Dobrý večer,
poprosil bych o preventivní kontrolu logu
Logfile of random's system information tool 1.06 (written by random/random)
Run by Max_cz at 2010-03-02 01:27:08
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 52 GB (30%) free of 175 GB
Total RAM: 2046 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:10, on 2.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Windows\ehome\ehtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Users\Max_cz.Uživatel-PC\AppData\Local\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Users\Max_cz.Uživatel-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max_cz.Uživatel-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max_cz.Uživatel-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max_cz.Uživatel-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Max_cz.Uživatel-PC\Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Max_cz.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Max_cz.Uživatel-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Yodm3D] C:\Users\MAX_CZ~1.UIV\AppData\Local\Temp\Rar$EX00.966\Yodm3D.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Obsah aplikace OneNote.onetoc2
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {49CD73D5-CBE2-4FAA-B70F-0252C74809AB} (IPCamera Control) - http://dyndnsset.dyndns.org/classes/PLANETCamV.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
--
End of file - 7327 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4100094215-1116639704-3349767807-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4100094215-1116639704-3349767807-1001UA.job
C:\Windows\tasks\User_Feed_Synchronization-{39366205-3F98-4DFE-A1FB-F769A26CC77C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-01 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-12 6965792]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-01-29 1095872]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"WhatPulse"=C:\Program Files\WhatPulse\WhatPulse.exe [2006-08-21 665600]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"QIP2005"=C:\Program Files\QIP\qip.exe [2009-08-13 3276288]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"Google Update"=C:\Users\Max_cz.Uživatel-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-15 133104]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"Yodm3D"=C:\Users\MAX_CZ~1.UIV\AppData\Local\Temp\Rar$EX00.966\Yodm3D.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Max_cz.Uživatel-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-15 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
C:\Users\Max_cz.Uživatel-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Obsah aplikace OneNote.onetoc2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{280EE6F9-E414-4D35-8FEF-8180BB5AC916}"=C:\Windows\system32\ssqNFXrS.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e7c9bfd-e985-11dd-a161-00030d73c928}]
shell\AutoRun\command - StartPortableApps.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ab6d1b4-52d8-11dd-8911-00030d73c928}]
shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{533a1479-b8f5-11dd-9d72-00030d73c928}]
shell\AutoRun\command - F:\setup.exe /autorun
shell\directx\command - F:\DirectX\dxsetup.exe
shell\setup\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d692c5ad-4fd8-11dd-bbc1-00030d73c928}]
shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc80a7f6-0f88-11de-947a-00030d73c928}]
shell\AutoRun\command - G:\wd_windows_tools\WDSetup.exe
======List of files/folders created in the last 1 months======
2010-03-02 01:05:20 ----D---- C:\Program Files\trend micro
2010-03-02 01:05:19 ----D---- C:\rsit
2010-03-02 00:57:09 ----SHD---- C:\Config.Msi
2010-03-01 23:51:58 ----D---- C:\ProgramData\Sun
2010-03-01 23:51:05 ----A---- C:\Windows\system32\javaws.exe
2010-03-01 23:51:05 ----A---- C:\Windows\system32\javaw.exe
2010-03-01 23:51:05 ----A---- C:\Windows\system32\deploytk.dll
2010-03-01 23:51:04 ----A---- C:\Windows\system32\java.exe
2010-03-01 23:46:13 ----D---- C:\Windows\system32\BMW 3 Series Coupe dir
2010-03-01 21:41:51 ----D---- C:\Users\Max_cz.Uživatel-PC\AppData\Roaming\GHISLER
2010-03-01 09:11:47 ----D---- C:\Users\Max_cz.Uživatel-PC\AppData\Roaming\Facebook
2010-02-28 22:02:07 ----SHD---- C:\Windows\ftpcache
2010-02-28 22:00:34 ----D---- C:\ProgramData\RapidSolution
2010-02-27 10:42:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-27 10:42:22 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-26 02:03:42 ----D---- C:\Users\Max_cz.Uživatel-PC\AppData\Roaming\BSplayer Pro
2010-02-26 02:03:42 ----D---- C:\Users\Max_cz.Uživatel-PC\AppData\Roaming\BSplayer
2010-02-26 02:03:37 ----D---- C:\Program Files\Webteh
2010-02-24 21:27:54 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 21:27:29 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 21:27:29 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 21:27:15 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 21:27:13 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 21:27:13 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 21:27:13 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 21:27:10 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 21:27:10 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 21:27:10 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 21:27:02 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 21:26:59 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-24 21:26:59 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-18 21:34:53 ----D---- C:\Program Files\Microsoft Security Essentials
2010-02-11 21:27:25 ----A---- C:\Windows\system32\quartz.dll
2010-02-11 21:27:24 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-11 21:27:24 ----A---- C:\Windows\system32\msyuv.dll
2010-02-11 21:27:24 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-11 21:27:23 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-11 21:27:23 ----A---- C:\Windows\system32\msrle32.dll
2010-02-11 21:27:23 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-11 21:27:23 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-11 21:27:22 ----A---- C:\Windows\system32\avifil32.dll
2010-02-03 01:42:23 ----D---- C:\ProgramData\ICQ
======List of files/folders modified in the last 1 months======
2010-03-02 01:18:52 ----D---- C:\Windows\TEMP
2010-03-02 01:05:20 ----RD---- C:\Program Files
2010-03-02 01:03:05 ----D---- C:\Program Files\Mozilla Firefox
2010-03-02 00:59:18 ----D---- C:\Windows\system32\drivers
2010-03-02 00:59:18 ----D---- C:\Windows\System32
2010-03-02 00:57:12 ----SHD---- C:\Windows\Installer
2010-03-02 00:57:12 ----HDC---- C:\ProgramData\~0
2010-03-02 00:57:12 ----HD---- C:\ProgramData
2010-03-02 00:57:05 ----DC---- C:\Windows\system32\DRVSTORE
2010-03-02 00:57:05 ----D---- C:\Windows\system32\catroot
2010-03-02 00:56:24 ----D---- C:\Users\Max_cz.Uživatel-PC\AppData\Roaming\Skype
2010-03-02 00:12:23 ----SHD---- C:\System Volume Information
2010-03-02 00:04:47 ----D---- C:\Windows
2010-03-01 23:51:53 ----D---- C:\Program Files\Common Files\Java
2010-03-01 23:50:06 ----D---- C:\Program Files\Java
2010-03-01 23:32:22 ----A---- C:\Windows\NeroDigital.ini
2010-03-01 23:19:15 ----RD---- C:\Users
2010-03-01 22:36:23 ----D---- C:\ProgramData\DVD Shrink
2010-03-01 22:23:54 ----D---- C:\Windows\Prefetch
2010-02-28 22:14:47 ----D---- C:\Users\Max_cz.Uživatel-PC\AppData\Roaming\Azureus
2010-02-28 21:59:59 ----D---- C:\Program Files\Common Files\microsoft shared
2010-02-28 21:59:48 ----D---- C:\Windows\winsxs
2010-02-27 10:39:06 ----D---- C:\Windows\system32\catroot2
2010-02-26 01:59:31 ----D---- C:\ProgramData\Adobe
2010-02-26 01:58:05 ----D---- C:\Program Files\Common Files\Adobe
2010-02-26 01:57:22 ----D---- C:\Program Files\Adobe
2010-02-26 01:32:38 ----SD---- C:\Users\Max_cz.Uživatel-PC\AppData\Roaming\Microsoft
2010-02-25 19:38:44 ----D---- C:\Windows\rescache
2010-02-25 07:20:33 ----D---- C:\Windows\system32\cs-CZ
2010-02-25 07:20:32 ----RSD---- C:\Windows\Fonts
2010-02-25 07:20:32 ----D---- C:\Windows\AppPatch
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-18 21:34:58 ----SD---- C:\ProgramData\Microsoft
2010-02-12 09:16:06 ----D---- C:\Program Files\Windows Mail
2010-02-03 01:42:37 ----HD---- C:\Program Files\InstallShield Installation Information
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-12-02 149040]
R2 CamthWDM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\CamthWDM.sys [2007-01-11 243584]
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 27648]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-11 2589696]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-12 2342688]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-02-25 2216448]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2008-06-15 10368]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-07-29 172032]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-18 9216]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 a4o9j22q;a4o9j22q; C:\Windows\system32\drivers\a4o9j22q.sys []
S3 Cam5603D;WebCam; C:\Windows\System32\Drivers\BisonCam.sys [2007-04-19 788400]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 tap0901_2gm;VPN Anonymizer Adapter; C:\Windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-04-03 47872]
S4 nvatabus;nvatabus; C:\Windows\system32\drivers\nvatabus.sys [2006-07-14 105088]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-03-31 100992]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-04-11 593920]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-12-09 17904]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-26 267824]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-14 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
-----------------EOF-----------------
Díky
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivní kontrola
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Preventivní kontrola
Max_cz píše:nic?
Zdravím, tím že si budeš sám odpovídat to nijak neurychlíš, právě naopak, zapadneš mezi ty co už odpověď dostali.
Jinak tyhle zbytečnosti fixni v HJT :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll (file missing)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Max_cz.Uživatel-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
HJT najdeš zde :
C:\Program Files\trend micro\Max_cz
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Pak použij Mbam z mého podpisu.
Re: Preventivní kontrola
Sorry, za to, že sem přidal zbytečný příspěvek, tady je výpis z Mbam
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3815
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
2.3.2010 23:05:57
mbam-log-2010-03-02 (23-05-54).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 106951
Uplynulý čas: 8 minute(s), 20 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{280ee6f9-e414-4d35-8fef-8180bb5ac916} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{280ee6f9-e414-4d35-8fef-8180bb5ac916} (Trojan.Vundo) -> No action taken.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> No action taken.
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3815
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
2.3.2010 23:05:57
mbam-log-2010-03-02 (23-05-54).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 106951
Uplynulý čas: 8 minute(s), 20 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{280ee6f9-e414-4d35-8fef-8180bb5ac916} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{280ee6f9-e414-4d35-8fef-8180bb5ac916} (Trojan.Vundo) -> No action taken.
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> No action taken.
Re: Preventivní kontrola
Mě se omlouvat nemusíš, ty by jsi pak koukal že nedostaneš odpověď, ale jelikož je známo že se tohle stává tak to tady
občas ve volné chvilce projíždíme.
Jinak co Mbam našel nech smazat.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
občas ve volné chvilce projíždíme.
Jinak co Mbam našel nech smazat.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci pod účtem s administrátorským oprávněním a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Re: Preventivní kontrola
ComboFix 10-03-03.03 - Max_cz 03.03.2010 23:36:58.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.895 [GMT 1:00]
Spuštěný z: c:\users\Max_cz.Uživatel-PC\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2482622840-3750172627-54806992-500
c:\$recycle.bin\S-1-5-21-4100094215-1116639704-3349767807-1000
c:\program files\temp
c:\windows\system32\twain_32.dll
c:\windows\system32\VB6KO.DLL
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.
2010-03-03 22:46 . 2010-03-03 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-02 22:31 . 2010-03-02 22:31 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-02 22:30 . 2010-03-02 22:32 -------- d-----w- c:\program files\ICQ7.0
2010-03-02 21:55 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 21:55 . 2010-03-02 21:55 -------- d-----w- c:\programdata\Malwarebytes
2010-03-02 21:55 . 2010-03-02 22:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 21:55 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 00:05 . 2010-03-02 21:52 -------- d-----w- c:\program files\trend micro
2010-03-02 00:05 . 2010-03-02 00:06 -------- d-----w- C:\rsit
2010-03-01 22:51 . 2010-03-01 22:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 22:46 . 2010-03-01 22:48 -------- d-----w- c:\windows\system32\BMW 3 Series Coupe dir
2010-03-01 22:46 . 2010-03-01 22:46 520192 ----a-w- c:\windows\system32\BMW 3 Series Coupe.scr
2010-03-01 03:30 . 2010-03-01 03:30 524288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{854DB359-C605-73FE-CE84-5082F9515BFA}-patch.exe
2010-02-28 21:02 . 2010-02-28 21:02 -------- d-sh--w- c:\windows\ftpcache
2010-02-28 21:00 . 2010-02-28 21:00 -------- d-----w- c:\programdata\RapidSolution
2010-02-27 09:42 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 09:42 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-26 01:03 . 2010-02-26 01:03 -------- d-----w- c:\program files\Webteh
2010-02-25 18:31 . 2010-02-25 18:31 70680 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-24 20:27 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 20:27 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 20:27 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 20:27 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 20:27 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 20:27 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 20:27 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 20:27 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 20:27 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 20:27 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 20:27 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 20:26 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 20:26 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-18 20:34 . 2010-02-18 20:35 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-03 00:42 . 2010-03-02 22:31 -------- d-----w- c:\programdata\ICQ
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 23:57 . 2009-03-18 22:19 -------- d-----w- c:\programdata\Lavasoft
2010-03-01 22:51 . 2008-06-12 17:03 -------- d-----w- c:\program files\Common Files\Java
2010-03-01 22:50 . 2008-06-12 17:03 -------- d-----w- c:\program files\Java
2010-03-01 21:36 . 2008-10-16 18:06 -------- d-----w- c:\programdata\DVD Shrink
2010-02-26 00:58 . 2007-06-28 16:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 08:16 . 2009-10-03 09:12 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 08:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-03 00:42 . 2007-06-28 15:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 08:11 . 2010-02-01 08:11 -------- d-----w- c:\program files\inTouch
2010-01-24 21:42 . 2007-01-08 21:09 636000 ----a-w- c:\windows\system32\perfh005.dat
2010-01-24 21:42 . 2007-01-08 21:09 134810 ----a-w- c:\windows\system32\perfc005.dat
2010-01-21 21:29 . 2008-06-25 23:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 18:49 . 2009-03-18 22:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-11 18:42 . 2008-06-14 16:18 -------- d-----w- c:\program files\Bonjour
2010-01-06 15:38 . 2010-02-24 20:27 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 20:27 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 20:27 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 20:27 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-04 22:07 . 2008-06-11 12:01 -------- d-----w- c:\program files\QIP
2010-01-04 21:35 . 2010-01-04 21:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-04 21:31 . 2010-01-04 21:35 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 09:53 . 2009-12-20 09:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-19 19:49 . 2009-12-19 19:49 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 13:01 . 2010-01-21 21:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 11:44 . 2010-01-21 21:42 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-11 11:43 . 2010-02-11 20:27 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-11 20:27 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-11 20:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-11 20:27 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-11 20:27 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-11 20:27 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-11 20:27 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-11 20:27 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-11 20:27 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-11 20:27 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-11 20:27 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-11 20:27 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-11 20:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-11 20:27 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-11 20:27 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-06-26 00:07 . 2008-06-24 00:09 197 --sha-w- c:\program files\Common Files\maxtreme.dat
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-11-24 08:24 . 2008-06-14 17:41 56 --sha-r- c:\windows\System32\105299A6F2.sys
2008-11-24 08:24 . 2008-06-14 17:40 3766 --sha-w- c:\windows\System32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-08-13 3276288]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-10 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-01-29 1095872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\users\Max_cz.U§ivatel-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Obsah aplikace OneNote.onetoc2 [2008-8-22 3656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-15 19:36 133104 ----atw- c:\users\Max_cz.Uživatel-PC\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 16:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c6,53,73,c5,44,71,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4100094215-1116639704-3349767807-1001]
"EnableNotificationsRef"=dword:00000001
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CamthWDM.sys [11.1.2007 6:39 243584]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [22.8.2008 23:53 27648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18.3.2009 23:07 1153368]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [28.6.2007 16:59 46592]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [2.12.2009 15:23 42368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [23.11.2008 0:32 717296]
S3 FIXUSTOR;FIXUSTOR;c:\windows\System32\drivers\fixustor.sys [23.4.2009 5:41 15360]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\System32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{39366205-3F98-4DFE-A1FB-F769A26CC77C}.job
- c:\windows\system32\msfeedssync.exe [2008-06-15 21:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = local;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
DPF: {49CD73D5-CBE2-4FAA-B70F-0252C74809AB} - hxxp://dyndnsset.dyndns.org/classes/PLANETCamV.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 23:47
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\Microsoft\Windows\CurrentVersion\{cca31cf60562ba856de1517036c7d727}*]
@Allowed: (Read) (RestrictedCode)
"00"="dbM9YG5DaMHMNiVK6yNGMIGR8TQlEpviF9LmuQtz7YA="
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\Microsoft\Windows NT\CurrentVersion\{cca31cf60562ba856de1517036c7d727}*]
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,4b,87,66,b0,5f,8d,ea,42,e9,42,00,4f,68,dd,d6,cf,64,7b,53,08,
bf,54,a4,5d,5d,13,83,29,32,59,3c,27,ad,ef,ae,fb,81,5e,6a,d2,8b,12,01,38,75,\
"rkeysecu"=hex:32,b7,6e,e5,59,61,4c,f2,7d,59,7f,4a,e5,14,b6,ae
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-03 23:51:31
ComboFix-quarantined-files.txt 2010-03-03 22:51
ComboFix2.txt 2008-06-15 13:43
Před spuštěním: Volných bajtů: 56 468 996 096
Po spuštění: Volných bajtů: 57 958 227 968
- - End Of File - - 833B22D9FE6FF1A68B7CFF3C8DBE0BEE
Díky
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.895 [GMT 1:00]
Spuštěný z: c:\users\Max_cz.Uživatel-PC\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2482622840-3750172627-54806992-500
c:\$recycle.bin\S-1-5-21-4100094215-1116639704-3349767807-1000
c:\program files\temp
c:\windows\system32\twain_32.dll
c:\windows\system32\VB6KO.DLL
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.
2010-03-03 22:46 . 2010-03-03 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-02 22:31 . 2010-03-02 22:31 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-02 22:30 . 2010-03-02 22:32 -------- d-----w- c:\program files\ICQ7.0
2010-03-02 21:55 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 21:55 . 2010-03-02 21:55 -------- d-----w- c:\programdata\Malwarebytes
2010-03-02 21:55 . 2010-03-02 22:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 21:55 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 00:05 . 2010-03-02 21:52 -------- d-----w- c:\program files\trend micro
2010-03-02 00:05 . 2010-03-02 00:06 -------- d-----w- C:\rsit
2010-03-01 22:51 . 2010-03-01 22:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 22:46 . 2010-03-01 22:48 -------- d-----w- c:\windows\system32\BMW 3 Series Coupe dir
2010-03-01 22:46 . 2010-03-01 22:46 520192 ----a-w- c:\windows\system32\BMW 3 Series Coupe.scr
2010-03-01 03:30 . 2010-03-01 03:30 524288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{854DB359-C605-73FE-CE84-5082F9515BFA}-patch.exe
2010-02-28 21:02 . 2010-02-28 21:02 -------- d-sh--w- c:\windows\ftpcache
2010-02-28 21:00 . 2010-02-28 21:00 -------- d-----w- c:\programdata\RapidSolution
2010-02-27 09:42 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 09:42 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-26 01:03 . 2010-02-26 01:03 -------- d-----w- c:\program files\Webteh
2010-02-25 18:31 . 2010-02-25 18:31 70680 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-24 20:27 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 20:27 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 20:27 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 20:27 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 20:27 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 20:27 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 20:27 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 20:27 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 20:27 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 20:27 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 20:27 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 20:26 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 20:26 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-18 20:34 . 2010-02-18 20:35 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-03 00:42 . 2010-03-02 22:31 -------- d-----w- c:\programdata\ICQ
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 23:57 . 2009-03-18 22:19 -------- d-----w- c:\programdata\Lavasoft
2010-03-01 22:51 . 2008-06-12 17:03 -------- d-----w- c:\program files\Common Files\Java
2010-03-01 22:50 . 2008-06-12 17:03 -------- d-----w- c:\program files\Java
2010-03-01 21:36 . 2008-10-16 18:06 -------- d-----w- c:\programdata\DVD Shrink
2010-02-26 00:58 . 2007-06-28 16:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 08:16 . 2009-10-03 09:12 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 08:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-03 00:42 . 2007-06-28 15:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 08:11 . 2010-02-01 08:11 -------- d-----w- c:\program files\inTouch
2010-01-24 21:42 . 2007-01-08 21:09 636000 ----a-w- c:\windows\system32\perfh005.dat
2010-01-24 21:42 . 2007-01-08 21:09 134810 ----a-w- c:\windows\system32\perfc005.dat
2010-01-21 21:29 . 2008-06-25 23:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 18:49 . 2009-03-18 22:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-11 18:42 . 2008-06-14 16:18 -------- d-----w- c:\program files\Bonjour
2010-01-06 15:38 . 2010-02-24 20:27 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 20:27 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 20:27 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 20:27 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-04 22:07 . 2008-06-11 12:01 -------- d-----w- c:\program files\QIP
2010-01-04 21:35 . 2010-01-04 21:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-04 21:31 . 2010-01-04 21:35 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 09:53 . 2009-12-20 09:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-19 19:49 . 2009-12-19 19:49 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-18 13:01 . 2010-01-21 21:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 11:44 . 2010-01-21 21:42 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-11 11:43 . 2010-02-11 20:27 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-11 20:27 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-11 20:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-11 20:27 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-11 20:27 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-11 20:27 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-11 20:27 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-11 20:27 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-11 20:27 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-11 20:27 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-11 20:27 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-11 20:27 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-11 20:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-11 20:27 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-11 20:27 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-06-26 00:07 . 2008-06-24 00:09 197 --sha-w- c:\program files\Common Files\maxtreme.dat
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-11-24 08:24 . 2008-06-14 17:41 56 --sha-r- c:\windows\System32\105299A6F2.sys
2008-11-24 08:24 . 2008-06-14 17:40 3766 --sha-w- c:\windows\System32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-08-13 3276288]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-10 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-01-29 1095872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\users\Max_cz.U§ivatel-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Obsah aplikace OneNote.onetoc2 [2008-8-22 3656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-15 19:36 133104 ----atw- c:\users\Max_cz.Uživatel-PC\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 16:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c6,53,73,c5,44,71,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4100094215-1116639704-3349767807-1001]
"EnableNotificationsRef"=dword:00000001
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CamthWDM.sys [11.1.2007 6:39 243584]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\System32\drivers\RtNdPt60.sys [22.8.2008 23:53 27648]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18.3.2009 23:07 1153368]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [28.6.2007 16:59 46592]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [2.12.2009 15:23 42368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [23.11.2008 0:32 717296]
S3 FIXUSTOR;FIXUSTOR;c:\windows\System32\drivers\fixustor.sys [23.4.2009 5:41 15360]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\System32\drivers\tap0901_2gm.sys [21.6.2007 15:21 30720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{39366205-3F98-4DFE-A1FB-F769A26CC77C}.job
- c:\windows\system32\msfeedssync.exe [2008-06-15 21:33]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = local;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
DPF: {49CD73D5-CBE2-4FAA-B70F-0252C74809AB} - hxxp://dyndnsset.dyndns.org/classes/PLANETCamV.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 23:47
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\Microsoft\Windows\CurrentVersion\{cca31cf60562ba856de1517036c7d727}*]
@Allowed: (Read) (RestrictedCode)
"00"="dbM9YG5DaMHMNiVK6yNGMIGR8TQlEpviF9LmuQtz7YA="
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\Microsoft\Windows NT\CurrentVersion\{cca31cf60562ba856de1517036c7d727}*]
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,4b,87,66,b0,5f,8d,ea,42,e9,42,00,4f,68,dd,d6,cf,64,7b,53,08,
bf,54,a4,5d,5d,13,83,29,32,59,3c,27,ad,ef,ae,fb,81,5e,6a,d2,8b,12,01,38,75,\
"rkeysecu"=hex:32,b7,6e,e5,59,61,4c,f2,7d,59,7f,4a,e5,14,b6,ae
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-03 23:51:31
ComboFix-quarantined-files.txt 2010-03-03 22:51
ComboFix2.txt 2008-06-15 13:43
Před spuštěním: Volných bajtů: 56 468 996 096
Po spuštění: Volných bajtů: 57 958 227 968
- - End Of File - - 833B22D9FE6FF1A68B7CFF3C8DBE0BEE
Díky
Re: Preventivní kontrola
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{854DB359-C605-73FE-CE84-5082F9515BFA}-patch.exe
Folder::
c:\program files\ICQ6Toolbarpo uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Preventivní kontrola
Tak tady je log po vytvoření toho txt souboru
ComboFix 10-03-03.09 - Max_cz 04.03.2010 20:34:51.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1106 [GMT 1:00]
Spuštěný z: c:\users\Max_cz.Uživatel-PC\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Max_cz.Uživatel-PC\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{854DB359-C605-73FE-CE84-5082F9515BFA}-patch.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{854DB359-C605-73FE-CE84-5082F9515BFA}-patch.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.
2010-03-04 19:43 . 2010-03-04 19:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-04 19:43 . 2010-03-04 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-02 21:55 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 21:55 . 2010-03-02 21:55 -------- d-----w- c:\programdata\Malwarebytes
2010-03-02 21:55 . 2010-03-02 22:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 21:55 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 00:05 . 2010-03-02 21:52 -------- d-----w- c:\program files\trend micro
2010-03-02 00:05 . 2010-03-02 00:06 -------- d-----w- C:\rsit
2010-03-01 22:51 . 2010-03-01 22:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 22:46 . 2010-03-01 22:48 -------- d-----w- c:\windows\system32\BMW 3 Series Coupe dir
2010-03-01 22:46 . 2010-03-01 22:46 520192 ----a-w- c:\windows\system32\BMW 3 Series Coupe.scr
2010-02-28 21:02 . 2010-02-28 21:02 -------- d-sh--w- c:\windows\ftpcache
2010-02-28 21:00 . 2010-02-28 21:00 -------- d-----w- c:\programdata\RapidSolution
2010-02-27 09:42 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 09:42 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-26 01:03 . 2010-02-26 01:03 -------- d-----w- c:\program files\Webteh
2010-02-25 18:31 . 2010-02-25 18:31 70680 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-24 20:27 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 20:27 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 20:27 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 20:27 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 20:27 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 20:27 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 20:27 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 20:27 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 20:27 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 20:27 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 20:27 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 20:26 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 20:26 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-18 20:34 . 2010-02-18 20:35 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-03 00:42 . 2010-03-02 22:31 -------- d-----w- c:\programdata\ICQ
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 23:01 . 2009-03-18 22:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-03 23:01 . 2009-03-18 22:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-01 23:57 . 2009-03-18 22:19 -------- d-----w- c:\programdata\Lavasoft
2010-03-01 22:51 . 2008-06-12 17:03 -------- d-----w- c:\program files\Common Files\Java
2010-03-01 22:50 . 2008-06-12 17:03 -------- d-----w- c:\program files\Java
2010-03-01 21:36 . 2008-10-16 18:06 -------- d-----w- c:\programdata\DVD Shrink
2010-02-26 00:58 . 2007-06-28 16:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 08:16 . 2009-10-03 09:12 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 08:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-03 00:42 . 2007-06-28 15:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 08:11 . 2010-02-01 08:11 -------- d-----w- c:\program files\inTouch
2010-01-24 21:42 . 2007-01-08 21:09 636000 ----a-w- c:\windows\system32\perfh005.dat
2010-01-24 21:42 . 2007-01-08 21:09 134810 ----a-w- c:\windows\system32\perfc005.dat
2010-01-21 21:29 . 2008-06-25 23:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 18:42 . 2008-06-14 16:18 -------- d-----w- c:\program files\Bonjour
2010-01-06 15:38 . 2010-02-24 20:27 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 20:27 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 20:27 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 20:27 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-04 22:07 . 2008-06-11 12:01 -------- d-----w- c:\program files\QIP
2010-01-04 21:35 . 2010-01-04 21:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-04 21:31 . 2010-01-04 21:35 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 09:53 . 2009-12-20 09:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-19 19:49 . 2009-12-19 19:49 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-11 11:43 . 2010-02-11 20:27 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-11 20:27 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-11 20:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-11 20:27 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2008-06-26 00:07 . 2008-06-24 00:09 197 --sha-w- c:\program files\Common Files\maxtreme.dat
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-11-24 08:24 . 2008-06-14 17:41 56 --sha-r- c:\windows\System32\105299A6F2.sys
2008-11-24 08:24 . 2008-06-14 17:40 3766 --sha-w- c:\windows\System32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-08-13 3276288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-01-29 1095872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\users\Max_cz.U§ivatel-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Obsah aplikace OneNote.onetoc2 [2008-8-22 3656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-15 19:36 133104 ----atw- c:\users\Max_cz.Uživatel-PC\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 16:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c6,53,73,c5,44,71,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4100094215-1116639704-3349767807-1001]
"EnableNotificationsRef"=dword:00000001
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\DRIVERS\fixustor.sys [2009-04-23 15360]
S2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CamthWDM.sys [2007-01-11 243584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-03-04 c:\windows\Tasks\User_Feed_Synchronization-{39366205-3F98-4DFE-A1FB-F769A26CC77C}.job
- c:\windows\system32\msfeedssync.exe [2010-03-03 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = local;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {49CD73D5-CBE2-4FAA-B70F-0252C74809AB} - hxxp://dyndnsset.dyndns.org/classes/PLANETCamV.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 20:43
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\Microsoft\Windows\CurrentVersion\{cca31cf60562ba856de1517036c7d727}*]
@Allowed: (Read) (RestrictedCode)
"00"="dbM9YG5DaMHMNiVK6yNGMIGR8TQlEpviF9LmuQtz7YA="
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\Microsoft\Windows NT\CurrentVersion\{cca31cf60562ba856de1517036c7d727}*]
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,4b,87,66,b0,5f,8d,ea,42,e9,42,00,4f,68,dd,d6,cf,64,7b,53,08,
bf,54,a4,5d,5d,13,83,29,32,59,3c,27,ad,ef,ae,fb,81,5e,6a,d2,8b,12,01,38,75,\
"rkeysecu"=hex:32,b7,6e,e5,59,61,4c,f2,7d,59,7f,4a,e5,14,b6,ae
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-04 20:46:45
ComboFix-quarantined-files.txt 2010-03-04 19:46
ComboFix2.txt 2010-03-03 22:51
ComboFix3.txt 2008-06-15 13:43
Před spuštěním: Volných bajtů: 57 243 992 064
Po spuštění: Volných bajtů: 56 941 928 448
- - End Of File - - 335C62A8AA745CF27943F989C50D2607
díky
ComboFix 10-03-03.09 - Max_cz 04.03.2010 20:34:51.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1106 [GMT 1:00]
Spuštěný z: c:\users\Max_cz.Uživatel-PC\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Max_cz.Uživatel-PC\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{854DB359-C605-73FE-CE84-5082F9515BFA}-patch.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{854DB359-C605-73FE-CE84-5082F9515BFA}-patch.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.
2010-03-04 19:43 . 2010-03-04 19:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-04 19:43 . 2010-03-04 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-02 21:55 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 21:55 . 2010-03-02 21:55 -------- d-----w- c:\programdata\Malwarebytes
2010-03-02 21:55 . 2010-03-02 22:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 21:55 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 00:05 . 2010-03-02 21:52 -------- d-----w- c:\program files\trend micro
2010-03-02 00:05 . 2010-03-02 00:06 -------- d-----w- C:\rsit
2010-03-01 22:51 . 2010-03-01 22:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 22:46 . 2010-03-01 22:48 -------- d-----w- c:\windows\system32\BMW 3 Series Coupe dir
2010-03-01 22:46 . 2010-03-01 22:46 520192 ----a-w- c:\windows\system32\BMW 3 Series Coupe.scr
2010-02-28 21:02 . 2010-02-28 21:02 -------- d-sh--w- c:\windows\ftpcache
2010-02-28 21:00 . 2010-02-28 21:00 -------- d-----w- c:\programdata\RapidSolution
2010-02-27 09:42 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 09:42 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-26 01:03 . 2010-02-26 01:03 -------- d-----w- c:\program files\Webteh
2010-02-25 18:31 . 2010-02-25 18:31 70680 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-24 20:27 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 20:27 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 20:27 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 20:27 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 20:27 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 20:27 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 20:27 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 20:27 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 20:27 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 20:27 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 20:27 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 20:26 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 20:26 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-18 20:34 . 2010-02-18 20:35 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-03 00:42 . 2010-03-02 22:31 -------- d-----w- c:\programdata\ICQ
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 23:01 . 2009-03-18 22:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-03 23:01 . 2009-03-18 22:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-01 23:57 . 2009-03-18 22:19 -------- d-----w- c:\programdata\Lavasoft
2010-03-01 22:51 . 2008-06-12 17:03 -------- d-----w- c:\program files\Common Files\Java
2010-03-01 22:50 . 2008-06-12 17:03 -------- d-----w- c:\program files\Java
2010-03-01 21:36 . 2008-10-16 18:06 -------- d-----w- c:\programdata\DVD Shrink
2010-02-26 00:58 . 2007-06-28 16:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 08:16 . 2009-10-03 09:12 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 08:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-03 00:42 . 2007-06-28 15:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 08:11 . 2010-02-01 08:11 -------- d-----w- c:\program files\inTouch
2010-01-24 21:42 . 2007-01-08 21:09 636000 ----a-w- c:\windows\system32\perfh005.dat
2010-01-24 21:42 . 2007-01-08 21:09 134810 ----a-w- c:\windows\system32\perfc005.dat
2010-01-21 21:29 . 2008-06-25 23:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-11 18:42 . 2008-06-14 16:18 -------- d-----w- c:\program files\Bonjour
2010-01-06 15:38 . 2010-02-24 20:27 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 20:27 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 20:27 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 20:27 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-04 22:07 . 2008-06-11 12:01 -------- d-----w- c:\program files\QIP
2010-01-04 21:35 . 2010-01-04 21:35 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-04 21:31 . 2010-01-04 21:35 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-20 09:53 . 2009-12-20 09:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-19 19:49 . 2009-12-19 19:49 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-11 11:43 . 2010-02-11 20:27 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-11 20:27 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-11 20:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:26 . 2010-02-11 20:27 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2008-06-26 00:07 . 2008-06-24 00:09 197 --sha-w- c:\program files\Common Files\maxtreme.dat
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-11-24 08:24 . 2008-06-14 17:41 56 --sha-r- c:\windows\System32\105299A6F2.sys
2008-11-24 08:24 . 2008-06-14 17:40 3766 --sha-w- c:\windows\System32\KGyGaAvL.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2006-08-21 665600]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-08-13 3276288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-12 6965792]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-01-29 1095872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\users\Max_cz.U§ivatel-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Obsah aplikace OneNote.onetoc2 [2008-8-22 3656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-15 19:36 133104 ----atw- c:\users\Max_cz.Uživatel-PC\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 16:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c6,53,73,c5,44,71,ca,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4100094215-1116639704-3349767807-1001]
"EnableNotificationsRef"=dword:00000001
R3 FIXUSTOR;FIXUSTOR;c:\windows\system32\DRIVERS\fixustor.sys [2009-04-23 15360]
S2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CamthWDM.sys [2007-01-11 243584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
2010-03-04 c:\windows\Tasks\User_Feed_Synchronization-{39366205-3F98-4DFE-A1FB-F769A26CC77C}.job
- c:\windows\system32\msfeedssync.exe [2010-03-03 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = local;*.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: {49CD73D5-CBE2-4FAA-B70F-0252C74809AB} - hxxp://dyndnsset.dyndns.org/classes/PLANETCamV.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 20:43
Windows 6.0.6002 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\Microsoft\Windows\CurrentVersion\{cca31cf60562ba856de1517036c7d727}*]
@Allowed: (Read) (RestrictedCode)
"00"="dbM9YG5DaMHMNiVK6yNGMIGR8TQlEpviF9LmuQtz7YA="
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\Microsoft\Windows NT\CurrentVersion\{cca31cf60562ba856de1517036c7d727}*]
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-4100094215-1116639704-3349767807-1001\Software\SecuROM\License information*]
"datasecu"=hex:6a,4b,87,66,b0,5f,8d,ea,42,e9,42,00,4f,68,dd,d6,cf,64,7b,53,08,
bf,54,a4,5d,5d,13,83,29,32,59,3c,27,ad,ef,ae,fb,81,5e,6a,d2,8b,12,01,38,75,\
"rkeysecu"=hex:32,b7,6e,e5,59,61,4c,f2,7d,59,7f,4a,e5,14,b6,ae
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-03-04 20:46:45
ComboFix-quarantined-files.txt 2010-03-04 19:46
ComboFix2.txt 2010-03-03 22:51
ComboFix3.txt 2008-06-15 13:43
Před spuštěním: Volných bajtů: 57 243 992 064
Po spuštění: Volných bajtů: 56 941 928 448
- - End Of File - - 335C62A8AA745CF27943F989C50D2607
díky
Re: Preventivní kontrola
Bezva, nyní přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Pak dej vědět jaký je stav PC.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Pak dej vědět jaký je stav PC.
Re: Preventivní kontrola
Po odinstalování a následném restartu vše OK, přijde mi, že se PC spouští rychleji, každopádně o něco padlo využití CPU a paměti, takže super práce, díky moc!
Mohu nyní RSIT a MBAM odinstalovat? A smazat log z combofix?
Mohu nyní RSIT a MBAM odinstalovat? A smazat log z combofix?
Re: Preventivní kontrola
Log po Combofix smazat můžeš, Rsit bych ponechal kdyby zase byl někdy problém, nehledě na to že se jedná o program,
který PC pouze naskenuje a udělá log.
No a Mbam nechám na tobě i když podle mého názoru si ho můžeš nechat a čas od času s ním PC projet.
Jinak nemáš zač.
který PC pouze naskenuje a udělá log.
No a Mbam nechám na tobě i když podle mého názoru si ho můžeš nechat a čas od času s ním PC projet.
Jinak nemáš zač.
Přispějete na provoz fóra?