Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o pomoc s definitivním odstraněním Security Tool

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Marynn
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 15 úno 2010 22:44

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#31 Příspěvek od Marynn »

Uff, prohlížeč jde, restart pomohl...AVGčko pořád nikde nevidím...No ono mě je docela jedno jaký budu mít, ráda si nechám poradit, AVGčko mi taky někdo poradil už dávno...:o)Já sama se v tom nevyznám.Tady je ten log:

ComboFix 10-02-12.01 - Marushka 17.02.2010 20:00:27.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1079 [GMT 1:00]
Spuštěný z: c:\users\Marushka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marushka\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AVG\AVG9\Toolbar
c:\program files\AVG\AVG9\Toolbar\Firefox\39_sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\40_sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\48_sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\autocomplete.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\avgapi.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils.xpt
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\notifications.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgdatabaseversion.xpt
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgprogramversion.xpt
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgsearchratingsconfig.xpt
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.xpt
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_23\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\chrome\skin\spGeneralSearch.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_39\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\chrome\skin\spYandex.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_40\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\skin\searchProvider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\chrome\skin\spBaidu.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\ch_48\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\channels.dat
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome.manifest
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\after_install.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\after_uninstall.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\autocomplete-popup.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\avg\avgtbapi.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\avg\customwrapper.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\avg\partFiles.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\avg\statusindicator.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\config.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\config.xml.old
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\contexthtml.xul
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\custom.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\ex\marquee.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\about.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_AB.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_ABSearch.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_arrow.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_bottom_shadow.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirm.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirmAVGSafe.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_confirmTbr.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_general.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_IDV.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_IDV1.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_IDV2.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_logo.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_protection.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_search.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBox.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBoxBaidu.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBoxBlank.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_SPupdate.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_SPupdateSearchBox.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_style.css
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\bubble_top_shadow.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\deletehistory_processing.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBAccess.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBCalc.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBExcel.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBExplorer.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBMediaPlayer.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBNotepad.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBOutlook.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBOutlookExpress.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBPaint.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBPowerPoint.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\icoUBWord.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundGrey.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundRed.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!bullet.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!close.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoiDNES.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRead.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRSS.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoSimple.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!icoUnread.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!logo.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!settings.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_!tabHilighted.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.css
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_config.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_askdialog.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_background.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_closedialog.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_checkboxdialog.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icohelp.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icoQuest.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icoRisk.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icoSafe.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_icoUnkn.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_loading.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_logo.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_main.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu1.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu2.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu3.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_menu4.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\settings_style.css
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome.htm.old
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_button.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_button_hilight.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_buttonHilight.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7header.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7header.htm.old
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_poweredByBlank.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tabswelcome_poweredByYahoo.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\tbapi.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\toolbarprotector_window.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_error.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_ok.gif
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\html\updater_processing.htm
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\htmlwindow.xul
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\imageButton.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\Languages\en.ini
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\Languages\en.ini.old
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\Languages\languages.cfg
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\bubbles.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\cache.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\cookie.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\directory.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\dns.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\dom.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\dragdrop.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\file.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\chevron.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\include.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\include_lite.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\loader.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\log.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\mutex.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\newtab.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\pass.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\prefs.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\privacy.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\refreshControl.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\registry.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\resources.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\searches.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\searchplugin.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\searchProvs.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\settings.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\splitter.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\stats.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\tabs.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\translation.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\update.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\updatecontrol.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\updateext.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\updater.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\updates.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\usefulbuttons.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\utils.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\visibility.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\wrapper.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\xml.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\xmlconfig.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libs\xmlitems.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\mail.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\mime.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\pop3.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\rss.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\ticker.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\libsex\xmlitemsex.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\overlay.js
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\overlay.xul
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\content\searchProviders.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\icons\default\htmlwindow.ico
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\contexthtml.css
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\dragdrop.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\gripper.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\chevron.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoAbout.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoAVGInfo.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoGoButtonBG.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoHomepage.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoIdentityGuard.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoNoProtection.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoOptions.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoProtection.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoProtectionLimited.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSS.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSBlue.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSGray.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoRSSGreen.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoTrash.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBAccess.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBCalc.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBExcel.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBExplorer.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBMediaPlayer.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBNotepad.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBOutlook.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBOutlookExpress.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBPaint.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBPowerPoint.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUBWord.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\icoUpdate.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\logo.ico
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\logo.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\overlay.css
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\rssreader_!icoRead.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\rssreader_!icoUnread.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\Search_provider_drop.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\searchprovider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\searchprovider.png.old
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\settings_icon.ico
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\slider.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spgeneralsearch.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spImages.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spLocal.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spShopping.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spVideo.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spWiki.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spYahoo.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spYahooBG.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\spYahooBG_small.png
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\chrome\skin\toolbarprotector_icon.ico
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\install.rdf
c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\sp.xml
c:\program files\AVG\AVG9\Toolbar\Firefox\sp.xml.old
c:\program files\AVG\AVG9\Toolbar\IE8Lib.dll
c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\Yahoo!
c:\program files\Yahoo!\common\unyt.exe
c:\program files\Yahoo!\Companion\Data\dlg_as.html
c:\program files\Yahoo!\Companion\Data\dlg_atb.html
c:\program files\Yahoo!\Companion\Data\dlg_catb.html
c:\program files\Yahoo!\Companion\Data\dlg_cnf.html
c:\program files\Yahoo!\Companion\Data\dlg_cotb.html
c:\program files\Yahoo!\Companion\Data\dlg_ctb.html
c:\program files\Yahoo!\Companion\Data\dlg_map.html
c:\program files\Yahoo!\Companion\Data\dlg_opt.html
c:\program files\Yahoo!\Companion\Data\dlg_pub.html
c:\program files\Yahoo!\Companion\Data\dlg_upg.html
c:\program files\Yahoo!\Companion\Data\dlg_wp2.html
c:\program files\Yahoo!\Companion\Installs\cpn\pubmod.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YMERemote.dll
c:\program files\Yahoo!\Companion\Installs\cpn\ypubc.dll
c:\program files\Yahoo!\Companion\Installs\cpn\yt.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YTabBar.dll
c:\program files\Yahoo!\Companion\Installs\cpn\YTAntiSpy.dll
c:\program files\Yahoo!\Companion\Installs\cpn\ytinst.log
c:\program files\Yahoo!\Companion\Installs\cpn\YTMsgr.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-17 do 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-17 19:07 . 2010-02-17 19:11 -------- d-----w- c:\users\Marushka\AppData\Local\temp
2010-02-17 19:07 . 2010-02-17 19:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-17 19:07 . 2010-02-17 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-17 15:05 . 2010-02-17 15:11 -------- d-----w- c:\program files\trend micro
2010-02-17 15:05 . 2010-02-17 15:11 -------- d-----w- C:\rsit
2010-02-16 23:14 . 2010-02-16 23:14 -------- d-----w- c:\users\Marushka\AppData\Roaming\Malwarebytes
2010-02-16 23:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 23:14 . 2010-02-16 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 23:14 . 2010-02-16 23:14 -------- d-----w- c:\programdata\Malwarebytes
2010-02-16 23:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 11:32 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 11:32 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-07 14:01 . 2010-02-07 14:01 -------- d-----w- c:\users\Marushka\AppData\Roaming\Facebook
2010-02-07 11:25 . 2010-02-07 11:26 -------- d-----w- c:\users\Marushka\AppData\Roaming\Zoner
2010-02-07 11:24 . 2010-02-07 11:24 -------- d-----w- c:\program files\Zoner
2010-02-03 16:08 . 2010-02-03 17:25 -------- d-----w- c:\program files\EA GAMES
2010-02-03 16:08 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-22 10:57 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 10:57 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 19:12 . 2009-11-01 17:05 -------- d-----w- c:\users\Marushka\AppData\Roaming\skypePM
2010-02-17 19:07 . 2008-12-27 02:09 7525 ----a-w- c:\windows\bthservsdp.dat
2010-02-17 15:23 . 2009-12-03 12:19 0 ----a-w- c:\users\Marushka\AppData\Local\prvlcl.dat
2010-02-16 20:33 . 2007-01-08 21:09 649178 ----a-w- c:\windows\system32\perfh005.dat
2010-02-16 20:33 . 2007-01-08 21:09 143998 ----a-w- c:\windows\system32\perfc005.dat
2010-02-15 21:22 . 2010-01-06 00:18 -------- d-----w- c:\users\Marushka\AppData\Roaming\uTorrent
2010-02-11 02:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-07 14:01 . 2010-02-07 14:01 50354 ----a-w- c:\users\Marushka\AppData\Roaming\Facebook\uninstall.exe
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Marushka\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Marushka\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-28 11:55 . 2008-12-30 15:27 28124 ----a-w- c:\users\Marushka\AppData\Roaming\nvModes.dat
2010-01-23 01:30 . 2009-10-18 17:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 19:58 . 2009-11-01 17:04 -------- d-----w- c:\users\Marushka\AppData\Roaming\Skype
2010-01-07 19:45 . 2010-01-04 21:23 -------- d-----w- c:\users\Marushka\AppData\Roaming\BSplayer
2010-01-06 00:17 . 2010-01-06 00:18 697965 ----a-w- c:\users\Marushka\AppData\Roaming\uTorrent\unins000.exe
2010-01-04 21:23 . 2010-01-04 21:23 -------- d-----w- c:\users\Marushka\AppData\Roaming\BSplayer Pro
2010-01-04 21:23 . 2010-01-04 21:23 -------- d-----w- c:\program files\Webteh
2010-01-01 19:18 . 2009-12-20 20:17 -------- d-----w- c:\program files\ICQ6.5
2009-12-22 23:29 . 2009-06-28 17:36 -------- d-----w- c:\program files\Java
2009-12-20 20:18 . 2008-11-17 17:32 -------- d-----w- c:\programdata\ICQ
2009-12-20 20:18 . 2008-11-17 17:31 -------- d-----w- c:\program files\ICQ6
2009-12-11 11:43 . 2010-02-10 11:33 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 11:33 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 11:33 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 11:33 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 11:33 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 11:33 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 11:33 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 11:33 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 11:33 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 11:33 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 11:33 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 11:33 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 11:33 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 11:33 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 11:33 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-11-30 19:00 . 2010-01-06 00:18 289584 ----a-w- c:\users\Marushka\AppData\Roaming\uTorrent\utorrent.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-19 5244928]
"Mobile Partner"="c:\program files\3 Internet\3 Internet.exe" [2009-06-23 110592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 4702208]
"Skytel"="Skytel.exe" [2007-12-14 1826816]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"MSPService"="c:\program files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe" [2007-02-13 102400]
"TVEService"="c:\program files\Acer Arcade Deluxe\TV Joy\TVEService.exe" [2007-07-27 151552]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-12-05 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-11-10 1216512]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-26 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4c,07,96,e2,0a,04,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [31.10.2009 15:37 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [31.10.2009 15:37 360584]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [10.11.2008 15:36 41456]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [31.10.2009 15:36 285392]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [10.11.2008 15:44 233472]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe [10.11.2008 15:36 286820]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe [10.11.2008 15:36 110682]
R3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [10.11.2008 23:28 26752]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [10.11.2008 23:28 42752]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [26.12.2007 13:35 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26.12.2007 13:35 179712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Marushka\AppData\Roaming\Mozilla\Firefox\Profiles\e92r6x6i.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Marushka\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Yahoo! Companion - c:\progra~1\Yahoo!\common\unyt.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 20:11
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4428)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\windows\system32\btncopy.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\System32\rundll32.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\users\Marushka\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Acer\Acer VCM\acp2HID.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\programdata\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-02-17 20:18:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-17 19:18
ComboFix2.txt 2010-02-16 21:01

Před spuštěním: Volných bajtů: 63 555 829 760
Po spuštění: Volných bajtů: 63 460 511 744

- - End Of File - - 06B710A672AF11F5CB76A9AEEA4A7191
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#32 Příspěvek od Unlimited_Killer »

AVG bych doporučil odinstalovat a nainstalovat Avast5.
Po tomto kroku chci vidět nový RSIT log.
inactive
Nahoru
Marynn
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 15 úno 2010 22:44

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#33 Příspěvek od Marynn »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Marushka at 2010-02-18 07:18:55
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 60 GB (53%) free of 114 GB
Total RAM: 2046 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:03, on 18.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Users\Marushka\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\TV Joy\TVEService.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\ProgramData\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Users\Marushka\Downloads\RSIT.exe
C:\Program Files\trend micro\Marushka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [MSPService] C:\Program Files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\Acer Arcade Deluxe\TV Joy\TVEService.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\3 Internet\3 Internet.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10088 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-14 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-12 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-12-14 102400]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-08-31 1286144]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-12-14 4702208]
"Skytel"=C:\Windows\Skytel.exe [2007-12-14 1826816]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-01-02 707080]
"MSPService"=C:\Program Files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe [2007-02-13 102400]
"TVEService"=C:\Program Files\Acer Arcade Deluxe\TV Joy\TVEService.exe [2007-07-27 151552]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2007-12-05 200704]
"PLFSet"=C:\Windows\PLFSet.dll [2007-04-25 45056]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-14 8501792]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-14 81920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Infium"=C:\Program Files\QIP Infium\infium.exe [2009-03-19 5244928]
"Mobile Partner"=C:\Program Files\3 Internet\3 Internet.exe [2009-06-23 110592]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-02-17 20:18:30 ----D---- C:\Windows\temp
2010-02-17 20:18:28 ----A---- C:\ComboFix.txt
2010-02-17 20:10:13 ----D---- C:\$RECYCLE.BIN
2010-02-17 19:58:00 ----D---- C:\ComboFix
2010-02-17 19:57:30 ----A---- C:\Windows\SWXCACLS.exe
2010-02-17 16:05:01 ----D---- C:\Program Files\trend micro
2010-02-17 16:05:00 ----D---- C:\rsit
2010-02-17 00:14:26 ----D---- C:\Users\Marushka\AppData\Roaming\Malwarebytes
2010-02-17 00:14:21 ----D---- C:\ProgramData\Malwarebytes
2010-02-17 00:14:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-16 21:04:29 ----A---- C:\Windows\zip.exe
2010-02-16 21:04:29 ----A---- C:\Windows\SWSC.exe
2010-02-16 21:04:29 ----A---- C:\Windows\SWREG.exe
2010-02-16 21:04:29 ----A---- C:\Windows\sed.exe
2010-02-16 21:04:29 ----A---- C:\Windows\PEV.exe
2010-02-16 21:04:29 ----A---- C:\Windows\NIRCMD.exe
2010-02-16 21:04:29 ----A---- C:\Windows\MBR.exe
2010-02-16 21:04:29 ----A---- C:\Windows\grep.exe
2010-02-16 21:04:22 ----D---- C:\Windows\ERDNT
2010-02-16 21:03:49 ----D---- C:\Qoobox
2010-02-15 22:25:35 ----A---- C:\Windows\ntbtlog.txt
2010-02-10 12:33:16 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 12:33:16 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 12:33:03 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\avifil32.dll
2010-02-07 15:01:13 ----D---- C:\Users\Marushka\AppData\Roaming\Facebook
2010-02-07 12:25:06 ----D---- C:\Users\Marushka\AppData\Roaming\Zoner
2010-02-07 12:24:20 ----D---- C:\Program Files\Zoner
2010-02-03 17:08:37 ----D---- C:\Program Files\EA GAMES
2010-02-03 17:08:36 ----RA---- C:\Windows\system32\vp6vfw.dll
2010-01-22 11:57:52 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 11:57:52 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 11:57:51 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 11:57:49 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 11:57:48 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 11:57:46 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 11:57:45 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 11:57:42 ----A---- C:\Windows\system32\ieapfltr.dll

======List of files/folders modified in the last 1 months======

2010-02-18 07:13:48 ----D---- C:\Windows\tracing
2010-02-18 00:00:10 ----D---- C:\Users\Marushka\AppData\Roaming\skypePM
2010-02-17 20:43:02 ----D---- C:\Windows\System32
2010-02-17 20:43:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-17 20:43:01 ----D---- C:\Windows\inf
2010-02-17 20:40:07 ----D---- C:\Users\Marushka\AppData\Roaming\Skype
2010-02-17 20:39:53 ----D---- C:\Windows\LiveKernelReports
2010-02-17 20:39:32 ----A---- C:\Users\Marushka\AppData\Roaming\acervcmtmp.ini
2010-02-17 20:18:30 ----D---- C:\Windows\system32\drivers
2010-02-17 20:18:30 ----D---- C:\Windows
2010-02-17 20:10:24 ----A---- C:\Windows\system.ini
2010-02-17 20:07:37 ----D---- C:\Windows\Prefetch
2010-02-17 20:07:04 ----RD---- C:\Program Files
2010-02-17 20:04:01 ----D---- C:\Windows\AppPatch
2010-02-17 20:04:00 ----D---- C:\Program Files\Common Files
2010-02-17 15:08:02 ----SHD---- C:\System Volume Information
2010-02-17 08:38:49 ----D---- C:\Program Files\Mozilla Firefox
2010-02-17 00:14:21 ----D---- C:\ProgramData
2010-02-16 21:21:04 ----D---- C:\Windows\Minidump
2010-02-15 22:22:51 ----D---- C:\Users\Marushka\AppData\Roaming\uTorrent
2010-02-11 03:38:25 ----D---- C:\Windows\winsxs
2010-02-11 03:28:19 ----D---- C:\Windows\system32\catroot
2010-02-11 03:25:26 ----D---- C:\Program Files\Windows Mail
2010-02-11 03:09:00 ----SHD---- C:\Windows\Installer
2010-02-10 12:32:54 ----D---- C:\Windows\system32\catroot2
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-23 02:30:04 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-10-31 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-10-31 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-11-10 360584]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-12-05 41456]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-12-14 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-12-14 8704]
R3 A310;AVerMedia A310 DVB-T; C:\Windows\system32\DRIVERS\AVerA310USB.sys [2007-12-27 26752]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device; C:\Windows\system32\drivers\AVerA310Cap.sys [2007-12-27 42752]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-12-14 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-12-14 208384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-12-14 1950552]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-12-14 2226688]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-12-26 6144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-14 7629504]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-06-12 1729152]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-14 192816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-12-14 660480]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-12-14 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-12-14 179712]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BthPort;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-12-14 79664]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-12-14 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-14 16432]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 odysseyIM4;Odyssey Network Agent Miniport; C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-06-15 173056]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-10-31 285392]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-08-28 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-10 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-23 266343]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS); C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe [2007-07-27 286820]
R2 TVESched;TVEnhance Task Scheduler (TTS)); C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe [2007-07-27 110682]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-10-30 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-12-14 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#34 Příspěvek od Unlimited_Killer »

Odinstalovala jste AVG a nainstalovala Avast? Já ho tam nějak nevidím... :?:
inactive
Nahoru
Marynn
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 15 úno 2010 22:44

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#35 Příspěvek od Marynn »

Jo tak, aha, to ještě ne,ráno nebyl čas,jdu na to...
Nahoru
Marynn
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 15 úno 2010 22:44

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#36 Příspěvek od Marynn »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Marushka at 2010-02-18 12:58:44
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 60 GB (52%) free of 114 GB
Total RAM: 2046 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:52, on 18.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Acer Arcade Deluxe\TV Joy\TVEService.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Marushka\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\ProgramData\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Users\Marushka\Downloads\RSIT.exe
C:\Program Files\trend micro\Marushka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [MSPService] C:\Program Files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\Acer Arcade Deluxe\TV Joy\TVEService.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\3 Internet\3 Internet.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10345 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-14 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-12-14 102400]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-08-31 1286144]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-12-14 4702208]
"Skytel"=C:\Windows\Skytel.exe [2007-12-14 1826816]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-01-02 707080]
"MSPService"=C:\Program Files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe [2007-02-13 102400]
"TVEService"=C:\Program Files\Acer Arcade Deluxe\TV Joy\TVEService.exe [2007-07-27 151552]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2007-12-05 200704]
"PLFSet"=C:\Windows\PLFSet.dll [2007-04-25 45056]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-14 8501792]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-14 81920]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Infium"=C:\Program Files\QIP Infium\infium.exe [2009-03-19 5244928]
"Mobile Partner"=C:\Program Files\3 Internet\3 Internet.exe [2009-06-23 110592]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-02-18 12:55:39 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-18 12:52:57 ----A---- C:\Windows\system32\aswBoot.exe
2010-02-18 12:52:47 ----D---- C:\ProgramData\Alwil Software
2010-02-18 12:52:47 ----D---- C:\Program Files\Alwil Software
2010-02-17 20:18:30 ----D---- C:\Windows\temp
2010-02-17 20:18:28 ----A---- C:\ComboFix.txt
2010-02-17 20:10:13 ----D---- C:\$RECYCLE.BIN
2010-02-17 19:58:00 ----D---- C:\ComboFix
2010-02-17 19:57:30 ----A---- C:\Windows\SWXCACLS.exe
2010-02-17 16:05:01 ----D---- C:\Program Files\trend micro
2010-02-17 16:05:00 ----D---- C:\rsit
2010-02-17 00:14:26 ----D---- C:\Users\Marushka\AppData\Roaming\Malwarebytes
2010-02-17 00:14:21 ----D---- C:\ProgramData\Malwarebytes
2010-02-17 00:14:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-16 21:04:29 ----A---- C:\Windows\zip.exe
2010-02-16 21:04:29 ----A---- C:\Windows\SWSC.exe
2010-02-16 21:04:29 ----A---- C:\Windows\SWREG.exe
2010-02-16 21:04:29 ----A---- C:\Windows\sed.exe
2010-02-16 21:04:29 ----A---- C:\Windows\PEV.exe
2010-02-16 21:04:29 ----A---- C:\Windows\NIRCMD.exe
2010-02-16 21:04:29 ----A---- C:\Windows\MBR.exe
2010-02-16 21:04:29 ----A---- C:\Windows\grep.exe
2010-02-16 21:04:22 ----D---- C:\Windows\ERDNT
2010-02-16 21:03:49 ----D---- C:\Qoobox
2010-02-15 22:25:35 ----A---- C:\Windows\ntbtlog.txt
2010-02-10 12:33:16 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 12:33:16 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 12:33:03 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\avifil32.dll
2010-02-07 15:01:13 ----D---- C:\Users\Marushka\AppData\Roaming\Facebook
2010-02-07 12:25:06 ----D---- C:\Users\Marushka\AppData\Roaming\Zoner
2010-02-07 12:24:20 ----D---- C:\Program Files\Zoner
2010-02-03 17:08:37 ----D---- C:\Program Files\EA GAMES
2010-02-03 17:08:36 ----RA---- C:\Windows\system32\vp6vfw.dll
2010-01-22 11:57:52 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 11:57:52 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 11:57:51 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 11:57:49 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 11:57:48 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 11:57:46 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 11:57:45 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 11:57:42 ----A---- C:\Windows\system32\ieapfltr.dll

======List of files/folders modified in the last 1 months======

2010-02-18 12:55:39 ----D---- C:\Windows\System32
2010-02-18 12:55:29 ----SHD---- C:\System Volume Information
2010-02-18 12:54:04 ----D---- C:\Windows\system32\drivers
2010-02-18 12:53:54 ----SHD---- C:\Windows\Installer
2010-02-18 12:53:52 ----D---- C:\Windows\winsxs
2010-02-18 12:52:47 ----RD---- C:\Program Files
2010-02-18 12:52:47 ----D---- C:\ProgramData
2010-02-18 12:50:22 ----D---- C:\Windows\inf
2010-02-18 12:50:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-18 12:47:37 ----D---- C:\Users\Marushka\AppData\Roaming\skypePM
2010-02-18 12:47:25 ----A---- C:\Users\Marushka\AppData\Roaming\acervcmtmp.ini
2010-02-18 12:46:20 ----D---- C:\Program Files\Mozilla Firefox
2010-02-18 12:42:05 ----D---- C:\Windows\tracing
2010-02-18 12:41:19 ----D---- C:\Windows
2010-02-18 12:41:16 ----D---- C:\ProgramData\avg9
2010-02-17 20:40:07 ----D---- C:\Users\Marushka\AppData\Roaming\Skype
2010-02-17 20:39:53 ----D---- C:\Windows\LiveKernelReports
2010-02-17 20:10:24 ----A---- C:\Windows\system.ini
2010-02-17 20:07:37 ----D---- C:\Windows\Prefetch
2010-02-17 20:04:01 ----D---- C:\Windows\AppPatch
2010-02-17 20:04:00 ----D---- C:\Program Files\Common Files
2010-02-16 21:21:04 ----D---- C:\Windows\Minidump
2010-02-15 22:22:51 ----D---- C:\Users\Marushka\AppData\Roaming\uTorrent
2010-02-11 03:28:19 ----D---- C:\Windows\system32\catroot
2010-02-11 03:25:26 ----D---- C:\Program Files\Windows Mail
2010-02-10 12:32:54 ----D---- C:\Windows\system32\catroot2
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-23 02:30:04 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-12-05 41456]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-12-14 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-12-14 8704]
R3 A310;AVerMedia A310 DVB-T; C:\Windows\system32\DRIVERS\AVerA310USB.sys [2007-12-27 26752]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device; C:\Windows\system32\drivers\AVerA310Cap.sys [2007-12-27 42752]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-12-14 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-12-14 208384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-12-14 1950552]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-12-14 2226688]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-12-26 6144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-14 7629504]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-06-12 1729152]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-14 192816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-12-14 660480]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-12-14 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-12-14 179712]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BthPort;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-12-14 79664]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-12-14 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-14 16432]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 odysseyIM4;Odyssey Network Agent Miniport; C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-06-15 173056]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-08-28 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-10 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-23 266343]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS); C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe [2007-07-27 286820]
R2 TVESched;TVEnhance Task Scheduler (TTS)); C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe [2007-07-27 110682]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-10-30 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-12-14 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#37 Příspěvek od Unlimited_Killer »

Výborně, avast už tam je, prosím o nový ComboFix log.
inactive
Nahoru
Marynn
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 15 úno 2010 22:44

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#38 Příspěvek od Marynn »

ComboFix 10-02-12.01 - Marushka 18.02.2010 14:15:44.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1309 [GMT 1:00]
Spuštěný z: c:\users\Marushka\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-18 do 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-18 13:22 . 2010-02-18 13:22 -------- d-----w- c:\users\Marushka\AppData\Local\temp
2010-02-18 13:22 . 2010-02-18 13:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-18 13:22 . 2010-02-18 13:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-18 11:55 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 11:54 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-18 11:54 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-18 11:54 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-18 11:54 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-18 11:53 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-18 11:52 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-18 11:52 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-18 11:52 . 2010-02-18 11:52 -------- d-----w- c:\programdata\Alwil Software
2010-02-18 11:52 . 2010-02-18 11:52 -------- d-----w- c:\program files\Alwil Software
2010-02-17 15:05 . 2010-02-18 11:58 -------- d-----w- c:\program files\trend micro
2010-02-17 15:05 . 2010-02-17 15:11 -------- d-----w- C:\rsit
2010-02-16 23:14 . 2010-02-16 23:14 -------- d-----w- c:\users\Marushka\AppData\Roaming\Malwarebytes
2010-02-16 23:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 23:14 . 2010-02-16 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 23:14 . 2010-02-16 23:14 -------- d-----w- c:\programdata\Malwarebytes
2010-02-16 23:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 11:32 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 11:32 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-07 14:01 . 2010-02-07 14:01 50354 ----a-w- c:\users\Marushka\AppData\Roaming\Facebook\uninstall.exe
2010-02-07 14:01 . 2010-02-07 14:01 -------- d-----w- c:\users\Marushka\AppData\Roaming\Facebook
2010-02-07 11:25 . 2010-02-07 11:26 -------- d-----w- c:\users\Marushka\AppData\Roaming\Zoner
2010-02-07 11:24 . 2010-02-07 11:24 -------- d-----w- c:\program files\Zoner
2010-02-03 16:08 . 2010-02-03 17:25 -------- d-----w- c:\program files\EA GAMES
2010-02-03 16:08 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Marushka\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Marushka\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-22 10:57 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 10:57 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 11:50 . 2007-01-08 21:09 649178 ----a-w- c:\windows\system32\perfh005.dat
2010-02-18 11:50 . 2007-01-08 21:09 143998 ----a-w- c:\windows\system32\perfc005.dat
2010-02-18 11:47 . 2009-11-01 17:05 -------- d-----w- c:\users\Marushka\AppData\Roaming\skypePM
2010-02-18 11:42 . 2008-12-27 02:09 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-18 11:41 . 2009-10-31 14:36 -------- d-----w- c:\programdata\avg9
2010-02-18 06:24 . 2009-12-03 12:19 0 ----a-w- c:\users\Marushka\AppData\Local\prvlcl.dat
2010-02-17 19:40 . 2009-11-01 17:04 -------- d-----w- c:\users\Marushka\AppData\Roaming\Skype
2010-02-15 21:22 . 2010-01-06 00:18 -------- d-----w- c:\users\Marushka\AppData\Roaming\uTorrent
2010-02-11 02:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-28 11:55 . 2008-12-30 15:27 28124 ----a-w- c:\users\Marushka\AppData\Roaming\nvModes.dat
2010-01-23 01:30 . 2009-10-18 17:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-07 19:45 . 2010-01-04 21:23 -------- d-----w- c:\users\Marushka\AppData\Roaming\BSplayer
2010-01-06 00:17 . 2010-01-06 00:18 697965 ----a-w- c:\users\Marushka\AppData\Roaming\uTorrent\unins000.exe
2010-01-04 21:23 . 2010-01-04 21:23 -------- d-----w- c:\users\Marushka\AppData\Roaming\BSplayer Pro
2010-01-04 21:23 . 2010-01-04 21:23 -------- d-----w- c:\program files\Webteh
2010-01-01 19:18 . 2009-12-20 20:17 -------- d-----w- c:\program files\ICQ6.5
2009-12-22 23:29 . 2009-06-28 17:36 -------- d-----w- c:\program files\Java
2009-12-20 20:18 . 2008-11-17 17:32 -------- d-----w- c:\programdata\ICQ
2009-12-20 20:18 . 2008-11-17 17:31 -------- d-----w- c:\program files\ICQ6
2009-12-11 11:43 . 2010-02-10 11:33 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 11:33 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 11:33 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 11:33 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 11:33 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 11:33 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 11:33 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 11:33 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 11:33 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 11:33 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 11:33 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 11:33 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 11:33 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 11:33 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 11:33 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-11-30 19:00 . 2010-01-06 00:18 289584 ----a-w- c:\users\Marushka\AppData\Roaming\uTorrent\utorrent.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-19 5244928]
"Mobile Partner"="c:\program files\3 Internet\3 Internet.exe" [2009-06-23 110592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 4702208]
"Skytel"="Skytel.exe" [2007-12-14 1826816]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"MSPService"="c:\program files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe" [2007-02-13 102400]
"TVEService"="c:\program files\Acer Arcade Deluxe\TV Joy\TVEService.exe" [2007-07-27 151552]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-12-05 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-11-10 1216512]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-26 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4c,07,96,e2,0a,04,ca,01

R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [18.2.2010 12:54 162512]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [10.11.2008 15:36 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [18.2.2010 12:54 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [18.2.2010 12:53 51792]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [10.11.2008 15:44 233472]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe [10.11.2008 15:36 286820]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe [10.11.2008 15:36 110682]
R3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [10.11.2008 23:28 26752]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [10.11.2008 23:28 42752]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [26.12.2007 13:35 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26.12.2007 13:35 179712]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Marushka\AppData\Roaming\Mozilla\Firefox\Profiles\e92r6x6i.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Marushka\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 14:22
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-18 14:25:15
ComboFix-quarantined-files.txt 2010-02-18 13:25
ComboFix2.txt 2010-02-17 19:18
ComboFix3.txt 2010-02-16 21:01

Před spuštěním: Volných bajtů: 61 922 762 752
Po spuštění: Volných bajtů: 63 097 618 432

- - End Of File - - A10945FEE5A69DE2CF6256DED19A43AF
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#39 Příspěvek od Unlimited_Killer »

Super.

1) Fixnutí v HJT
  • Spusťte přejmenované HijackThis - C:\Program Files\Trend Micro\HijackThis\jmeno_uzivatele.exe
  • Klikněte na 'Do a system scan only'.
  • U níže uvedených položek udělejte fajfku do čtverečku a poté klikněte na 'Fix Checked'.

    Kód: Vybrat vše

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
  • Pokud by tam nějaká položka nebyla, vynechte ji.
2) Reg soubor
  • Spusťte Poznámkový blok [Start → Spustit → notepad → Enter].
  • Do něj vkopírujte následující text:

    Kód: Vybrat vše

    Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
  • Uložte tento soubor například na Plochu jako oprava.reg (vizte obrázek).
    Obrázek
  • Dvojklikem tento soubor spusťte.
  • Restartujte PC a po restartu tento soubor smažte.
inactive
Nahoru
Marynn
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 15 úno 2010 22:44

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#40 Příspěvek od Marynn »

Ok, hotovo...co teď...? :)
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#41 Příspěvek od Unlimited_Killer »

Nový RSIT log. :happy:
inactive
Nahoru
Marynn
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 15 úno 2010 22:44

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#42 Příspěvek od Marynn »

Logfile of random's system information tool 1.06 (written by random/random)
Run by Marushka at 2010-02-18 23:23:43
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 60 GB (53%) free of 114 GB
Total RAM: 2046 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:47, on 18.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\RtHDVCpl.exe
C:\Users\Marushka\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Acer Arcade Deluxe\TV Joy\TVEService.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\ProgramData\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Users\Marushka\Downloads\RSIT.exe
C:\Program Files\trend micro\Marushka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [MSPService] C:\Program Files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\Acer Arcade Deluxe\TV Joy\TVEService.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe"
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\3 Internet\3 Internet.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9891 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-14 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-12-14 102400]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216]
"eAudio"=C:\Acer\Empowering Technology\eAudio\eAudio.exe [2007-08-31 1286144]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-12-14 4702208]
"Skytel"=C:\Windows\Skytel.exe [2007-12-14 1826816]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-01-02 707080]
"MSPService"=C:\Program Files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe [2007-02-13 102400]
"TVEService"=C:\Program Files\Acer Arcade Deluxe\TV Joy\TVEService.exe [2007-07-27 151552]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2007-12-05 200704]
"PLFSet"=C:\Windows\PLFSet.dll [2007-04-25 45056]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-14 8501792]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-14 81920]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Infium"=C:\Program Files\QIP Infium\infium.exe [2009-03-19 5244928]
"Mobile Partner"=C:\Program Files\3 Internet\3 Internet.exe [2009-06-23 110592]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-02-18 14:25:20 ----SHD---- C:\$RECYCLE.BIN
2010-02-18 14:25:15 ----A---- C:\ComboFix.txt
2010-02-18 14:14:41 ----D---- C:\ComboFix
2010-02-18 14:14:21 ----A---- C:\Windows\SWXCACLS.exe
2010-02-18 12:55:39 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-18 12:52:57 ----A---- C:\Windows\system32\aswBoot.exe
2010-02-18 12:52:47 ----D---- C:\ProgramData\Alwil Software
2010-02-18 12:52:47 ----D---- C:\Program Files\Alwil Software
2010-02-17 20:18:30 ----D---- C:\Windows\temp
2010-02-17 16:05:01 ----D---- C:\Program Files\trend micro
2010-02-17 16:05:00 ----D---- C:\rsit
2010-02-17 00:14:26 ----D---- C:\Users\Marushka\AppData\Roaming\Malwarebytes
2010-02-17 00:14:21 ----D---- C:\ProgramData\Malwarebytes
2010-02-17 00:14:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-16 21:04:29 ----A---- C:\Windows\zip.exe
2010-02-16 21:04:29 ----A---- C:\Windows\SWSC.exe
2010-02-16 21:04:29 ----A---- C:\Windows\SWREG.exe
2010-02-16 21:04:29 ----A---- C:\Windows\sed.exe
2010-02-16 21:04:29 ----A---- C:\Windows\PEV.exe
2010-02-16 21:04:29 ----A---- C:\Windows\NIRCMD.exe
2010-02-16 21:04:29 ----A---- C:\Windows\MBR.exe
2010-02-16 21:04:29 ----A---- C:\Windows\grep.exe
2010-02-16 21:04:22 ----D---- C:\Windows\ERDNT
2010-02-16 21:03:49 ----D---- C:\Qoobox
2010-02-15 22:25:35 ----A---- C:\Windows\ntbtlog.txt
2010-02-10 12:33:16 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 12:33:16 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 12:33:03 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 12:33:03 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 12:33:02 ----A---- C:\Windows\system32\avifil32.dll
2010-02-07 15:01:13 ----D---- C:\Users\Marushka\AppData\Roaming\Facebook
2010-02-07 12:25:06 ----D---- C:\Users\Marushka\AppData\Roaming\Zoner
2010-02-07 12:24:20 ----D---- C:\Program Files\Zoner
2010-02-03 17:08:37 ----D---- C:\Program Files\EA GAMES
2010-02-03 17:08:36 ----RA---- C:\Windows\system32\vp6vfw.dll
2010-01-22 11:57:52 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 11:57:52 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 11:57:51 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 11:57:49 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 11:57:48 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 11:57:46 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 11:57:45 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 11:57:42 ----A---- C:\Windows\system32\ieapfltr.dll

======List of files/folders modified in the last 1 months======

2010-02-18 23:19:06 ----D---- C:\Windows\System32
2010-02-18 23:19:06 ----D---- C:\Windows\inf
2010-02-18 23:19:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-18 23:10:58 ----D---- C:\Users\Marushka\AppData\Roaming\skypePM
2010-02-18 23:10:51 ----A---- C:\Users\Marushka\AppData\Roaming\acervcmtmp.ini
2010-02-18 23:10:34 ----D---- C:\Users\Marushka\AppData\Roaming\Skype
2010-02-18 22:07:45 ----D---- C:\Windows\tracing
2010-02-18 21:43:34 ----D---- C:\Program Files\Mozilla Firefox
2010-02-18 14:24:45 ----SHD---- C:\System Volume Information
2010-02-18 14:22:55 ----D---- C:\Windows
2010-02-18 14:22:55 ----A---- C:\Windows\system.ini
2010-02-18 14:19:46 ----D---- C:\Windows\system32\drivers
2010-02-18 14:19:46 ----D---- C:\Windows\AppPatch
2010-02-18 14:19:45 ----D---- C:\Program Files\Common Files
2010-02-18 12:53:54 ----SHD---- C:\Windows\Installer
2010-02-18 12:53:52 ----D---- C:\Windows\winsxs
2010-02-18 12:52:47 ----RD---- C:\Program Files
2010-02-18 12:52:47 ----D---- C:\ProgramData
2010-02-18 12:41:16 ----D---- C:\ProgramData\avg9
2010-02-17 20:39:53 ----D---- C:\Windows\LiveKernelReports
2010-02-17 20:07:37 ----D---- C:\Windows\Prefetch
2010-02-16 21:21:04 ----D---- C:\Windows\Minidump
2010-02-15 22:22:51 ----D---- C:\Users\Marushka\AppData\Roaming\uTorrent
2010-02-11 03:28:19 ----D---- C:\Windows\system32\catroot
2010-02-11 03:25:26 ----D---- C:\Program Files\Windows Mail
2010-02-10 12:32:54 ----D---- C:\Windows\system32\catroot2
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-23 02:30:04 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-12-05 41456]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-12-14 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-12-14 8704]
R3 A310;AVerMedia A310 DVB-T; C:\Windows\system32\DRIVERS\AVerA310USB.sys [2007-12-27 26752]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device; C:\Windows\system32\drivers\AVerA310Cap.sys [2007-12-27 42752]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-12-14 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-12-14 208384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-12-14 1950552]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-12-14 2226688]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-12-26 6144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-14 7629504]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-06-12 1729152]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-14 192816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-12-14 660480]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2007-12-14 43008]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-12-14 179712]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BthPort;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-12-14 79664]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-12-14 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-14 16432]
S3 catchme;catchme; \??\C:\Users\Marushka\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 odysseyIM4;Odyssey Network Agent Miniport; C:\Windows\system32\DRIVERS\odysseyIM4.sys [2004-06-15 173056]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-10-01 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-08-28 131072]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-10 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-23 266343]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS); C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe [2007-07-27 286820]
R2 TVESched;TVEnhance Task Scheduler (TTS)); C:\Program Files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe [2007-07-27 110682]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-10-30 167936]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-12-14 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
Nahoru
Marynn
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 15 úno 2010 22:44

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#43 Příspěvek od Marynn »

Ach neeeee, mě zas nefičí to Bluetooth a tentokrát nezabralo ani to odebrání a znovu spárování...já se z toho zcvoknuuuuuu....:/ :roll:
Nahoru
Uživatelský avatar
Unlimited_Killer
Přítel fóra
Přítel fóra
Příspěvky: 1969
Registrován: 24 srp 2009 16:18

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#44 Příspěvek od Unlimited_Killer »

Obnovíme jej (tedy zkusíme :D).

1) Skript do ComboFix-u
  • Otevřete si Poznámkový blok [Start → Spustit → notepad → Enter].
  • Do něj vkopírujte následující text:

    Kód: Vybrat vše

    DeQuarantine::
C:\QooBox\Quarantine\c\programdata\Microsoft\Windows\Start Menu\Programs\Startup\_Bluetooth_.lnk.zip
  • Uložte tento soubor na Plochu pod jménem CFScript (koncovka .txt).
  • Přetáhněte tento soubor nad ComboFix a pusťte ho.
  • I tento soubor, i ComboFix musí být na Ploše!
    Obrázek
  • ComboFix se spustí a vykoná příkazy ze skriptu.
  • Počítač bude pravděpodobně restartován.
  • Po restartu na Vás vyskočí okno s logem, který mi vkopírujete sem ve formě textu.
inactive
Nahoru
Marynn
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 15 úno 2010 22:44

Re: Prosím o pomoc s definitivním odstraněním Security Tool

#45 Příspěvek od Marynn »

ComboFix 10-02-12.01 - Marushka 19.02.2010 0:27.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.1213 [GMT 1:00]
Spuštěný z: c:\users\Marushka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Marushka\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-18 do 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-18 23:33 . 2010-02-18 23:33 -------- d-----w- c:\users\Marushka\AppData\Local\temp
2010-02-18 23:33 . 2010-02-18 23:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-18 23:33 . 2010-02-18 23:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-18 11:55 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-18 11:54 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-18 11:54 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-18 11:54 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-18 11:54 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-18 11:53 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-02-18 11:52 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-18 11:52 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-18 11:52 . 2010-02-18 11:52 -------- d-----w- c:\programdata\Alwil Software
2010-02-18 11:52 . 2010-02-18 11:52 -------- d-----w- c:\program files\Alwil Software
2010-02-17 15:05 . 2010-02-18 22:23 -------- d-----w- c:\program files\trend micro
2010-02-17 15:05 . 2010-02-17 15:11 -------- d-----w- C:\rsit
2010-02-16 23:14 . 2010-02-16 23:14 -------- d-----w- c:\users\Marushka\AppData\Roaming\Malwarebytes
2010-02-16 23:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 23:14 . 2010-02-16 23:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-16 23:14 . 2010-02-16 23:14 -------- d-----w- c:\programdata\Malwarebytes
2010-02-16 23:14 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 11:32 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 11:32 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-07 14:01 . 2010-02-07 14:01 50354 ----a-w- c:\users\Marushka\AppData\Roaming\Facebook\uninstall.exe
2010-02-07 14:01 . 2010-02-07 14:01 -------- d-----w- c:\users\Marushka\AppData\Roaming\Facebook
2010-02-07 11:25 . 2010-02-07 11:26 -------- d-----w- c:\users\Marushka\AppData\Roaming\Zoner
2010-02-07 11:24 . 2010-02-07 11:24 -------- d-----w- c:\program files\Zoner
2010-02-03 16:08 . 2010-02-03 17:25 -------- d-----w- c:\program files\EA GAMES
2010-02-03 16:08 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Marushka\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Marushka\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-22 10:57 . 2009-12-16 11:44 834048 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 10:57 . 2009-12-18 13:01 78336 ----a-w- c:\windows\system32\ieencode.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 23:00 . 2009-11-01 17:05 -------- d-----w- c:\users\Marushka\AppData\Roaming\skypePM
2010-02-18 22:19 . 2007-01-08 21:09 649178 ----a-w- c:\windows\system32\perfh005.dat
2010-02-18 22:19 . 2007-01-08 21:09 143998 ----a-w- c:\windows\system32\perfc005.dat
2010-02-18 22:10 . 2009-11-01 17:04 -------- d-----w- c:\users\Marushka\AppData\Roaming\Skype
2010-02-18 22:07 . 2008-12-27 02:09 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-18 11:41 . 2009-10-31 14:36 -------- d-----w- c:\programdata\avg9
2010-02-18 06:24 . 2009-12-03 12:19 0 ----a-w- c:\users\Marushka\AppData\Local\prvlcl.dat
2010-02-15 21:22 . 2010-01-06 00:18 -------- d-----w- c:\users\Marushka\AppData\Roaming\uTorrent
2010-02-11 02:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-28 11:55 . 2008-12-30 15:27 28124 ----a-w- c:\users\Marushka\AppData\Roaming\nvModes.dat
2010-01-23 01:30 . 2009-10-18 17:04 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-07 19:45 . 2010-01-04 21:23 -------- d-----w- c:\users\Marushka\AppData\Roaming\BSplayer
2010-01-06 00:17 . 2010-01-06 00:18 697965 ----a-w- c:\users\Marushka\AppData\Roaming\uTorrent\unins000.exe
2010-01-04 21:23 . 2010-01-04 21:23 -------- d-----w- c:\users\Marushka\AppData\Roaming\BSplayer Pro
2010-01-04 21:23 . 2010-01-04 21:23 -------- d-----w- c:\program files\Webteh
2010-01-01 19:18 . 2009-12-20 20:17 -------- d-----w- c:\program files\ICQ6.5
2009-12-22 23:29 . 2009-06-28 17:36 -------- d-----w- c:\program files\Java
2009-12-11 11:43 . 2010-02-10 11:33 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 11:33 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 11:33 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 11:33 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 11:33 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 11:33 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 11:33 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 11:33 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 11:33 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 11:33 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 11:33 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 11:33 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 11:33 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 11:33 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 11:33 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-11-30 19:00 . 2010-01-06 00:18 289584 ----a-w- c:\users\Marushka\AppData\Roaming\uTorrent\utorrent.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Infium"="c:\program files\QIP Infium\infium.exe" [2009-03-19 5244928]
"Mobile Partner"="c:\program files\3 Internet\3 Internet.exe" [2009-06-23 110592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-14 4702208]
"Skytel"="Skytel.exe" [2007-12-14 1826816]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"MSPService"="c:\program files\Acer Arcade Deluxe\SportsCap\Kernel\MagicSports\MSPMirage.exe" [2007-02-13 102400]
"TVEService"="c:\program files\Acer Arcade Deluxe\TV Joy\TVEService.exe" [2007-07-27 151552]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-12-05 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-11-10 1216512]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-26 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):4c,07,96,e2,0a,04,ca,01

R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [18.2.2010 12:54 162512]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [10.11.2008 15:36 41456]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [18.2.2010 12:54 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [18.2.2010 12:53 51792]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [10.11.2008 15:44 233472]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVECapSvc.exe [10.11.2008 15:36 286820]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Acer Arcade Deluxe\TV Joy\Kernel\TV\TVESched.exe [10.11.2008 15:36 110682]
R3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [10.11.2008 23:28 26752]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [10.11.2008 23:28 42752]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [26.12.2007 13:35 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26.12.2007 13:35 179712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Marushka\AppData\Roaming\Mozilla\Firefox\Profiles\e92r6x6i.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://cs.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:cs:official
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Marushka\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 00:33
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5760)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Celkový čas: 2010-02-19 00:35:55
ComboFix-quarantined-files.txt 2010-02-18 23:35
ComboFix2.txt 2010-02-18 13:25
ComboFix3.txt 2010-02-17 19:18
ComboFix4.txt 2010-02-16 21:01

Před spuštěním: Volných bajtů: 63 036 686 336
Po spuštění: Volných bajtů: 62 903 881 728

- - End Of File - - E9E1B359B3FDD81A4BC6FFF7BE0F098A
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“