Program Files\trend micro\Pavel.exe

Fix znamená že spustíš HJT Obrázek jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Jinak nic špatného nevidím, jen doporučím neměnit moc často antivir, protože skoro vždy po sobě něco zanechá v systému,

momentálně jsou tam zbytky po AVG a pak to může dělat psí kusy.

Re: Prosím o preventivní kontrolu logu

Napsal: 26 srp 2013 20:33
od Pavel525
Dobře, fixnu :). Ccleaner používám tak průběžně. Jinak s antiviry mám právě trochu problém. Měl jsem Avast, který jsem odinstaloval, neb se mi nepozdávalo to odesílání dat přes cloud k nim, resp. to vágní prohlášení Avilu, že data nějak nezneužijí. Tak jsem dal na PC Aviru, která ho ale za měsíc zpomalila na neskutečnou rychlost, takže musela pryč. AVG se zase při instalaci seklo (ač v.2010 tuším jsem na něm měl přes rok dřív a pohodě), takže jsem ho musel asi 3x přeinstalovávat a nakonec vyhodit pomocí toho nástroje na odstranění na jejich stránkách a dnes jsem tam dal ESET, který šlape a doufám, že i bude alespoň ten měsíc co je zadarmo a dál nevím :( Už nějak nevím co s tím, tak jsem napsal sem, jestli to nedělá nějaký skrytý vir...

Re: Prosím o preventivní kontrolu logu

Napsal: 26 srp 2013 21:19
od Roli
No tak se podíváme hlouběji.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

Re: Prosím o preventivní kontrolu logu

Napsal: 26 srp 2013 22:34
od Pavel525
Tady je poždavaný log:

ComboFix 13-08-25.01 - Pavel 26.08.2013 22:59:40.1.1 - x86
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pavel\WINDOWS
c:\windows\system32\msssc.dll
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-26 do 2013-08-26 )))))))))))))))))))))))))))))))
.
.
2013-08-26 20:46 . 2013-08-26 20:50 -------- d-----w- C:\32788R22FWJFW
2013-08-26 14:49 . 2013-08-26 14:49 -------- d-----w- C:\rsit
2013-08-26 11:50 . 2013-08-26 11:50 -------- d-----w- c:\program files\ESET
2013-08-26 11:50 . 2013-08-26 11:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2013-08-26 10:53 . 2013-08-26 10:53 -------- d-----w- C:\$AVG
2013-08-26 10:51 . 2013-08-26 10:51 -------- d-----w- c:\program files\AVG
2013-08-25 21:06 . 2013-08-25 21:06 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2013-08-21 16:49 . 2013-08-10 10:36 -------- d-----w- c:\program files\PirateBrowser 0.6b
2013-08-19 11:22 . 2013-08-19 11:22 -------- d-----w- c:\windows\Performance
2013-08-19 11:22 . 2013-08-19 11:22 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\Microsoft Corporation
2013-08-16 20:32 . 2013-08-16 21:03 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\PyScripter
2013-08-16 20:32 . 2013-08-16 20:32 -------- d-----w- c:\program files\PyScripter
2013-08-16 20:26 . 2013-08-16 20:26 -------- d-----w- c:\documents and settings\Pavel\.idlerc
2013-08-16 20:04 . 2013-08-16 20:04 98304 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{92389DE9-939E-341B-A076-1D52D7DBCA71}\python_icon.exe
2013-08-16 20:03 . 2013-08-16 20:04 -------- d-----w- C:\Python33
2013-08-14 21:42 . 2013-08-14 21:42 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Microsoft Help
2013-08-11 11:15 . 2013-08-11 11:15 -------- d-----w- c:\program files\Time Stopper
2013-08-10 21:37 . 2013-08-12 16:34 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\langmaster.gopas
2013-08-10 21:26 . 2013-08-10 21:26 -------- d-----w- C:\VTRoot
2013-08-10 21:26 . 2013-08-10 21:42 5760 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-08-09 19:38 . 2013-08-09 19:38 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\jP
2013-08-09 18:48 . 2012-01-03 19:42 -------- d-----w- c:\program files\jPvocabulary-3.2
2013-08-09 18:43 . 2013-08-18 19:57 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-08-04 10:05 . 2013-08-04 20:22 -------- d-----w- c:\windows\SxsCaPendDel
2013-08-03 20:06 . 2013-08-03 20:13 -------- d-----w- c:\program files\CDex
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 11:38 . 2013-06-29 17:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 11:38 . 2013-06-29 17:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-26 02:49 . 2004-08-18 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:48 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:48 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37 . 2004-08-18 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-08 20:59 . 2013-06-18 14:16 587352 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-07-04 07:34 . 2004-08-17 15:45 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2004-08-18 12:00 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-29 22:36 . 2013-06-29 22:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 22:36 . 2013-06-29 22:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-29 22:36 . 2013-06-29 22:36 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-29 22:36 . 2013-06-29 22:36 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-29 15:51 . 2013-06-29 15:51 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-06-18 14:16 . 2013-06-18 14:16 99520 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-06-18 14:16 . 2013-06-18 14:16 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 14:16 . 2013-06-18 14:16 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 14:15 . 2013-06-18 14:15 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 14:15 . 2013-06-18 14:15 348584 ----a-w- c:\windows\system32\guard32.dll
2013-06-18 14:15 . 2013-06-18 14:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-06-18 14:15 . 2013-06-18 14:15 278232 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-06-05 09:08 . 2004-08-18 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:23 . 2004-08-18 12:00 563712 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1867888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1464536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-14 17:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-03-28 09:40 1611160 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq]
2013-07-09 12:25 28698984 ----a-w- c:\documents and settings\Pavel\Data aplikací\ICQM\icq.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2013-04-04 12:50 532040 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 06:57 143360 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 21:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Pavel\\Data aplikací\\ICQM\\icq.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-06-18 127192]
R3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-10-27 1483072]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-06-18 18528]
S1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-07-08 587352]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-06-18 32816]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2013-01-10 105784]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2013-03-21 1341664]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-06 19056]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - PBFILTER
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-29 11:38]
.
2013-08-26 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-06-18 20:59]
.
2013-07-08 c:\windows\Tasks\Driver Booster Update.job
- c:\program files\IObit\Driver Booster\AutoUpdate.exe [2013-07-08 15:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\
FF - prefs.js: browser.search.selectedEngine - Google SSL
FF - prefs.js: browser.startup.homepage - hxxp://tredoxe.blog.cz/
FF - ExtSQL: 2013-08-16 22:48; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-16 22:52; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-08-16 22:52; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-08-16 22:52; donottrackplus@abine.com; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\extensions\donottrackplus@abine.com
FF - ExtSQL: 2013-08-19 00:21; https-everywhere@eff.org; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\extensions\https-everywhere@eff.org
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-26 23:17
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1204)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(1044)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2013-08-26 23:28:13
ComboFix-quarantined-files.txt 2013-08-26 21:27
.
Před spuštěním: Volných bajtů: 35 645 308 928
Po spuštění: Volných bajtů: 35 675 488 256
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B5CEC192F58B56B2B68D6C322FA71CED
413FC2A0C716421B3158746D63736515

Re: Prosím o preventivní kontrolu logu

Napsal: 27 srp 2013 21:13
od Roli
Přes Start >> Ovládací panely >> Přidat nebo odebrat odinstaluj vše od IObit


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Folder::
C:\$AVG
c:\program files\AVG
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

Re: Prosím o preventivní kontrolu logu

Napsal: 27 srp 2013 23:08
od Pavel525
Od IObit jsem našel jen jeden program a ten jsem odinstaloval. Další log z Combofixu je zde:

ComboFix 13-08-25.01 - Pavel 27.08.2013 23:24:02.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1536.989 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pavel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\$AVG
c:\program files\AVG
c:\program files\AVG\AVG2013\banners\banners.zip
c:\program files\AVG\AVG2013\banners\free\cz.html
c:\program files\AVG\AVG2013\banners\free\da.html
c:\program files\AVG\AVG2013\banners\free\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\free\es.html
c:\program files\AVG\AVG2013\banners\free\fr.html
c:\program files\AVG\AVG2013\banners\free\ge.html
c:\program files\AVG\AVG2013\banners\free\hu.html
c:\program files\AVG\AVG2013\banners\free\id.html
c:\program files\AVG\AVG2013\banners\free\in.html
c:\program files\AVG\AVG2013\banners\free\it.html
c:\program files\AVG\AVG2013\banners\free\jp.html
c:\program files\AVG\AVG2013\banners\free\ko.html
c:\program files\AVG\AVG2013\banners\free\ms.html
c:\program files\AVG\AVG2013\banners\free\nl.html
c:\program files\AVG\AVG2013\banners\free\pb.html
c:\program files\AVG\AVG2013\banners\free\pl.html
c:\program files\AVG\AVG2013\banners\free\pt.html
c:\program files\AVG\AVG2013\banners\free\ru.html
c:\program files\AVG\AVG2013\banners\free\s_code.js
c:\program files\AVG\AVG2013\banners\free\sc.html
c:\program files\AVG\AVG2013\banners\free\separator.png
c:\program files\AVG\AVG2013\banners\free\sk.html
c:\program files\AVG\AVG2013\banners\free\sp.html
c:\program files\AVG\AVG2013\banners\free\style.css
c:\program files\AVG\AVG2013\banners\free\tick.png
c:\program files\AVG\AVG2013\banners\free\tr.html
c:\program files\AVG\AVG2013\banners\free\transparent.gif
c:\program files\AVG\AVG2013\banners\free\us.html
c:\program files\AVG\AVG2013\banners\free\zh.html
c:\program files\AVG\AVG2013\banners\free\zt.html
c:\program files\AVG\AVG2013\banners\linkscanner\cz.html
c:\program files\AVG\AVG2013\banners\linkscanner\da.html
c:\program files\AVG\AVG2013\banners\linkscanner\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\linkscanner\es.html
c:\program files\AVG\AVG2013\banners\linkscanner\fr.html
c:\program files\AVG\AVG2013\banners\linkscanner\ge.html
c:\program files\AVG\AVG2013\banners\linkscanner\hu.html
c:\program files\AVG\AVG2013\banners\linkscanner\id.html
c:\program files\AVG\AVG2013\banners\linkscanner\in.html
c:\program files\AVG\AVG2013\banners\linkscanner\isc-box.png
c:\program files\AVG\AVG2013\banners\linkscanner\it.html
c:\program files\AVG\AVG2013\banners\linkscanner\jp.html
c:\program files\AVG\AVG2013\banners\linkscanner\ko.html
c:\program files\AVG\AVG2013\banners\linkscanner\ms.html
c:\program files\AVG\AVG2013\banners\linkscanner\nl.html
c:\program files\AVG\AVG2013\banners\linkscanner\pb.html
c:\program files\AVG\AVG2013\banners\linkscanner\pl.html
c:\program files\AVG\AVG2013\banners\linkscanner\pt.html
c:\program files\AVG\AVG2013\banners\linkscanner\ru.html
c:\program files\AVG\AVG2013\banners\linkscanner\sc.html
c:\program files\AVG\AVG2013\banners\linkscanner\sk.html
c:\program files\AVG\AVG2013\banners\linkscanner\sp.html
c:\program files\AVG\AVG2013\banners\linkscanner\style.css
c:\program files\AVG\AVG2013\banners\linkscanner\tr.html
c:\program files\AVG\AVG2013\banners\linkscanner\us.html
c:\program files\AVG\AVG2013\banners\linkscanner\zh.html
c:\program files\AVG\AVG2013\banners\linkscanner\zt.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\cz.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\da.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\paid.notice.smb\es.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\fr.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\ge.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\green-btn.png
c:\program files\AVG\AVG2013\banners\paid.notice.smb\hu.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\icon-av.png
c:\program files\AVG\AVG2013\banners\paid.notice.smb\id.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\in.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\it.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\jp.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\ko.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\logo.png
c:\program files\AVG\AVG2013\banners\paid.notice.smb\ms.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\nl.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\pb.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\pl.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\pt.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\ru.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\sc.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\sk.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\sp.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\style.css
c:\program files\AVG\AVG2013\banners\paid.notice.smb\tr.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\transparent.gif
c:\program files\AVG\AVG2013\banners\paid.notice.smb\us.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\zh.html
c:\program files\AVG\AVG2013\banners\paid.notice.smb\zt.html
c:\program files\AVG\AVG2013\banners\paid.notice\cz.html
c:\program files\AVG\AVG2013\banners\paid.notice\da.html
c:\program files\AVG\AVG2013\banners\paid.notice\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\paid.notice\es.html
c:\program files\AVG\AVG2013\banners\paid.notice\fr.html
c:\program files\AVG\AVG2013\banners\paid.notice\ge.html
c:\program files\AVG\AVG2013\banners\paid.notice\hu.html
c:\program files\AVG\AVG2013\banners\paid.notice\id.html
c:\program files\AVG\AVG2013\banners\paid.notice\in.html
c:\program files\AVG\AVG2013\banners\paid.notice\it.html
c:\program files\AVG\AVG2013\banners\paid.notice\jp.html
c:\program files\AVG\AVG2013\banners\paid.notice\ko.html
c:\program files\AVG\AVG2013\banners\paid.notice\ms.html
c:\program files\AVG\AVG2013\banners\paid.notice\nl.html
c:\program files\AVG\AVG2013\banners\paid.notice\pb.html
c:\program files\AVG\AVG2013\banners\paid.notice\pl.html
c:\program files\AVG\AVG2013\banners\paid.notice\pt.html
c:\program files\AVG\AVG2013\banners\paid.notice\ru.html
c:\program files\AVG\AVG2013\banners\paid.notice\sc.html
c:\program files\AVG\AVG2013\banners\paid.notice\sk.html
c:\program files\AVG\AVG2013\banners\paid.notice\sp.html
c:\program files\AVG\AVG2013\banners\paid.notice\style.css
c:\program files\AVG\AVG2013\banners\paid.notice\tr.html
c:\program files\AVG\AVG2013\banners\paid.notice\transparent.gif
c:\program files\AVG\AVG2013\banners\paid.notice\us.html
c:\program files\AVG\AVG2013\banners\paid.notice\zh.html
c:\program files\AVG\AVG2013\banners\paid.notice\zt.html
c:\program files\AVG\AVG2013\banners\paid.smb\cz.html
c:\program files\AVG\AVG2013\banners\paid.smb\da.html
c:\program files\AVG\AVG2013\banners\paid.smb\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\paid.smb\es.html
c:\program files\AVG\AVG2013\banners\paid.smb\fr.html
c:\program files\AVG\AVG2013\banners\paid.smb\ge.html
c:\program files\AVG\AVG2013\banners\paid.smb\green-btn.png
c:\program files\AVG\AVG2013\banners\paid.smb\hu.html
c:\program files\AVG\AVG2013\banners\paid.smb\icon-av.png
c:\program files\AVG\AVG2013\banners\paid.smb\id.html
c:\program files\AVG\AVG2013\banners\paid.smb\in.html
c:\program files\AVG\AVG2013\banners\paid.smb\it.html
c:\program files\AVG\AVG2013\banners\paid.smb\jp.html
c:\program files\AVG\AVG2013\banners\paid.smb\ko.html
c:\program files\AVG\AVG2013\banners\paid.smb\logo.png
c:\program files\AVG\AVG2013\banners\paid.smb\ms.html
c:\program files\AVG\AVG2013\banners\paid.smb\nl.html
c:\program files\AVG\AVG2013\banners\paid.smb\pb.html
c:\program files\AVG\AVG2013\banners\paid.smb\pl.html
c:\program files\AVG\AVG2013\banners\paid.smb\pt.html
c:\program files\AVG\AVG2013\banners\paid.smb\ru.html
c:\program files\AVG\AVG2013\banners\paid.smb\sc.html
c:\program files\AVG\AVG2013\banners\paid.smb\sk.html
c:\program files\AVG\AVG2013\banners\paid.smb\sp.html
c:\program files\AVG\AVG2013\banners\paid.smb\style.css
c:\program files\AVG\AVG2013\banners\paid.smb\tr.html
c:\program files\AVG\AVG2013\banners\paid.smb\transparent.gif
c:\program files\AVG\AVG2013\banners\paid.smb\us.html
c:\program files\AVG\AVG2013\banners\paid.smb\zh.html
c:\program files\AVG\AVG2013\banners\paid.smb\zt.html
c:\program files\AVG\AVG2013\banners\paid\cz.html
c:\program files\AVG\AVG2013\banners\paid\da.html
c:\program files\AVG\AVG2013\banners\paid\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\paid\es.html
c:\program files\AVG\AVG2013\banners\paid\fr.html
c:\program files\AVG\AVG2013\banners\paid\ge.html
c:\program files\AVG\AVG2013\banners\paid\hu.html
c:\program files\AVG\AVG2013\banners\paid\id.html
c:\program files\AVG\AVG2013\banners\paid\in.html
c:\program files\AVG\AVG2013\banners\paid\it.html
c:\program files\AVG\AVG2013\banners\paid\jp.html
c:\program files\AVG\AVG2013\banners\paid\ko.html
c:\program files\AVG\AVG2013\banners\paid\logo.png
c:\program files\AVG\AVG2013\banners\paid\ms.html
c:\program files\AVG\AVG2013\banners\paid\nl.html
c:\program files\AVG\AVG2013\banners\paid\pb.html
c:\program files\AVG\AVG2013\banners\paid\pl.html
c:\program files\AVG\AVG2013\banners\paid\pt.html
c:\program files\AVG\AVG2013\banners\paid\ru.html
c:\program files\AVG\AVG2013\banners\paid\sc.html
c:\program files\AVG\AVG2013\banners\paid\sk.html
c:\program files\AVG\AVG2013\banners\paid\sp.html
c:\program files\AVG\AVG2013\banners\paid\style.css
c:\program files\AVG\AVG2013\banners\paid\tr.html
c:\program files\AVG\AVG2013\banners\paid\transparent.gif
c:\program files\AVG\AVG2013\banners\paid\us.html
c:\program files\AVG\AVG2013\banners\paid\zh.html
c:\program files\AVG\AVG2013\banners\paid\zt.html
c:\program files\AVG\AVG2013\banners\sales\cz.html
c:\program files\AVG\AVG2013\banners\sales\da.html
c:\program files\AVG\AVG2013\banners\sales\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\sales\es.html
c:\program files\AVG\AVG2013\banners\sales\fr.html
c:\program files\AVG\AVG2013\banners\sales\ge.html
c:\program files\AVG\AVG2013\banners\sales\hu.html
c:\program files\AVG\AVG2013\banners\sales\id.html
c:\program files\AVG\AVG2013\banners\sales\in.html
c:\program files\AVG\AVG2013\banners\sales\it.html
c:\program files\AVG\AVG2013\banners\sales\jp.html
c:\program files\AVG\AVG2013\banners\sales\ko.html
c:\program files\AVG\AVG2013\banners\sales\ms.html
c:\program files\AVG\AVG2013\banners\sales\nl.html
c:\program files\AVG\AVG2013\banners\sales\pb.html
c:\program files\AVG\AVG2013\banners\sales\pl.html
c:\program files\AVG\AVG2013\banners\sales\pt.html
c:\program files\AVG\AVG2013\banners\sales\ru.html
c:\program files\AVG\AVG2013\banners\sales\sc.html
c:\program files\AVG\AVG2013\banners\sales\sk.html
c:\program files\AVG\AVG2013\banners\sales\sp.html
c:\program files\AVG\AVG2013\banners\sales\style.css
c:\program files\AVG\AVG2013\banners\sales\tr.html
c:\program files\AVG\AVG2013\banners\sales\transparent.gif
c:\program files\AVG\AVG2013\banners\sales\us.html
c:\program files\AVG\AVG2013\banners\sales\zh.html
c:\program files\AVG\AVG2013\banners\sales\zt.html
c:\program files\AVG\AVG2013\banners\trial.smb\cz.html
c:\program files\AVG\AVG2013\banners\trial.smb\da.html
c:\program files\AVG\AVG2013\banners\trial.smb\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\trial.smb\es.html
c:\program files\AVG\AVG2013\banners\trial.smb\fr.html
c:\program files\AVG\AVG2013\banners\trial.smb\ge.html
c:\program files\AVG\AVG2013\banners\trial.smb\green-btn.png
c:\program files\AVG\AVG2013\banners\trial.smb\hu.html
c:\program files\AVG\AVG2013\banners\trial.smb\icon-av.png
c:\program files\AVG\AVG2013\banners\trial.smb\id.html
c:\program files\AVG\AVG2013\banners\trial.smb\in.html
c:\program files\AVG\AVG2013\banners\trial.smb\it.html
c:\program files\AVG\AVG2013\banners\trial.smb\jp.html
c:\program files\AVG\AVG2013\banners\trial.smb\ko.html
c:\program files\AVG\AVG2013\banners\trial.smb\logo.png
c:\program files\AVG\AVG2013\banners\trial.smb\ms.html
c:\program files\AVG\AVG2013\banners\trial.smb\nl.html
c:\program files\AVG\AVG2013\banners\trial.smb\pb.html
c:\program files\AVG\AVG2013\banners\trial.smb\pl.html
c:\program files\AVG\AVG2013\banners\trial.smb\pt.html
c:\program files\AVG\AVG2013\banners\trial.smb\ru.html
c:\program files\AVG\AVG2013\banners\trial.smb\sc.html
c:\program files\AVG\AVG2013\banners\trial.smb\sk.html
c:\program files\AVG\AVG2013\banners\trial.smb\sp.html
c:\program files\AVG\AVG2013\banners\trial.smb\style.css
c:\program files\AVG\AVG2013\banners\trial.smb\tr.html
c:\program files\AVG\AVG2013\banners\trial.smb\transparent.gif
c:\program files\AVG\AVG2013\banners\trial.smb\us.html
c:\program files\AVG\AVG2013\banners\trial.smb\zh.html
c:\program files\AVG\AVG2013\banners\trial.smb\zt.html
c:\program files\AVG\AVG2013\banners\trial\cz.html
c:\program files\AVG\AVG2013\banners\trial\da.html
c:\program files\AVG\AVG2013\banners\trial\DINWebPro-Medium.eot
c:\program files\AVG\AVG2013\banners\trial\es.html
c:\program files\AVG\AVG2013\banners\trial\fr.html
c:\program files\AVG\AVG2013\banners\trial\ge.html
c:\program files\AVG\AVG2013\banners\trial\hu.html
c:\program files\AVG\AVG2013\banners\trial\id.html
c:\program files\AVG\AVG2013\banners\trial\in.html
c:\program files\AVG\AVG2013\banners\trial\it.html
c:\program files\AVG\AVG2013\banners\trial\jp.html
c:\program files\AVG\AVG2013\banners\trial\ko.html
c:\program files\AVG\AVG2013\banners\trial\ms.html
c:\program files\AVG\AVG2013\banners\trial\nl.html
c:\program files\AVG\AVG2013\banners\trial\pb.html
c:\program files\AVG\AVG2013\banners\trial\pl.html
c:\program files\AVG\AVG2013\banners\trial\pt.html
c:\program files\AVG\AVG2013\banners\trial\ru.html
c:\program files\AVG\AVG2013\banners\trial\sc.html
c:\program files\AVG\AVG2013\banners\trial\sk.html
c:\program files\AVG\AVG2013\banners\trial\sp.html
c:\program files\AVG\AVG2013\banners\trial\style.css
c:\program files\AVG\AVG2013\banners\trial\tr.html
c:\program files\AVG\AVG2013\banners\trial\transparent.gif
c:\program files\AVG\AVG2013\banners\trial\us.html
c:\program files\AVG\AVG2013\banners\trial\zh.html
c:\program files\AVG\AVG2013\banners\trial\zt.html
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-07-27 do 2013-08-27 )))))))))))))))))))))))))))))))
.
.
2013-08-27 12:39 . 2013-08-27 12:39 -------- d-----w- c:\program files\Gopas
2013-08-26 20:46 . 2013-08-27 21:16 -------- d-----w- C:\32788R22FWJFW
2013-08-26 14:49 . 2013-08-26 14:49 -------- d-----w- C:\rsit
2013-08-26 11:50 . 2013-08-26 11:50 -------- d-----w- c:\program files\ESET
2013-08-26 11:50 . 2013-08-26 11:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2013-08-25 21:06 . 2013-08-25 21:06 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2013-08-21 16:49 . 2013-08-10 10:36 -------- d-----w- c:\program files\PirateBrowser 0.6b
2013-08-19 11:22 . 2013-08-19 11:22 -------- d-----w- c:\windows\Performance
2013-08-19 11:22 . 2013-08-19 11:22 -------- d-----w- c:\documents and settings\Pavel\Local Settings\Data aplikací\Microsoft Corporation
2013-08-16 20:32 . 2013-08-16 21:03 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\PyScripter
2013-08-16 20:32 . 2013-08-16 20:32 -------- d-----w- c:\program files\PyScripter
2013-08-16 20:26 . 2013-08-16 20:26 -------- d-----w- c:\documents and settings\Pavel\.idlerc
2013-08-16 20:04 . 2013-08-16 20:04 98304 ----a-r- c:\documents and settings\Pavel\Data aplikací\Microsoft\Installer\{92389DE9-939E-341B-A076-1D52D7DBCA71}\python_icon.exe
2013-08-16 20:03 . 2013-08-16 20:04 -------- d-----w- C:\Python33
2013-08-14 21:42 . 2013-08-14 21:42 -------- d-----w- c:\documents and settings\Default User\Local Settings\Data aplikací\Microsoft Help
2013-08-11 11:15 . 2013-08-11 11:15 -------- d-----w- c:\program files\Time Stopper
2013-08-10 21:37 . 2013-08-27 13:17 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\langmaster.gopas
2013-08-10 21:26 . 2013-08-10 21:26 -------- d-----w- C:\VTRoot
2013-08-10 21:26 . 2013-08-10 21:42 5760 ----a-w- c:\windows\system32\drivers\fvstore.dat
2013-08-09 19:38 . 2013-08-09 19:38 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\jP
2013-08-09 18:48 . 2012-01-03 19:42 -------- d-----w- c:\program files\jPvocabulary-3.2
2013-08-09 18:43 . 2013-08-18 19:57 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-08-04 10:05 . 2013-08-04 20:22 -------- d-----w- c:\windows\SxsCaPendDel
2013-08-03 20:06 . 2013-08-03 20:13 -------- d-----w- c:\program files\CDex
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 11:38 . 2013-06-29 17:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 11:38 . 2013-06-29 17:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-26 02:49 . 2004-08-18 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:48 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:48 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37 . 2004-08-18 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-08 20:59 . 2013-06-18 14:16 587352 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2013-07-04 07:34 . 2004-08-17 15:45 2072320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-04 07:34 . 2004-08-18 12:00 2195712 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-29 22:36 . 2013-06-29 22:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 22:36 . 2013-06-29 22:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-29 22:36 . 2013-06-29 22:36 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-29 22:36 . 2013-06-29 22:36 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-29 15:51 . 2013-06-29 15:51 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-06-18 14:16 . 2013-06-18 14:16 99520 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-06-18 14:16 . 2013-06-18 14:16 32816 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 14:16 . 2013-06-18 14:16 18528 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 14:15 . 2013-06-18 14:15 35488 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 14:15 . 2013-06-18 14:15 348584 ----a-w- c:\windows\system32\guard32.dll
2013-06-18 14:15 . 2013-06-18 14:15 40664 ----a-w- c:\windows\system32\cmdkbd32.dll
2013-06-18 14:15 . 2013-06-18 14:15 278232 ----a-w- c:\windows\system32\cmdvrt32.dll
2013-06-05 09:08 . 2004-08-18 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:23 . 2004-08-18 12:00 563712 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1867888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-07-08 1464536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-14 17:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-03-28 09:40 1611160 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq]
2013-07-09 12:25 28698984 ----a-w- c:\documents and settings\Pavel\Data aplikací\ICQM\icq.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2013-04-04 12:50 532040 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-05-05 06:57 143360 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 21:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Pavel\\Data aplikací\\ICQM\\icq.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [18.6.2013 16:16 18528]
R1 cmdGuard;COMODO Internet Security Driver;c:\windows\system32\drivers\cmdGuard.sys [18.6.2013 16:16 587352]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [18.6.2013 16:16 32816]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [10.1.2013 10:25 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10.1.2013 10:25 105784]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.3.2013 15:19 1341664]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [29.6.2013 20:27 19056]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.6.2013 16:21 162408]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [18.6.2013 16:15 127192]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [27.10.2010 18:23 1483072]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - PBFILTER
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2013-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-29 11:38]
.
2013-08-27 c:\windows\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
- c:\program files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-06-18 20:59]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\
FF - prefs.js: browser.search.selectedEngine - Google SSL
FF - prefs.js: browser.startup.homepage - hxxp://tredoxe.blog.cz/
FF - ExtSQL: 2013-08-16 22:48; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-16 22:52; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-08-16 22:52; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-08-16 22:52; donottrackplus@abine.com; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\extensions\donottrackplus@abine.com
FF - ExtSQL: 2013-08-19 00:21; https-everywhere@eff.org; c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\f5vzmbxp.default-1376679318281\extensions\https-everywhere@eff.org
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-27 23:51
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
.
- - - - - - - > 'csrss.exe'(820)
c:\windows\system32\cmdcsr.dll
.
Celkový čas: 2013-08-28 00:04:14
ComboFix-quarantined-files.txt 2013-08-27 22:02
ComboFix2.txt 2013-08-26 21:28
.
Před spuštěním: Volných bajtů: 37 407 723 520
Po spuštění: Volných bajtů: 37 393 854 464
.
- - End Of File - - 88542E087B1981F48B7FDF43FBE7D630
413FC2A0C716421B3158746D63736515

Re: Prosím o preventivní kontrolu logu

Napsal: 28 srp 2013 18:34
od Roli
Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem spusť,

objeví se okno kde vlevo dole klikni na Scan.

Po té proběhne sken a po jeho skončení na Tebe vypadne log, který mi sem zkopíruj.

Re: Prosím o preventivní kontrolu logu

Napsal: 28 srp 2013 23:45
od Pavel525
Tak s Combofixem a T-Cleanerem provedeno, log je tu:

# AdwCleaner v3.001 - Report created 29/08/2013 at 00:37:47
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Pavel - PAVEL-83AC7A5FD
# Running from : C:\Documents and Settings\Pavel\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Pavel\IECompatCache

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (cs)

[ File : C:\Documents and Settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\wuqu4lhu.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [865 octets] - [29/08/2013 00:35:44]
AdwCleaner[S0].txt - [791 octets] - [29/08/2013 00:37:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [850 octets] ##########

Re: Prosím o preventivní kontrolu logu

Napsal: 29 srp 2013 18:08
od Roli
Pavel525 píše:............, log je tu:
A co jsem psal, že máš stisknout za tlačítko ?

Naštěstí se nic nestalo, ale příště bych byl rád kdyby bylo po mém, protože ten návod nepíšu z nudy.

Jinak je uklizeno tak, že jaký je stav PC ?

Re: Prosím o preventivní kontrolu logu

Napsal: 29 srp 2013 19:29
od Pavel525
Safra, nj :oops: Počítač je zdá se v pohodě. Sice se budu muset ponořit do bádání po dalším antiviru, neb NOD zase vyhazuje internet, takže musím restartovat router i PC aspoň jednou denně, ale to dělal už dávno. Chyba bude někde v routeru, hlavní je, že teď vím, že to není virem, takže díky! :)

Re: Prosím o preventivní kontrolu logu

Napsal: 29 srp 2013 21:26
od Roli
Není zač a :closed:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz