Avg hlásí vir ezula

[motji]

Dejte soubor otestovat na http://www.virustotal.com

c:\windows\system32\LPHWWPG7VLd_r.exe
c:\users\Petr\AppData\Roaming\Real\Update\setup3.11\setup.exe


-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače


Jak to ted vypadá spočítačem?

[colo-colo]

http://www.virustotal.com/cs/analisis/c ... 1273609351

http://www.virustotal.com/cs/analisis/5 ... 1273609634

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
c:\windows\system32\LPHWWPG7VLd_r.exe

Driver::
Erlepisk1rur

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2b62c5c-e6ca-4280-119f-b4b8e5b8d029}]

Extra::

DDS::
uStart Page = hxxp://hattrick.org/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735

Firefox::
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\iz2d2k3o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hattrick.org

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[colo-colo]

ComboFix 10-05-10.05 - Petr 12.05.2010 9:27.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3000.1880 [GMT 2:00]
Spuštěný z: c:\users\Petr\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Petr\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\system32\LPHWWPG7VLd_r.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Erlepisk1rur


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-12 do 2010-05-12 )))))))))))))))))))))))))))))))
.

2010-05-12 07:34 . 2010-05-12 07:34 -------- d-----w- c:\users\Petr\AppData\Local\temp
2010-05-12 07:34 . 2010-05-12 07:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-12 07:34 . 2010-05-12 07:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-12 06:52 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-09 21:29 . 2010-05-09 21:29 -------- d-----w- c:\users\Petr\AppData\Roaming\Malwarebytes
2010-05-09 21:29 . 2010-05-09 21:29 -------- d-----w- c:\programdata\Malwarebytes
2010-05-09 21:29 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-09 21:29 . 2010-05-09 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 21:29 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-09 07:58 . 2010-05-09 07:58 8463808 ----a-w- c:\users\Petr\AppData\Roaming\Azureus\tmp\AZU5069569947861422034.tmp\Vuze_4.4.0.4_win32.exe
2010-05-08 07:50 . 2010-05-08 07:50 -------- d-----w- C:\VritualRoot
2010-05-08 07:49 . 2010-05-08 07:51 -------- d-----w- c:\programdata\COMODO
2010-05-08 07:49 . 2010-05-09 15:05 1020273 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-08 07:38 . 2010-05-08 07:38 -------- d-----w- c:\program files\trend micro
2010-05-08 07:38 . 2010-05-08 07:38 -------- d-----w- C:\rsit
2010-05-08 07:37 . 2010-05-08 07:37 -------- d-----w- c:\programdata\NortonInstaller
2010-05-08 07:33 . 2010-05-08 07:35 -------- d-----w- c:\program files\COMODO
2010-05-08 07:33 . 2010-05-08 07:33 -------- d-----w- c:\programdata\Comodo Downloader
2010-05-07 10:39 . 2010-05-07 10:39 -------- d-----w- c:\programdata\WindowsSearch
2010-04-16 10:09 . 2010-04-16 10:09 -------- d-----w- c:\windows\Sun
2010-04-15 10:42 . 2010-04-15 10:41 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-15 10:01 . 2010-04-15 10:02 20841968 ----a-w- c:\users\Petr\AppData\Roaming\Real\Update\setup3.11\rp\RealPlayerSPGold.exe
2010-04-15 10:01 . 2010-04-15 10:01 79368 ----a-w- c:\users\Petr\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe
2010-04-15 10:01 . 2010-04-15 10:01 64000 ----a-w- c:\users\Petr\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gcapi_dll.dll
2010-04-15 10:01 . 2010-04-15 10:01 52288 ----a-w- c:\users\Petr\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gtapi.dll
2010-04-15 10:01 . 2010-04-15 10:01 50688 ----a-w- c:\users\Petr\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\fftbapi.dll
2010-04-15 10:01 . 2010-04-15 10:01 49152 ----a-w- c:\users\Petr\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\CarboniteCompatibility.dll
2010-04-15 10:01 . 2010-04-15 10:01 118784 ----a-w- c:\users\Petr\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll
2010-04-15 00:11 . 2010-04-29 07:38 439816 ----a-w- c:\users\Petr\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-04-14 05:53 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 05:53 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 05:53 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 05:53 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 05:53 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 05:53 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 05:51 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 05:51 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 05:51 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 05:51 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 05:51 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-12 11:36 . 2010-04-12 11:36 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-04-12 11:36 . 2010-04-12 11:36 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-04-12 11:36 . 2010-04-12 11:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-12 11:36 . 2010-05-08 07:15 -------- d-----w- c:\users\Petr\AppData\Roaming\Spyware Terminator
2010-04-12 11:36 . 2010-05-10 11:13 -------- d-----w- c:\programdata\Spyware Terminator
2010-04-12 11:35 . 2010-05-08 07:15 -------- d-----w- c:\program files\Spyware Terminator
2010-04-12 11:33 . 2010-04-12 11:33 -------- d-----w- c:\programdata\SITEguard
2010-04-12 11:31 . 2010-04-15 18:10 -------- d-----w- c:\programdata\STOPzilla!
2010-04-12 11:31 . 2010-04-12 11:31 -------- d-----w- c:\program files\Common Files\iS3
2010-04-12 10:36 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-12 10:31 . 2010-05-07 10:56 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-12 10:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-04-12 10:31 . 2010-04-12 10:31 -------- d-----w- c:\users\Petr\AppData\Local\Threat Expert
2010-04-12 09:47 . 2010-04-12 09:47 -------- d-----w- c:\users\Petr\AppData\Local\avG
2010-04-12 09:47 . 2010-04-12 09:47 -------- d-----w- c:\programdata\avG

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 07:19 . 2008-12-17 11:37 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-12 06:55 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 06:54 . 2008-05-08 22:33 -------- d-----w- c:\programdata\Microsoft Help
2010-05-11 20:44 . 2009-01-06 05:52 6080 ----a-w- c:\users\Petr\AppData\Local\d3d9caps.dat
2010-05-09 08:03 . 2008-05-09 08:18 657994 ----a-w- c:\windows\system32\perfh005.dat
2010-05-09 08:03 . 2008-05-09 08:18 139672 ----a-w- c:\windows\system32\perfc005.dat
2010-05-09 08:03 . 2009-01-24 14:38 -------- d-----w- c:\users\Petr\AppData\Roaming\Azureus
2010-05-08 10:10 . 2010-03-08 23:28 -------- d-----w- c:\users\Petr\AppData\Roaming\mIRC
2010-05-06 08:36 . 2009-10-03 07:04 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 10:37 . 2009-02-01 18:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-15 18:07 . 2010-04-15 18:07 128 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-04-15 18:05 . 2010-04-15 18:02 1136 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-04-15 10:09 . 2010-02-08 23:03 64 ----a-w- c:\windows\system32\rp_stats.dat
2010-04-15 10:09 . 2010-02-08 23:03 44 ----a-w- c:\windows\system32\rp_rules.dat
2010-04-12 10:43 . 2010-03-08 23:28 -------- d-----w- c:\program files\mIRC
2010-04-12 10:31 . 2009-02-01 18:10 -------- d-----w- c:\program files\Lavasoft
2010-04-02 17:20 . 2010-04-02 17:20 -------- d-----w- c:\program files\Common Files\Java
2010-04-02 17:20 . 2008-12-27 19:59 -------- d-----w- c:\program files\Java
2010-04-02 16:59 . 2010-04-02 16:57 -------- d-----w- c:\program files\Windows Live
2010-04-02 16:58 . 2010-04-02 16:58 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-04-02 16:58 . 2010-02-17 22:50 -------- d-----w- c:\program files\Microsoft
2010-04-02 16:58 . 2010-04-02 16:58 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-02 16:57 . 2010-04-02 16:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-02 16:42 . 2010-04-02 16:42 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-02 15:47 . 2010-04-02 15:47 -------- d-----w- c:\users\Petr\AppData\Roaming\FLEXnet
2010-04-02 15:18 . 2010-04-02 15:18 -------- d-----w- c:\users\Petr\AppData\Roaming\Vodafone
2010-04-02 15:18 . 2010-04-02 15:18 -------- d-----w- c:\programdata\Vodafone
2010-04-02 15:17 . 2010-04-02 15:17 -------- d-----w- c:\programdata\FLEXnet
2010-04-02 15:17 . 2010-04-02 15:17 -------- d-----w- c:\program files\Vodafone
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30780\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30780\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30780\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30780\AcrobatUpdater.exe
2010-03-22 19:13 . 2009-01-04 17:14 -------- d-----w- c:\program files\ParadisePoker
2010-03-20 21:19 . 2008-12-25 22:25 -------- d-----w- c:\program files\bwin
2010-03-17 12:28 . 2009-04-19 16:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-11 16:47 . 2010-03-11 16:47 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-11 16:47 . 2010-03-11 16:47 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-11 16:47 . 2010-03-11 16:47 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-11 16:47 . 2010-03-11 16:47 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-11 16:47 . 2010-03-11 16:47 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-11 16:47 . 2010-03-11 16:47 329312 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-11 16:47 . 2010-03-11 16:47 300616 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-11 16:47 . 2010-03-11 16:47 118784 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-09 02:28 . 2008-12-27 20:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 23:17 . 2010-03-04 23:17 439816 ----a-w- c:\users\Petr\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-02-24 21:38 . 2008-12-17 11:38 87600 ----a-w- c:\users\Petr\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-04-02 15:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-02 15:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-02 15:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-02 15:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 13:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 13:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 13:42 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-08 19:21 293376 ----a-w- c:\windows\system32\browserchoice.exe
2009-12-10 18:45 . 2009-12-10 18:45 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-12-18 01:41 . 2008-12-18 01:40 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-05-10_20.04.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-12 06:52 . 2010-01-29 13:49 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22325_none_7c10a4356edc41af\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18197_none_7b3d56a455f59b03\INETRES.dll
+ 2010-05-12 06:52 . 2010-01-29 13:56 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22621_none_7a26312571b9872f\INETRES.dll
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18416_none_79ac63d2588f4d00\INETRES.dll
+ 2008-01-21 01:58 . 2010-05-12 07:22 77842 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-17 11:36 . 2010-05-12 07:22 14398 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3443917597-30270281-2045386373-1000_UserData.bin
- 2008-12-17 11:32 . 2010-05-10 11:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-17 11:32 . 2010-05-12 06:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-17 11:32 . 2010-05-10 11:10 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-17 11:32 . 2010-05-12 06:47 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-17 11:32 . 2010-05-12 06:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-17 11:32 . 2010-05-10 11:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-08 22:35 . 2010-04-14 06:03 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-08 22:35 . 2010-05-12 06:54 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-08 22:35 . 2010-04-14 06:03 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-08 22:35 . 2010-05-12 06:54 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-08 22:35 . 2010-05-12 06:54 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-08 22:35 . 2010-04-14 06:03 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-05-10 19:47 . 2010-05-10 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-12 07:20 . 2010-05-12 07:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-12 07:20 . 2010-05-12 07:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-10 19:47 . 2010-05-10 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-12 06:52 . 2010-01-29 16:07 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22325_none_7c10a4356edc41af\inetcomm.dll
+ 2010-05-12 06:52 . 2010-01-29 15:40 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18197_none_7b3d56a455f59b03\inetcomm.dll
+ 2010-05-12 06:52 . 2010-01-29 16:08 738304 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22621_none_7a26312571b9872f\inetcomm.dll
+ 2010-05-12 06:52 . 2010-01-29 16:21 738304 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18416_none_79ac63d2588f4d00\inetcomm.dll
- 2008-12-17 12:50 . 2010-05-10 19:42 648460 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-12-17 12:50 . 2010-05-11 20:05 648460 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2010-05-12 07:22 162230 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-08 22:35 . 2010-05-12 06:54 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-08 22:35 . 2010-04-14 06:03 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-08 22:35 . 2010-05-12 06:54 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-08 22:35 . 2010-04-14 06:03 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-08 22:35 . 2010-05-12 06:54 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-08 22:35 . 2010-04-14 06:03 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-08 22:35 . 2010-04-14 06:03 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-08 22:35 . 2010-05-12 06:54 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-05-12 06:52 . 2010-04-01 11:58 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22386_none_f4a7b4b181f9b16a\OESpamFilter.dat
+ 2010-05-12 06:52 . 2010-04-01 11:57 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18245_none_f448574c68bc8885\OESpamFilter.dat
+ 2010-05-12 06:52 . 2010-04-01 11:58 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22673_none_f2c911d784cdf450\OESpamFilter.dat
+ 2010-05-12 06:52 . 2010-04-01 13:20 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18462_none_f24942c86ba92217\OESpamFilter.dat
+ 2010-05-12 06:52 . 2010-01-29 13:49 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\MSOERES.dll
+ 2010-05-12 06:52 . 2010-01-29 16:08 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\msoe.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.18197_none_5a0aedc022b31946\MSOERES.dll
+ 2010-05-12 06:52 . 2010-01-29 15:40 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.18197_none_5a0aedc022b31946\msoe.dll
+ 2010-05-12 06:52 . 2010-01-29 13:57 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\MSOERES.dll
+ 2010-05-12 06:52 . 2010-01-29 16:09 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\msoe.dll
+ 2006-11-02 12:34 . 2006-11-02 12:34 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18416_none_5879faee254ccb43\MSOERES.dll
+ 2010-05-12 06:52 . 2010-01-29 16:22 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18416_none_5879faee254ccb43\msoe.dll
+ 2006-11-02 10:22 . 2010-05-12 06:59 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2010-04-29 20:03 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-10-16 05:08 . 2009-10-16 05:08 2237952 c:\windows\Installer\215be0c.msp
- 2008-05-08 22:35 . 2010-04-14 06:03 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-08 22:35 . 2010-05-12 06:54 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-08-25 20:50 . 2008-08-25 20:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2006-11-02 10:24 . 2010-04-30 18:51 32058312 c:\windows\System32\mrt.exe
+ 2009-04-30 07:05 . 2010-05-12 06:52 238006402 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-03-17 203928]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-12 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-05-03 834248]
"SafeQ Client"="c:\program files\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2008-07-14 188416]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-25 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-25 153112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

c:\users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-21 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):de,16,57,b2,73,21,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-16 717296]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;c:\windows\system32\Drivers\BDA_Capture_225.sys [2006-04-04 14592]
R3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.4.11.0;c:\windows\system32\Drivers\BDA_Loader_225.sys [2006-04-11 18816]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-10 30192]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-23 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-06-07 108552]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-04-12 142592]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-23 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-03 1285864]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-07-03 9216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-05-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:33]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\iz2d2k3o.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{3445ca6b-e3ea-4cac-f214-7ecf6f8e3de0}\components\n2545_CoV04Fp.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-LPHWWPG7VLd_r - c:\windows\system32\LPHWWPG7VLd_r.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-12 09:34
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
Celkový čas: 2010-05-12 09:37:23
ComboFix-quarantined-files.txt 2010-05-12 07:37
ComboFix2.txt 2010-05-10 20:07

Před spuštěním: Volných bajtů: 79 577 452 544
Po spuštění: Volných bajtů: 79 537 283 072

- - End Of File - - 595808D6CD3FB63D7E3AAB443C420471
Nahr nˇ probŘhlo ŁspŘçnŘ

[motji]

Jak to vypadá s počítačem?

Máte zapnuté tři rezidentní štíty u antispyware, ponechte jen jeden, mohly by se prát

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

[colo-colo]

Vypadá to, že se ten virus už nehlásí a noťas běží o něco rychleji.

toho Spyware terminatora jsem uplne odinstaloval a vypnul Windows defendera a nechal jet jen Ad-Watch Live!

Říkal jsem si, že bych začal zas používat ZoneAlarm, kterej jsem dřív používal na starým PC, ale na notebooku mi dělal zkraje potíže, protože se bil s nějakým program (buď s AVG nebo s mozzilou už ani nevím) ale po nějakých nedávných aktualizacích už by to mělo být bez problémů. Co myslíte?

[motji]

Já ZA používám a jsem s ním spokojená, ale tuším verze 9 měla nějaké bugy, a envím zda to už spravili. Jedu na verzi 8.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy ok zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?