Prosim o kontrolu logu

Zpráva

raky2702 · #1 Příspěvek od **raky2702** » 11 čer 2010 06:09

Dobry den PC sa mi zda nejaky pomalsi tak davam RSIT :
A jedna otazka : Ked som spustil RSIT.exe ako spravca, dal som mesiac a spustit tak to vytvorilo log behom 5 sec...ma to trvat tak kratko ?

Logfile of random's system information tool 1.07 (written by random/random)
Run by mato at 2010-06-11 07:07:54
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 73 GB (24%) free of 305 GB
Total RAM: 3071 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:08:07, on 11. 6. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mato\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mato\Desktop\RSIT.exe
C:\Program Files\trend micro\mato.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {574940E0-1B7A-4881-8FA3-1E809714B156} - C:\Users\mato\AppData\LocalLow\Microńoft\redir.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Správca pre program Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7560 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-03-06 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-03-06 503808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"PC Suite Tray"=C:\Program Files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [2010-01-17 941320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-01-15 16200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-12-14 531784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [2007-12-17 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eurobattlegui]
C:\hry\Warcraft III\eb.exe [2009-10-22 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-03 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NHL® 09 Registration.lnk]
C:\hry\NHL09~1\Support\EAREGI~1.EXE /remind /language=ENU /PRID=ODS:15374.110.Base Product /WHPR=NHL® 09 /PRNM=Electronic Arts Product []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
C:\PROGRA~1\POWERM~1\POWERM~1.EXE [2002-12-20 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registrace FIFA 10.lnk]
[]

C:\Users\mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=255
"NoDriveTypeAutoRun"=145
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{387d1072-462f-11df-b1f9-0009dd5053e0}]
shell\AutoRun\command - M:\
shell\open\command - rundll32.exe .\ds3vgt.dll,AddAtomT

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68d8e9e8-42c7-11df-bba1-0009dd5053e0}]
shell\AutoRun\command - J:\Menu.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-11 06:52:31 ----A---- C:\Windows\system32\mshtml.dll
2010-06-11 06:52:29 ----A---- C:\Windows\system32\iertutil.dll
2010-06-11 06:52:29 ----A---- C:\Windows\system32\ieframe.dll
2010-06-11 06:52:28 ----A---- C:\Windows\system32\wininet.dll
2010-06-11 06:52:28 ----A---- C:\Windows\system32\urlmon.dll
2010-06-11 06:52:28 ----A---- C:\Windows\system32\occache.dll
2010-06-11 06:52:28 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-11 06:52:27 ----A---- C:\Windows\system32\mstime.dll
2010-06-11 06:52:27 ----A---- C:\Windows\system32\ieui.dll
2010-06-11 06:52:27 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-11 06:52:26 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-11 06:52:26 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\iesetup.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\iernonce.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\iepeers.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-11 06:50:59 ----A---- C:\Windows\system32\tzres.dll
2010-06-11 06:50:35 ----A---- C:\Windows\system32\atmlib.dll
2010-06-11 06:50:35 ----A---- C:\Windows\system32\atmfd.dll
2010-06-11 06:50:25 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-08 17:39:22 ----D---- C:\Users\mato\AppData\Roaming\Facebook
2010-06-07 19:05:25 ----D---- C:\Program Files\InfoMapa 16
2010-06-07 16:05:01 ----D---- C:\Program Files\NetLimiter 2 Pro
2010-06-06 08:24:38 ----D---- C:\GHostOne
2010-06-04 10:41:34 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-06-04 10:41:34 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-06-04 10:41:34 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-06-04 10:40:41 ----D---- C:\ProgramData\InstallShield
2010-06-02 20:59:27 ----D---- C:\ProgramData\KONAMI
2010-06-02 06:54:12 ----D---- C:\ProgramData\Nokia
2010-06-02 06:50:51 ----D---- C:\Program Files\PC Connectivity Solution
2010-06-02 06:32:58 ----D---- C:\Program Files\Nokia
2010-05-30 06:57:07 ----D---- C:\Windows\system32\Adobe
2010-05-28 19:49:46 ----D---- C:\ProgramData\Blueberry
2010-05-28 18:46:23 ----D---- C:\Users\mato\AppData\Roaming\Blueberry
2010-05-28 18:46:05 ----A---- C:\Windows\system32\bbchlp.dll
2010-05-28 18:46:05 ----A---- C:\Windows\system32\bbcap.dll
2010-05-28 18:45:54 ----D---- C:\Users\mato\AppData\Roaming\LogSys
2010-05-28 18:45:53 ----D---- C:\Windows\system32\ShellDD
2010-05-28 18:45:53 ----D---- C:\ProgramData\LogSys
2010-05-28 18:45:43 ----D---- C:\Program Files\Common Files\Blueberry Software
2010-05-28 18:45:43 ----D---- C:\Program Files\BB FlashBack Pro
2010-05-28 18:45:25 ----HDC---- C:\ProgramData\{D82AC81F-4D4A-4B9D-9FE5-FF3930123446}
2010-05-25 21:42:33 ----D---- C:\Program Files\BlueSoleil
2010-05-25 20:59:58 ----D---- C:\Program Files\IVT Corporation
2010-05-25 18:16:43 ----D---- C:\Program Files\Cheat Engine
2010-05-23 15:36:13 ----D---- C:\Program Files\FreshDevices
2010-05-23 14:52:00 ----D---- C:\Program Files\Greasemetal
2010-05-22 18:51:40 ----D---- C:\Users\mato\AppData\Roaming\Red Alert 3 Uprising
2010-05-22 18:48:12 ----D---- C:\ProgramData\Electronic Arts
2010-05-21 16:46:29 ----D---- C:\ProgramData\Sun
2010-05-21 16:46:27 ----D---- C:\Program Files\Common Files\Java
2010-05-21 16:45:59 ----A---- C:\Windows\system32\javaws.exe
2010-05-21 16:45:59 ----A---- C:\Windows\system32\javaw.exe
2010-05-21 16:45:59 ----A---- C:\Windows\system32\java.exe
2010-05-21 16:45:59 ----A---- C:\Windows\system32\deployJava1.dll
2010-05-21 16:45:38 ----D---- C:\Program Files\Java
2010-05-21 16:21:39 ----D---- C:\Users\mato\AppData\Roaming\BlackBean
2010-05-19 17:48:48 ----D---- C:\Program Files\Get Styles
2010-05-19 14:21:55 ----A---- C:\ProgramData\ra3.ini
2010-05-19 09:36:55 ----D---- C:\Users\mato\AppData\Roaming\Red Alert 3
2010-05-18 17:57:28 ----D---- C:\Users\mato\AppData\Roaming\BSplayer PRO
2010-05-18 17:57:21 ----D---- C:\Program Files\BSplayerPro
2010-05-14 08:17:59 ----D---- C:\Users\mato\AppData\Roaming\ABBYY
2010-05-14 08:04:49 ----D---- C:\Program Files\Common Files\ABBYY
2010-05-14 07:51:06 ----D---- C:\ProgramData\ABBYY
2010-05-14 07:51:06 ----D---- C:\Program Files\ABBYY FineReader 10
2010-05-14 07:44:53 ----D---- C:\Program Files\abby
2010-05-14 07:44:14 ----A---- C:\Windows\system32\nethlp.dll
2010-05-14 06:20:04 ----A---- C:\Windows\system32\inetcomm.dll

======List of files/folders modified in the last 1 months======

2010-06-11 07:08:07 ----D---- C:\Windows\Prefetch
2010-06-11 07:08:07 ----D---- C:\Program Files\trend micro
2010-06-11 07:08:03 ----D---- C:\Windows\Temp
2010-06-11 07:06:40 ----D---- C:\Windows\Microsoft.NET
2010-06-11 07:06:36 ----RSD---- C:\Windows\assembly
2010-06-11 07:04:32 ----D---- C:\Windows\system32\catroot
2010-06-11 07:02:44 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-11 07:01:46 ----D---- C:\Windows\system32\sk-SK
2010-06-11 07:01:46 ----D---- C:\Windows\system32\migration
2010-06-11 07:01:46 ----D---- C:\Windows\System32
2010-06-11 07:01:46 ----D---- C:\Program Files\Windows Mail
2010-06-11 07:01:46 ----D---- C:\Program Files\Internet Explorer
2010-06-11 07:01:33 ----D---- C:\Users\mato\AppData\Roaming\Skype
2010-06-11 07:01:21 ----D---- C:\Windows\winsxs
2010-06-11 07:01:17 ----SHD---- C:\Windows\Installer
2010-06-11 07:00:47 ----D---- C:\ProgramData\Microsoft Help
2010-06-11 06:59:51 ----SD---- C:\ProgramData\Microsoft
2010-06-11 06:57:03 ----D---- C:\Windows\Debug
2010-06-11 06:56:56 ----D---- C:\Program Files\Common Files\microsoft shared
2010-06-11 06:56:44 ----D---- C:\Program Files\Microsoft
2010-06-11 06:55:06 ----D---- C:\Windows\system32\wbem
2010-06-11 06:54:35 ----SHD---- C:\System Volume Information
2010-06-11 06:50:19 ----D---- C:\Windows\system32\catroot2
2010-06-11 06:19:53 ----D---- C:\Users\mato\AppData\Roaming\skypePM
2010-06-10 20:08:07 ----D---- C:\Windows\inf
2010-06-10 20:08:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-10 15:30:54 ----D---- C:\Users\mato\AppData\Roaming\uTorrent
2010-06-09 21:04:21 ----D---- C:\Program Files\ICQ7.0
2010-06-09 17:49:06 ----D---- C:\Windows
2010-06-07 19:05:25 ----RD---- C:\Program Files
2010-06-07 18:56:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-06-07 16:05:02 ----D---- C:\Windows\system32\drivers
2010-06-06 10:21:52 ----D---- C:\Windows\system32\Tasks
2010-06-06 00:09:16 ----D---- C:\Program Files\fraps
2010-06-05 16:09:18 ----D---- C:\Users\mato\AppData\Roaming\vlc
2010-06-04 10:40:44 ----D---- C:\Windows\Logs
2010-06-04 10:40:41 ----HD---- C:\ProgramData
2010-06-04 10:40:41 ----D---- C:\Users\mato\AppData\Roaming\InstallShield
2010-06-04 10:40:29 ----D---- C:\ProgramData\Ubisoft
2010-06-04 10:33:23 ----SD---- C:\Windows\Downloaded Program Files
2010-06-04 10:33:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-04 10:32:53 ----D---- C:\hry
2010-06-03 11:57:09 ----D---- C:\Windows\rescache
2010-06-03 07:37:03 ----D---- C:\Program Files\Mozilla Firefox
2010-06-03 07:36:44 ----D---- C:\Program Files\Google
2010-06-02 06:51:10 ----D---- C:\ProgramData\Installations
2010-06-02 06:51:08 ----DC---- C:\Windows\system32\DRVSTORE
2010-06-02 06:32:59 ----D---- C:\Program Files\Common Files\Nokia
2010-05-31 06:45:50 ----AD---- C:\ProgramData\TEMP
2010-05-28 21:37:34 ----A---- C:\Windows\system32\mrt.exe
2010-05-28 18:45:43 ----D---- C:\Program Files\Common Files
2010-05-28 14:30:49 ----D---- C:\Windows\Tasks
2010-05-27 18:44:11 ----D---- C:\Program Files\Common Files\InstallShield
2010-05-26 14:28:50 ----D---- C:\Windows\system32\WDI
2010-05-25 06:24:18 ----D---- C:\Users\mato\AppData\Roaming\IObit
2010-05-23 14:28:20 ----D---- C:\Windows\system32\config
2010-05-23 14:26:59 ----D---- C:\Windows\system32\Msdtc
2010-05-23 14:26:59 ----D---- C:\Windows\Panther
2010-05-23 13:34:17 ----D---- C:\Program Files\CCleaner
2010-05-23 13:10:42 ----SD---- C:\Users\mato\AppData\Roaming\Microsoft
2010-05-21 14:14:28 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-18 15:13:23 ----D---- C:\Program Files\IObit
2010-05-15 21:37:48 ----D---- C:\Users\mato\AppData\Roaming\.purple
2010-05-15 09:14:19 ----D---- C:\Users\mato\AppData\Roaming\gtk-2.0
2010-05-15 07:50:18 ----D---- C:\Program Files\Pidgin
2010-05-14 06:49:26 ----D---- C:\Program Files\ABBYY FineReader 6.0 Sprint

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 nltdi;nltdi; \??\C:\Windows\system32\drivers\nltdi.sys [2007-04-23 82200]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-04-13 165376]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-12-18 135048]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-04-13 18048]
R3 bbcap;bbcap; C:\Windows\system32\DRIVERS\bbcap.sys [2010-05-28 4096]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-01-08 33096]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-07-22 123904]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S3 a1875jxy;a1875jxy; C:\Windows\system32\drivers\a1875jxy.sys []
S3 awzjv6u3;awzjv6u3; C:\Windows\system32\drivers\awzjv6u3.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 BTCOM;Bluetooth Serial port driver; C:\Windows\system32\DRIVERS\btcomport.sys []
S3 BTCOMBUS;Bluetooth Serial Port Bus Service; C:\Windows\System32\Drivers\btcombus.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2010-03-02 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2007-03-21 516096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2010-03-11 603904]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-04-27 611840]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-03 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2010-03-11 360192]

-----------------EOF-----------------

#2 Příspěvek od **motji** » 11 čer 2010 15:00

Hezké páteční odpoledne

Otestujte na http://www.virustotal.com
C:\Users\mato\AppData\LocalLow\Microńoft\redir.dll
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače

spusťte přejmenované HJT C:\Program Files\trend micro\mato.exe
, má tuto ikonku

- Klikněte na "Do a system scan only"
- U řádku
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)

- Dejte fajfku do čtverečku a zmáčkněte Fix checked
- restartujte pc

Otevřete si Poznámkový blok a zkopírujte do něj text

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NHL® 09 Registration.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registrace FIFA 10.lnk]

-uložte jako (typ: všechny soubory) kde za název souboru zadáte "smazani.reg" bez uvozovek,
klikněte na uložit, pak na soubor standardně 2X klikněte a potvrďte dialogové okno.

Co je jednotka M a J?

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT

-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

raky2702 · #3 Příspěvek od **raky2702** » 11 čer 2010 18:35

ok takze tu je zatial ten virustotal :

Kód: Vybrat vše

http://www.virustotal.com/analisis/8be6837127d3b913c5bfaab85bac0ff4b559ccc7ddd62063f31298509cf68c2d-1270849068

to M je USB kluc a to J je virtualna mechanika.

MBAM :

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verzia databázy: 4189

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

11. 6. 2010 21:07:31
mbam-log-2010-06-11 (21-07-31).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 352758
Uplynulý čas: 1 hod, 10 min, 19 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 2

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\Users\mato\BlueSoleil\keygen.exe (Trojan.Agent) -> No action taken.
C:\Users\mato\Downloads\IVT_BlueSoleil_6.4.299.0_CelVeSan\IVT_BlueSoleil_6.4.299.0\install\keygen.exe (Trojan.Agent) -> No action taken.

vsetko ostatne som tak isto spravil.

Co dalej ?

#4 Příspěvek od **motji** » 11 čer 2010 20:58

V mbamu vše smažte.

Zapojte do pc všechny usb klíče, flashky...co používáte

Stáhněte na plochu UsbFix
( zelené tlačítko Télécharger)

Před stažením vypněte rezidentní štít antiviru, má na Usbfix falešnou detekci
-spusťte
-klikněte na volbu research , potvrdte enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

Uploaded with ImageShack.us

raky2702 · #5 Příspěvek od **raky2702** » 11 čer 2010 22:37

tady je log :

############################## | Usbfix 7.009 | [Research]

User: mato (Administrator) # MATO-PC [To Be Filled By O.E.M. To Be Filled By O.E.M.]
Updated 23/04/10 by El Desaparecido / C_XX
Started at 22:59:10 | 11/06/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz
Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18928

Windows Firewall: Disabled /!\
Antivirus: ESET Smart Security 4.0 4.0 [Enabled | Updated]
Firewall: ESET personal firewall 4.0.474.0 [Enabled]
RAM -> 3071 Mb
C:\ (%systemdrive%) -> Fixed drive # 298 Gb (98 Mb free - 33%) [] # NTFS
D:\ -> CD-ROM
I:\ -> CD-ROM
J:\ -> CD-ROM
K:\ -> CD-ROM
L:\ -> CD-ROM
M:\ -> Removable drive # 7 Gb (2 Mb free - 22%) [LÝDIA KING] # FAT32
O:\ -> Removable drive # 475 Mb (194 Mb free - 41%) [MATO`S MP3] # FAT

################## | Files # Infected Folders |

Found ! M:\Autorun.inf
Found ! C:\$Recycle.Bin\S-1-5-21-190942252-359916794-3278992379-1000

################## | Registry |

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{387d1072-462f-11df-b1f9-0009dd5053e0}
Shell\AutoRun\Command = M:\
Shell\open\Command = rundll32.exe .\ds3vgt.dll,AddAtomT

HKCU\.\.\.\.\Explorer\MountPoints2\{68d8e9e8-42c7-11df-bba1-0009dd5053e0}
Shell\AutoRun\Command = J:\Menu.exe

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

#6 Příspěvek od **motji** » 11 čer 2010 23:05

Spusťte Usbfix znovu a zvolte volbu deletion

Zapojte do pc všechny usb klíče, flashky...co používáte

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

raky2702 · #7 Příspěvek od **raky2702** » 12 čer 2010 07:20

Tu je log z toho USBfix :
############################## | Usbfix 7.009 | [Deletion]

User: mato (Administrator) # MATO-PC [To Be Filled By O.E.M. To Be Filled By O.E.M.]
Updated 23/04/10 by El Desaparecido / C_XX
Started at 07:52:59 | 12/06/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz
Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.18928

Windows Firewall: Disabled /!\
Antivirus: ESET Smart Security 4.0 4.0 [Enabled | Updated]
Firewall: ESET personal firewall 4.0.474.0 [Enabled]
RAM -> 3071 Mb
C:\ (%systemdrive%) -> Fixed drive # 298 Gb (98 Mb free - 33%) [] # NTFS
D:\ -> CD-ROM
I:\ -> CD-ROM
J:\ -> CD-ROM
K:\ -> CD-ROM
L:\ -> CD-ROM
M:\ -> Removable drive # 7 Gb (2 Mb free - 22%) [LÝDIA KING] # FAT32
O:\ -> Removable drive # 475 Mb (194 Mb free - 41%) [MATO`S MP3] # FAT

################## | Files # Infected Folders |

Deleted ! M:\Autorun.inf
Deleted ! C:\$Recycle.Bin\S-1-5-21-190942252-359916794-3278992379-1000

################## | Registry |

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{387d1072-462f-11df-b1f9-0009dd5053e0}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{68d8e9e8-42c7-11df-bba1-0009dd5053e0}

################## | Listing |

[12/06/2010 - 07:56:22 | SHD ] C:\$Recycle.Bin
[18/09/2006 - 23:43:36 | A | 24] C:\autoexec.bat
[22/04/2010 - 21:50:05 | RASHD ] C:\autorun.inf
[21/04/2010 - 18:16:38 | SHD ] C:\Boot
[11/04/2009 - 08:36:36 | RASH | 333257] C:\bootmgr
[18/09/2006 - 23:43:37 | A | 10] C:\config.sys
[02/11/2006 - 15:02:03 | SHD ] C:\Documents and Settings
[06/06/2010 - 08:29:47 | D ] C:\GHostOne
[11/06/2010 - 19:38:17 | ASH | 3220496384] C:\hiberfil.sys
[04/06/2010 - 10:32:53 | D ] C:\hry
[06/04/2010 - 08:09:57 | RASH | 0] C:\IO.SYS
[06/04/2010 - 08:09:57 | RASH | 0] C:\MSDOS.SYS
[02/03/2010 - 09:29:06 | RHD ] C:\MSOCache
[05/04/2010 - 14:12:29 | D ] C:\MyHeritage
[02/03/2010 - 08:34:02 | D ] C:\NVIDIA
[19/03/2010 - 22:55:12 | A | 921632] C:\PA7302.DAT
[11/06/2010 - 19:38:16 | ASH | 3534307328] C:\pagefile.sys
[19/04/2010 - 15:16:53 | D ] C:\PerfLogs
[07/06/2010 - 19:05:25 | RD ] C:\Program Files
[04/06/2010 - 10:40:41 | HD ] C:\ProgramData
[21/04/2010 - 06:21:26 | D ] C:\rsit
[11/06/2010 - 19:02:11 | SHD ] C:\System Volume Information
[12/06/2010 - 07:56:22 | D ] C:\UsbFix
[12/06/2010 - 07:54:46 | A | 2543] C:\Usbfix.txt
[22/04/2010 - 21:50:07 | A | 2152] C:\UsbFix_Upload_Me_mato-PC.zip
[11/04/2010 - 09:38:22 | RD ] C:\Users
[11/06/2010 - 19:52:15 | D ] C:\Windows
[07/06/2010 - 15:43:42 | A | 364163] M:\Cvičná prezentácia.pptx
[11/06/2010 - 19:42:00 | A | 9242377] M:\ZONE (eurovea).rar
[24/05/2010 - 23:44:24 | D ] M:\LYDUSKA
[04/08/2004 - 11:00:00 | RASH | 185344] M:\ds3vgt.dll
[30/03/2009 - 19:25:34 | A | 1821] M:\Windows Live Messenger .lnk
[23/09/2008 - 17:58:56 | A | 1100] M:\Adobe ExtendScript Toolkit 2.lnk
[01/06/2010 - 21:35:20 | D ] M:\Windows Live
[01/06/2010 - 21:36:24 | A | 2377] M:\Adobe Reader 6.0.lnk
[05/06/2010 - 15:47:34 | D ] M:\stretavka O.B s profakmi 4.6.2010
[06/06/2010 - 21:36:56 | D ] M:\DjTiesto 4.6.2010
[07/06/2010 - 14:39:30 | D ] M:\zuzka informatika 7.6.2010
[31/05/2010 - 09:29:28 | A | 2024] M:\krajina.jpg
[31/05/2010 - 09:33:26 | A | 2483] M:\strom.gif
[07/06/2010 - 14:54:42 | A | 4254] M:\kvetinka.gif

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
M:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | E.O.F |

TU JE COMBOFIX :

ComboFix 10-06-11.01 - mato . 06. 2010 8:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3071.2302 [GMT 2:00]
Running from: c:\users\mato\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\mato\AppData\Roaming\Desktopicon
c:\windows\system32\detoured.dll
c:\windows\system32\nethlp.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-12 to 2010-06-12 )))))))))))))))))))))))))))))))
.

2010-06-12 06:35 . 2010-06-12 06:35 -------- d-----w- c:\users\mato\AppData\Local\temp
2010-06-12 06:35 . 2010-06-12 06:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-11 17:55 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 17:55 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 04:50 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-11 04:50 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 04:50 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 04:50 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 04:49 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-08 15:39 . 2010-06-08 15:39 50354 ----a-w- c:\users\mato\AppData\Roaming\Facebook\uninstall.exe
2010-06-08 15:39 . 2010-06-08 15:39 -------- d-----w- c:\users\mato\AppData\Roaming\Facebook
2010-06-07 17:05 . 2010-06-07 17:09 -------- d-----w- c:\program files\InfoMapa 16
2010-06-07 14:05 . 2010-06-07 14:05 -------- d-----w- c:\program files\NetLimiter 2 Pro
2010-06-06 06:24 . 2010-06-06 06:29 -------- d-----w- C:\GHostOne
2010-06-04 08:58 . 2010-06-04 08:58 -------- d-----w- c:\users\mato\AppData\Local\Ubisoft
2010-06-04 08:41 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-06-04 08:41 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-06-04 08:41 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-06-04 08:40 . 2010-06-04 08:40 -------- d-----w- c:\users\Public\Ubisoft
2010-06-04 08:40 . 2010-06-04 08:40 -------- d-----w- c:\programdata\InstallShield
2010-06-03 09:37 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-06-03 09:37 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-06-02 18:59 . 2010-06-02 18:59 -------- d-----w- c:\programdata\KONAMI
2010-06-02 04:54 . 2010-06-02 04:54 -------- d-----w- c:\programdata\Nokia
2010-06-02 04:51 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-06-02 04:50 . 2010-06-02 04:50 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-02 04:32 . 2010-06-02 04:48 -------- d-----w- c:\program files\Nokia
2010-06-02 04:32 . 2010-06-02 04:29 35790800 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_sk.exe
2010-06-02 04:32 . 2010-06-02 04:32 3351812 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe
2010-06-02 04:32 . 2010-06-02 04:32 36864 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe
2010-06-02 04:32 . 2010-06-02 04:32 3203453 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe
2010-05-30 15:49 . 2008-02-04 23:20 33280 ----a-w- c:\programdata\EPSON\EPSON Stylus SX400 Series\Language\041b.E_H9E0G7.DLL
2010-05-30 04:57 . 2010-05-31 04:49 -------- d-----w- c:\windows\system32\Adobe
2010-05-28 17:49 . 2010-05-28 17:49 -------- d-----w- c:\programdata\Blueberry
2010-05-28 16:46 . 2010-05-29 05:44 -------- d-----w- c:\users\mato\AppData\Roaming\Blueberry
2010-05-28 16:46 . 2010-05-28 16:46 4608 ----a-w- c:\windows\system32\bbchlp.dll
2010-05-28 16:46 . 2010-05-28 16:46 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2010-05-28 16:46 . 2010-05-28 16:46 30720 ----a-w- c:\windows\system32\bbcap.dll
2010-05-28 16:07 . 2005-04-30 12:50 11860 ----a-w- c:\windows\system32\drivers\VBTEnum.sys
2010-05-28 16:07 . 2005-04-30 12:50 28271 ----a-w- c:\windows\system32\drivers\BTHidMgr.sys
2010-05-28 16:03 . 2005-12-15 02:17 63488 ----a-r- c:\windows\system32\drivers\wssbtr1f.sys
2010-05-28 16:03 . 2005-12-15 02:17 48556 ----a-r- c:\windows\system32\drivers\SktBt2k.sys
2010-05-28 16:03 . 2005-12-15 02:17 77824 ----a-r- c:\windows\system32\drivers\SioUi2k.dll
2010-05-28 16:03 . 2005-12-15 02:17 48076 ----a-r- c:\windows\system32\drivers\Sio9502k.sys
2010-05-28 16:02 . 2005-12-15 02:17 51169 ----a-r- c:\windows\system32\drivers\OXSER.SYS
2010-05-28 16:02 . 2005-12-15 02:17 40960 ----a-r- c:\windows\system32\drivers\SCTray.exe
2010-05-25 19:42 . 2010-05-28 18:08 -------- d-----w- c:\program files\BlueSoleil
2010-05-25 18:59 . 2010-05-28 18:00 -------- d-----w- c:\program files\IVT Corporation
2010-05-25 16:16 . 2010-05-25 18:55 -------- d-----w- c:\program files\Cheat Engine
2010-05-23 13:36 . 2010-05-23 13:36 -------- d-----w- c:\program files\FreshDevices
2010-05-23 12:52 . 2010-05-23 17:24 -------- d-----w- c:\program files\Greasemetal
2010-05-22 16:51 . 2010-05-22 16:54 -------- d-----w- c:\users\mato\AppData\Roaming\Red Alert 3 Uprising
2010-05-22 16:48 . 2010-05-22 16:48 -------- d-----w- c:\programdata\Electronic Arts
2010-05-21 14:46 . 2010-05-21 14:46 -------- d-----w- c:\program files\Common Files\Java
2010-05-21 14:45 . 2010-05-21 14:45 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 14:45 . 2010-05-21 14:45 -------- d-----w- c:\program files\Java
2010-05-21 14:21 . 2010-05-21 14:21 -------- d-----w- c:\users\mato\AppData\Roaming\BlackBean
2010-05-19 15:48 . 2010-05-23 17:33 -------- d-----w- c:\program files\Get Styles
2010-05-19 07:36 . 2010-05-19 19:32 -------- d-----w- c:\users\mato\AppData\Roaming\Red Alert 3
2010-05-18 15:57 . 2010-05-21 20:35 -------- d-----w- c:\users\mato\AppData\Roaming\BSplayer PRO
2010-05-18 15:57 . 2010-05-18 15:59 -------- d-----w- c:\program files\BSplayerPro
2010-05-15 07:14 . 2010-05-15 07:14 1791 ----a-w- c:\users\mato\AppData\Roaming\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2010-05-15 07:14 . 2010-05-15 07:14 1779 ----a-w- c:\users\mato\AppData\Roaming\.purple\certificates\x509\tls_peers\api.oscar.aol.com
2010-05-15 07:14 . 2010-05-15 07:14 1201 ----a-w- c:\users\mato\AppData\Roaming\.purple\certificates\x509\tls_peers\login.facebook.com
2010-05-15 07:14 . 2010-05-15 07:14 1691 ----a-w- c:\users\mato\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2010-05-15 06:55 . 2010-05-15 06:55 -------- d-----w- c:\users\mato\AppData\Local\World in Conflict
2010-05-14 06:18 . 2010-05-14 06:18 -------- d-----w- c:\users\mato\AppData\Local\Adobe
2010-05-14 06:17 . 2010-05-14 06:17 -------- d-----w- c:\users\mato\AppData\Roaming\ABBYY
2010-05-14 06:04 . 2010-05-14 06:04 -------- d-----w- c:\program files\Common Files\ABBYY
2010-05-14 05:51 . 2010-05-23 12:26 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-05-14 05:51 . 2010-05-14 05:51 -------- d-----w- c:\programdata\ABBYY
2010-05-14 05:44 . 2010-05-14 05:45 -------- d-----w- c:\program files\abby
2010-05-14 04:20 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 06:31 . 2010-04-19 13:22 7724 ----a-w- c:\windows\system32\perfc01B.dat
2010-06-12 06:31 . 2010-04-19 13:22 28672 ----a-w- c:\windows\system32\perfh01B.dat
2010-06-12 06:23 . 2010-03-02 06:06 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-12 05:52 . 2010-03-04 17:38 -------- d-----w- c:\users\mato\AppData\Roaming\uTorrent
2010-06-12 05:49 . 2010-04-24 07:02 34805 ----a-w- c:\programdata\nvModes.dat
2010-06-11 17:55 . 2010-03-21 15:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 17:40 . 2010-03-04 08:30 -------- d-----w- c:\users\mato\AppData\Roaming\vlc
2010-06-11 17:36 . 2010-03-20 20:31 -------- d-----w- c:\program files\trend micro
2010-06-11 05:02 . 2010-04-18 21:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 05:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 05:01 . 2010-03-02 07:22 -------- d-----w- c:\users\mato\AppData\Roaming\Skype
2010-06-11 05:00 . 2010-03-02 07:31 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 04:56 . 2010-04-18 21:01 -------- d-----w- c:\program files\Microsoft
2010-06-11 04:19 . 2010-03-02 07:23 -------- d-----w- c:\users\mato\AppData\Roaming\skypePM
2010-06-09 19:04 . 2010-03-02 07:18 -------- d-----w- c:\program files\ICQ7.0
2010-06-07 16:56 . 2010-03-06 08:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-05 22:09 . 2010-03-10 17:34 -------- d-----w- c:\program files\fraps
2010-06-04 08:40 . 2010-03-02 06:18 -------- d-----w- c:\users\mato\AppData\Roaming\InstallShield
2010-06-04 08:40 . 2010-04-23 13:33 -------- d-----w- c:\programdata\Ubisoft
2010-06-04 08:33 . 2010-03-02 06:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 09:38 . 2010-06-03 09:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-03 09:38 . 2010-06-03 09:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-03 05:36 . 2010-03-07 10:11 -------- d-----w- c:\program files\Google
2010-06-02 04:51 . 2010-03-02 15:08 -------- d-----w- c:\programdata\Installations
2010-06-02 04:32 . 2010-03-02 15:18 -------- d-----w- c:\program files\Common Files\Nokia
2010-05-28 16:46 . 2010-05-28 16:45 -------- d-----w- c:\users\mato\AppData\Roaming\LogSys
2010-05-28 16:45 . 2010-05-28 16:45 -------- d-----w- c:\program files\BB FlashBack Pro
2010-05-28 16:45 . 2010-05-28 16:45 -------- d-----w- c:\programdata\LogSys
2010-05-28 16:45 . 2010-05-28 16:45 -------- dc-h--w- c:\programdata\{D82AC81F-4D4A-4B9D-9FE5-FF3930123446}
2010-05-28 16:45 . 2010-05-28 16:45 -------- d-----w- c:\program files\Common Files\Blueberry Software
2010-05-27 16:44 . 2010-03-07 10:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-25 18:55 . 2010-05-25 16:16 -------- d-----w- c:\program files\Cheat Engine
2010-05-25 04:24 . 2010-04-25 10:20 -------- d-----w- c:\users\mato\AppData\Roaming\IObit
2010-05-23 11:34 . 2010-03-02 07:32 -------- d-----w- c:\program files\CCleaner
2010-05-21 12:14 . 2010-03-02 07:34 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 13:13 . 2010-04-25 10:20 -------- d-----w- c:\program files\IObit
2010-05-15 19:37 . 2010-05-10 19:55 -------- d-----w- c:\users\mato\AppData\Roaming\.purple
2010-05-15 07:14 . 2010-05-10 20:04 -------- d-----w- c:\users\mato\AppData\Roaming\gtk-2.0
2010-05-15 05:50 . 2010-05-10 19:51 -------- d-----w- c:\program files\Pidgin
2010-05-14 04:49 . 2010-03-07 10:32 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-05-11 04:33 . 2010-03-13 17:49 977 ----a-w- c:\windows\eReg.dat
2010-05-11 04:19 . 2010-03-05 17:02 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-10 20:25 . 2010-05-10 20:24 -------- d-----w- c:\program files\Graffiti Studio 2.0
2010-05-10 20:12 . 2010-05-10 19:53 -------- d-----w- c:\program files\Aspell
2010-05-10 19:51 . 2010-05-10 19:51 -------- d-----w- c:\program files\Common Files\GTK
2010-05-10 04:21 . 2010-04-14 16:02 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-10 04:13 . 2010-05-03 19:23 -------- d-----w- c:\program files\Advanced SystemCare 3
2010-05-08 10:27 . 2010-03-04 08:29 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-06 18:37 . 2010-03-24 14:27 -------- d-----w- c:\users\mato\AppData\Roaming\dvdcss
2010-05-04 05:59 . 2010-06-11 04:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 04:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 04:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 04:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-03 19:29 . 2010-05-03 19:29 -------- d-----w- c:\programdata\IObit
2010-05-02 17:04 . 2010-04-17 08:20 -------- d-----w- c:\program files\GTASAConsole
2010-05-02 17:00 . 2010-03-17 19:47 -------- d-----w- c:\programdata\Codemasters
2010-04-30 16:37 . 2010-04-30 16:37 -------- d-----w- c:\users\mato\AppData\Roaming\Ubisoft
2010-04-30 16:05 . 2010-04-30 16:05 -------- d-----w- c:\program files\Ubisoft
2010-04-29 09:47 . 2010-04-29 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-29 09:47 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-28 11:17 . 2010-04-18 21:11 -------- d-----w- c:\program files\Windows Live
2010-04-27 16:40 . 2010-04-27 16:30 -------- d-----w- c:\programdata\TrackMania
2010-04-27 12:45 . 2010-04-27 12:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 12:45 . 2010-04-27 12:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-25 18:14 . 2010-04-14 16:09 88 --sh--r- c:\windows\system32\9CA8217D90.sys
2010-04-24 07:06 . 2010-04-24 07:06 -------- d-----w- c:\program files\Windows Portable Devices
2010-04-24 07:06 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-24 07:03 . 2010-04-24 07:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-04-24 07:02 . 2010-04-24 07:02 -------- d-----w- c:\programdata\NVIDIA
2010-04-24 07:02 . 2010-03-02 06:34 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-24 06:35 . 2010-04-24 06:35 -------- d-----w- c:\programdata\WindowsSearch
2010-04-23 20:09 . 2010-04-23 19:53 -------- d-----w- c:\programdata\Test Drive Unlimited
2010-04-23 15:05 . 2010-04-23 15:05 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-19 13:28 . 2010-04-19 13:28 -------- d-sh--w- c:\programdata\SecuROM
2010-04-19 13:01 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-04-19 13:01 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-19 04:26 . 2010-04-19 04:26 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-04-18 21:12 . 2010-04-18 21:12 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-18 21:11 . 2010-04-18 21:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-18 21:04 . 2010-04-18 21:04 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-18 21:03 . 2010-04-18 21:03 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-04-18 21:03 . 2010-04-18 21:03 270848 ----a-w- c:\windows\system32\schannel.dll
2010-04-18 21:02 . 2010-04-18 21:02 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-18 07:50 . 2010-03-02 06:14 60640 ----a-w- c:\users\mato\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-18 06:22 . 2010-04-18 06:22 -------- d-----w- c:\program files\Sanny Builder 3
2010-04-15 04:39 . 2010-04-15 04:39 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 04:39 . 2010-04-15 04:39 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 04:39 . 2010-04-15 04:39 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 04:39 . 2010-04-15 04:39 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 04:39 . 2010-04-15 04:39 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 04:36 . 2010-04-15 04:36 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 04:35 . 2010-04-15 04:35 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 04:35 . 2010-04-15 04:35 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 04:35 . 2010-04-15 04:35 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-06-03 05:37 . 2010-06-03 05:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"PC Suite Tray"="c:\program files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

c:\users\mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NHL® 09 Registration.lnk]
backup=c:\windows\pss\NHL® 09 Registration.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
backup=c:\windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registrace FIFA 10.lnk]
backup=c:\windows\pss\Registrace FIFA 10.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2010-01-17 17:02 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-01-15 13:18 16200 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-12-14 11:35 531784 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]
2007-12-17 15:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eurobattlegui]
2009-10-22 17:39 757760 ----a-w- c:\hry\Warcraft III\eb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-03 05:36 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"EPSON Stylus SX400 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "c:\users\mato\AppData\Local\Temp\E_SCAC7.tmp" /EF "HKCU"
"Google Update"="c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"PC Suite Tray"="c:\program files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):41,f1,2b,17,6e,e1,ca,01

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-02 691696]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-03 30192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2010-05-28 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-06-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-06-12 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-05-23 12:54]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 10:11]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 10:11]

2010-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000Core.job
- c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 06:23]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000UA.job
- c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 06:23]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\mato\AppData\Roaming\Mozilla\Firefox\Profiles\o0nu3p77.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\mato\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\mato\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 08:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\users\mato\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-12 08:37:14
ComboFix-quarantined-files.txt 2010-06-12 06:37

Pre-Run: 105 104 629 760 bytes free
Post-Run: 105 043 152 896 bytes free

- - End Of File - - 7AD468F553BF293AB2C41DC450BAE09F

#8 Příspěvek od **motji** » 12 čer 2010 22:34

Zapojte jednotku M do počítače a otestujte na www.virustotal.com
M:\ds3vgt.dll

Jak to teď vypadá s počítačem?

raky2702 · #9 Příspěvek od **raky2702** » 13 čer 2010 06:26

http://www.virustotal.com/analisis/d864 ... 1276406683

PC ide rychlejsie.

#10 Příspěvek od **motji** » 13 čer 2010 12:08

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše


Collect::
M:\ds3vgt.dll

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

raky2702 · #11 Příspěvek od **raky2702** » 13 čer 2010 18:33

Tu je COMBOFIX :

PC nabehol OK

A chcem sa spytat... Na tom USB (M) bol virus ?

ComboFix 10-06-11.01 - mato . 06. 2010 19:19:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3071.1587 [GMT 2:00]
Running from: c:\users\mato\Desktop\ComboFix.exe
Command switches used :: c:\users\mato\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

M:\ds3vgt.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-13 to 2010-06-13 )))))))))))))))))))))))))))))))
.

2010-06-13 17:25 . 2010-06-13 17:25 -------- d-----w- c:\users\mato\AppData\Local\temp
2010-06-13 17:25 . 2010-06-13 17:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-13 17:25 . 2010-06-13 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-12 09:47 . 2010-06-12 09:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-11 17:55 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-11 17:55 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-11 04:50 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-11 04:50 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-11 04:50 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-11 04:50 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-11 04:49 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-08 15:39 . 2010-06-08 15:39 50354 ----a-w- c:\users\mato\AppData\Roaming\Facebook\uninstall.exe
2010-06-08 15:39 . 2010-06-08 15:39 -------- d-----w- c:\users\mato\AppData\Roaming\Facebook
2010-06-07 17:05 . 2010-06-07 17:09 -------- d-----w- c:\program files\InfoMapa 16
2010-06-07 14:05 . 2010-06-07 14:05 -------- d-----w- c:\program files\NetLimiter 2 Pro
2010-06-06 06:24 . 2010-06-06 06:29 -------- d-----w- C:\GHostOne
2010-06-04 08:58 . 2010-06-04 08:58 -------- d-----w- c:\users\mato\AppData\Local\Ubisoft
2010-06-04 08:41 . 2008-07-12 06:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-06-04 08:41 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-06-04 08:41 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-06-04 08:40 . 2010-06-04 08:40 -------- d-----w- c:\users\Public\Ubisoft
2010-06-04 08:40 . 2010-06-04 08:40 -------- d-----w- c:\programdata\InstallShield
2010-06-03 09:37 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-06-03 09:37 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-06-02 18:59 . 2010-06-02 18:59 -------- d-----w- c:\programdata\KONAMI
2010-06-02 04:54 . 2010-06-02 04:54 -------- d-----w- c:\programdata\Nokia
2010-06-02 04:51 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-06-02 04:50 . 2010-06-02 04:50 -------- d-----w- c:\program files\PC Connectivity Solution
2010-06-02 04:32 . 2010-06-02 04:48 -------- d-----w- c:\program files\Nokia
2010-06-02 04:32 . 2010-06-02 04:29 35790800 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_sk.exe
2010-06-02 04:32 . 2010-06-02 04:32 3351812 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe
2010-06-02 04:32 . 2010-06-02 04:32 36864 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe
2010-06-02 04:32 . 2010-06-02 04:32 3203453 ----a-w- c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe
2010-05-30 15:49 . 2008-02-04 23:20 33280 ----a-w- c:\programdata\EPSON\EPSON Stylus SX400 Series\Language\041b.E_H9E0G7.DLL
2010-05-30 04:57 . 2010-05-31 04:49 -------- d-----w- c:\windows\system32\Adobe
2010-05-28 17:49 . 2010-05-28 17:49 -------- d-----w- c:\programdata\Blueberry
2010-05-28 16:46 . 2010-05-29 05:44 -------- d-----w- c:\users\mato\AppData\Roaming\Blueberry
2010-05-28 16:46 . 2010-05-28 16:46 4608 ----a-w- c:\windows\system32\bbchlp.dll
2010-05-28 16:46 . 2010-05-28 16:46 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2010-05-28 16:46 . 2010-05-28 16:46 30720 ----a-w- c:\windows\system32\bbcap.dll
2010-05-28 16:07 . 2005-04-30 12:50 11860 ----a-w- c:\windows\system32\drivers\VBTEnum.sys
2010-05-28 16:07 . 2005-04-30 12:50 28271 ----a-w- c:\windows\system32\drivers\BTHidMgr.sys
2010-05-28 16:03 . 2005-12-15 02:17 63488 ----a-r- c:\windows\system32\drivers\wssbtr1f.sys
2010-05-28 16:03 . 2005-12-15 02:17 48556 ----a-r- c:\windows\system32\drivers\SktBt2k.sys
2010-05-28 16:03 . 2005-12-15 02:17 77824 ----a-r- c:\windows\system32\drivers\SioUi2k.dll
2010-05-28 16:03 . 2005-12-15 02:17 48076 ----a-r- c:\windows\system32\drivers\Sio9502k.sys
2010-05-28 16:02 . 2005-12-15 02:17 51169 ----a-r- c:\windows\system32\drivers\OXSER.SYS
2010-05-28 16:02 . 2005-12-15 02:17 40960 ----a-r- c:\windows\system32\drivers\SCTray.exe
2010-05-25 19:42 . 2010-05-28 18:08 -------- d-----w- c:\program files\BlueSoleil
2010-05-25 18:59 . 2010-05-28 18:00 -------- d-----w- c:\program files\IVT Corporation
2010-05-25 16:16 . 2010-05-25 18:55 -------- d-----w- c:\program files\Cheat Engine
2010-05-23 13:36 . 2010-05-23 13:36 -------- d-----w- c:\program files\FreshDevices
2010-05-23 12:52 . 2010-05-23 17:24 -------- d-----w- c:\program files\Greasemetal
2010-05-22 16:51 . 2010-05-22 16:54 -------- d-----w- c:\users\mato\AppData\Roaming\Red Alert 3 Uprising
2010-05-22 16:48 . 2010-05-22 16:48 -------- d-----w- c:\programdata\Electronic Arts
2010-05-21 14:46 . 2010-05-21 14:46 -------- d-----w- c:\program files\Common Files\Java
2010-05-21 14:45 . 2010-05-21 14:45 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-21 14:45 . 2010-05-21 14:45 -------- d-----w- c:\program files\Java
2010-05-21 14:21 . 2010-05-21 14:21 -------- d-----w- c:\users\mato\AppData\Roaming\BlackBean
2010-05-19 15:48 . 2010-05-23 17:33 -------- d-----w- c:\program files\Get Styles
2010-05-19 07:36 . 2010-05-19 19:32 -------- d-----w- c:\users\mato\AppData\Roaming\Red Alert 3
2010-05-18 15:57 . 2010-05-21 20:35 -------- d-----w- c:\users\mato\AppData\Roaming\BSplayer PRO
2010-05-18 15:57 . 2010-05-18 15:59 -------- d-----w- c:\program files\BSplayerPro
2010-05-15 07:14 . 2010-05-15 07:14 1791 ----a-w- c:\users\mato\AppData\Roaming\.purple\certificates\x509\tls_peers\bos.oscar.aol.com
2010-05-15 07:14 . 2010-05-15 07:14 1779 ----a-w- c:\users\mato\AppData\Roaming\.purple\certificates\x509\tls_peers\api.oscar.aol.com
2010-05-15 07:14 . 2010-05-15 07:14 1201 ----a-w- c:\users\mato\AppData\Roaming\.purple\certificates\x509\tls_peers\login.facebook.com
2010-05-15 07:14 . 2010-05-15 07:14 1691 ----a-w- c:\users\mato\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2010-05-15 06:55 . 2010-05-15 06:55 -------- d-----w- c:\users\mato\AppData\Local\World in Conflict

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 17:18 . 2010-04-19 13:22 7724 ----a-w- c:\windows\system32\perfc01B.dat
2010-06-13 17:18 . 2010-04-19 13:22 28672 ----a-w- c:\windows\system32\perfh01B.dat
2010-06-13 17:17 . 2010-03-04 17:38 -------- d-----w- c:\users\mato\AppData\Roaming\uTorrent
2010-06-13 17:16 . 2010-05-14 05:51 -------- d-----w- c:\program files\ABBYY FineReader 10
2010-06-13 16:52 . 2010-03-02 07:22 -------- d-----w- c:\users\mato\AppData\Roaming\Skype
2010-06-13 14:01 . 2010-03-02 07:23 -------- d-----w- c:\users\mato\AppData\Roaming\skypePM
2010-06-13 11:03 . 2010-04-24 07:02 34805 ----a-w- c:\programdata\nvModes.dat
2010-06-13 05:23 . 2010-03-04 08:30 -------- d-----w- c:\users\mato\AppData\Roaming\vlc
2010-06-12 14:29 . 2010-03-24 14:27 -------- d-----w- c:\users\mato\AppData\Roaming\dvdcss
2010-06-12 09:55 . 2010-04-14 16:02 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-12 06:23 . 2010-03-02 06:06 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-11 17:55 . 2010-03-21 15:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 17:36 . 2010-03-20 20:31 -------- d-----w- c:\program files\trend micro
2010-06-11 05:02 . 2010-04-18 21:01 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 05:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 05:00 . 2010-03-02 07:31 -------- d-----w- c:\programdata\Microsoft Help
2010-06-11 04:56 . 2010-04-18 21:01 -------- d-----w- c:\program files\Microsoft
2010-06-09 19:04 . 2010-03-02 07:18 -------- d-----w- c:\program files\ICQ7.0
2010-06-07 16:56 . 2010-03-06 08:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-05 22:09 . 2010-03-10 17:34 -------- d-----w- c:\program files\fraps
2010-06-04 08:40 . 2010-03-02 06:18 -------- d-----w- c:\users\mato\AppData\Roaming\InstallShield
2010-06-04 08:40 . 2010-04-23 13:33 -------- d-----w- c:\programdata\Ubisoft
2010-06-04 08:33 . 2010-03-02 06:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-03 09:38 . 2010-06-03 09:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-06-03 09:38 . 2010-06-03 09:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-03 05:36 . 2010-03-07 10:11 -------- d-----w- c:\program files\Google
2010-06-02 04:51 . 2010-03-02 15:08 -------- d-----w- c:\programdata\Installations
2010-06-02 04:32 . 2010-03-02 15:18 -------- d-----w- c:\program files\Common Files\Nokia
2010-05-28 16:46 . 2010-05-28 16:45 -------- d-----w- c:\users\mato\AppData\Roaming\LogSys
2010-05-28 16:45 . 2010-05-28 16:45 -------- d-----w- c:\program files\BB FlashBack Pro
2010-05-28 16:45 . 2010-05-28 16:45 -------- d-----w- c:\programdata\LogSys
2010-05-28 16:45 . 2010-05-28 16:45 -------- dc-h--w- c:\programdata\{D82AC81F-4D4A-4B9D-9FE5-FF3930123446}
2010-05-28 16:45 . 2010-05-28 16:45 -------- d-----w- c:\program files\Common Files\Blueberry Software
2010-05-27 16:44 . 2010-03-07 10:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-25 18:55 . 2010-05-25 16:16 -------- d-----w- c:\program files\Cheat Engine
2010-05-25 04:24 . 2010-04-25 10:20 -------- d-----w- c:\users\mato\AppData\Roaming\IObit
2010-05-23 11:34 . 2010-03-02 07:32 -------- d-----w- c:\program files\CCleaner
2010-05-21 12:14 . 2010-03-02 07:34 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 13:13 . 2010-04-25 10:20 -------- d-----w- c:\program files\IObit
2010-05-15 19:37 . 2010-05-10 19:55 -------- d-----w- c:\users\mato\AppData\Roaming\.purple
2010-05-15 07:14 . 2010-05-10 20:04 -------- d-----w- c:\users\mato\AppData\Roaming\gtk-2.0
2010-05-15 05:50 . 2010-05-10 19:51 -------- d-----w- c:\program files\Pidgin
2010-05-14 06:17 . 2010-05-14 06:17 -------- d-----w- c:\users\mato\AppData\Roaming\ABBYY
2010-05-14 06:04 . 2010-05-14 06:04 -------- d-----w- c:\program files\Common Files\ABBYY
2010-05-14 05:51 . 2010-05-14 05:51 -------- d-----w- c:\programdata\ABBYY
2010-05-14 05:45 . 2010-05-14 05:44 -------- d-----w- c:\program files\abby
2010-05-14 04:49 . 2010-03-07 10:32 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-05-11 04:33 . 2010-03-13 17:49 977 ----a-w- c:\windows\eReg.dat
2010-05-11 04:19 . 2010-03-05 17:02 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-10 20:25 . 2010-05-10 20:24 -------- d-----w- c:\program files\Graffiti Studio 2.0
2010-05-10 20:12 . 2010-05-10 19:53 -------- d-----w- c:\program files\Aspell
2010-05-10 19:51 . 2010-05-10 19:51 -------- d-----w- c:\program files\Common Files\GTK
2010-05-10 04:13 . 2010-05-03 19:23 -------- d-----w- c:\program files\Advanced SystemCare 3
2010-05-08 10:27 . 2010-03-04 08:29 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-04 05:59 . 2010-06-11 04:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 04:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 04:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 04:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-03 19:29 . 2010-05-03 19:29 -------- d-----w- c:\programdata\IObit
2010-05-02 17:04 . 2010-04-17 08:20 -------- d-----w- c:\program files\GTASAConsole
2010-05-02 17:00 . 2010-03-17 19:47 -------- d-----w- c:\programdata\Codemasters
2010-04-30 16:37 . 2010-04-30 16:37 -------- d-----w- c:\users\mato\AppData\Roaming\Ubisoft
2010-04-30 16:05 . 2010-04-30 16:05 -------- d-----w- c:\program files\Ubisoft
2010-04-29 09:47 . 2010-04-29 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-29 09:47 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-28 11:17 . 2010-04-18 21:11 -------- d-----w- c:\program files\Windows Live
2010-04-27 16:40 . 2010-04-27 16:30 -------- d-----w- c:\programdata\TrackMania
2010-04-27 12:45 . 2010-04-27 12:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 12:45 . 2010-04-27 12:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-25 18:14 . 2010-04-14 16:09 88 --sh--r- c:\windows\system32\9CA8217D90.sys
2010-04-24 07:06 . 2010-04-24 07:06 -------- d-----w- c:\program files\Windows Portable Devices
2010-04-24 07:06 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-24 07:03 . 2010-04-24 07:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-04-24 07:02 . 2010-04-24 07:02 -------- d-----w- c:\programdata\NVIDIA
2010-04-24 07:02 . 2010-03-02 06:34 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-24 06:35 . 2010-04-24 06:35 -------- d-----w- c:\programdata\WindowsSearch
2010-04-23 20:09 . 2010-04-23 19:53 -------- d-----w- c:\programdata\Test Drive Unlimited
2010-04-23 15:05 . 2010-04-23 15:05 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-21 16:12 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-19 13:28 . 2010-04-19 13:28 -------- d-sh--w- c:\programdata\SecuROM
2010-04-19 13:01 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-04-19 13:01 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-04-19 04:26 . 2010-04-19 04:26 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-04-18 21:12 . 2010-04-18 21:12 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-04-18 21:11 . 2010-04-18 21:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-18 21:04 . 2010-04-18 21:04 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-18 21:03 . 2010-04-18 21:03 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-04-18 21:03 . 2010-04-18 21:03 270848 ----a-w- c:\windows\system32\schannel.dll
2010-04-18 21:02 . 2010-04-18 21:02 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-04-18 07:50 . 2010-03-02 06:14 60640 ----a-w- c:\users\mato\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-18 06:22 . 2010-04-18 06:22 -------- d-----w- c:\program files\Sanny Builder 3
2010-04-15 04:39 . 2010-04-15 04:39 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 04:39 . 2010-04-15 04:39 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 04:39 . 2010-04-15 04:39 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 04:39 . 2010-04-15 04:39 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-03 05:37 . 2010-06-03 05:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\mato\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"PC Suite Tray"="c:\program files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

c:\users\mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NHL® 09 Registration.lnk]
backup=c:\windows\pss\NHL® 09 Registration.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
backup=c:\windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registrace FIFA 10.lnk]
backup=c:\windows\pss\Registrace FIFA 10.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2010-01-17 17:02 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-01-15 13:18 16200 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-12-14 11:35 531784 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]
2007-12-17 15:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eurobattlegui]
2009-10-22 17:39 757760 ----a-w- c:\hry\Warcraft III\eb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-03 05:36 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"EPSON Stylus SX400 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "c:\users\mato\AppData\Local\Temp\E_SCAC7.tmp" /EF "HKCU"
"Google Update"="c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"PC Suite Tray"="c:\program files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"PAC7302_Monitor"=c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):41,f1,2b,17,6e,e1,ca,01

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-02 691696]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-03 30192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
S3 bbcap;bbcap;c:\windows\system32\DRIVERS\bbcap.sys [2010-05-28 4096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-06-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-06-12 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-05-23 12:54]

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 10:11]

2010-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-07 10:11]

2010-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000Core.job
- c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 06:23]

2010-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000UA.job
- c:\users\mato\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 06:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\mato\AppData\Roaming\Mozilla\Firefox\Profiles\o0nu3p77.default\
FF - prefs.js: browser.startup.homepage - hxxp://ahoolly.com
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\mato\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\mato\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-13 19:25
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-06-13 19:27:35
ComboFix-quarantined-files.txt 2010-06-13 17:27
ComboFix2.txt 2010-06-12 06:37

Pre-Run: 85 004 025 856 bytes free
Post-Run: 84 973 969 408 bytes free

- - End Of File - - 40B3562F4AC3B743E6578CF722EA2010

#12 Příspěvek od **motji** » 13 čer 2010 19:29

Ano, na USB byl vir.
Můžete se prosím podívat do této složky, co tam je?
c:\programdata\LogSys

raky2702 · #13 Příspěvek od **raky2702** » 13 čer 2010 20:52

no v tej zlozke je toto :
Obrázek

#14 Příspěvek od **motji** » 13 čer 2010 20:55

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

raky2702 · #15 Příspěvek od **raky2702** » 13 čer 2010 21:32

Vsetko urobene.

PC ide lepsie

Tady je LOG :

Logfile of random's system information tool 1.07 (written by random/random)
Run by mato at 2010-06-13 22:28:59
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 93 GB (31%) free of 305 GB
Total RAM: 3071 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:24, on 13. 6. 2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\mato\Desktop\RSIT.exe
C:\Program Files\trend micro\mato.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra 'Tools' menuitem: GetStyles - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - (no file)
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Správca pre program Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 6121 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-190942252-359916794-3278992379-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-03-06 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-03-06 503808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"PC Suite Tray"=C:\Program Files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe [2010-01-17 941320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-01-15 16200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-12-14 531784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [2007-12-17 188928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eurobattlegui]
C:\hry\Warcraft III\eb.exe [2009-10-22 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-03 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia pc suite\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NHL® 09 Registration.lnk]
C:\hry\NHL09~1\Support\EAREGI~1.EXE /remind /language=ENU /PRID=ODS:15374.110.Base Product /WHPR=NHL® 09 /PRNM=Electronic Arts Product []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
C:\PROGRA~1\POWERM~1\POWERM~1.EXE [2002-12-20 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^mato^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registrace FIFA 10.lnk]
[]

C:\Users\mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0
"HonorAutoRunSetting"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-06-13 22:28:59 ----D---- C:\rsit
2010-06-13 22:09:43 ----D---- C:\Program Files\directx
2010-06-13 19:27:39 ----SHD---- C:\$RECYCLE.BIN
2010-06-12 16:23:26 ----A---- C:\Windows\NeroDigital.ini
2010-06-12 11:47:23 ----D---- C:\Program Files\Common Files\Adobe
2010-06-12 08:24:51 ----D---- C:\Windows\ERDNT
2010-06-12 07:56:24 ----RAD---- C:\Autorun.inf
2010-06-12 07:52:59 ----A---- C:\Usbfix.txt
2010-06-11 06:52:31 ----A---- C:\Windows\system32\mshtml.dll
2010-06-11 06:52:29 ----A---- C:\Windows\system32\iertutil.dll
2010-06-11 06:52:29 ----A---- C:\Windows\system32\ieframe.dll
2010-06-11 06:52:28 ----A---- C:\Windows\system32\wininet.dll
2010-06-11 06:52:28 ----A---- C:\Windows\system32\urlmon.dll
2010-06-11 06:52:28 ----A---- C:\Windows\system32\occache.dll
2010-06-11 06:52:28 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-11 06:52:27 ----A---- C:\Windows\system32\mstime.dll
2010-06-11 06:52:27 ----A---- C:\Windows\system32\ieui.dll
2010-06-11 06:52:27 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-11 06:52:26 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-11 06:52:26 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\iesetup.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\iernonce.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\iepeers.dll
2010-06-11 06:52:26 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-11 06:50:59 ----A---- C:\Windows\system32\tzres.dll
2010-06-11 06:50:35 ----A---- C:\Windows\system32\atmlib.dll
2010-06-11 06:50:35 ----A---- C:\Windows\system32\atmfd.dll
2010-06-11 06:50:25 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-08 17:39:22 ----D---- C:\Users\mato\AppData\Roaming\Facebook
2010-06-07 19:05:25 ----D---- C:\Program Files\InfoMapa 16
2010-06-07 16:05:01 ----D---- C:\Program Files\NetLimiter 2 Pro
2010-06-06 08:24:38 ----D---- C:\GHostOne
2010-06-04 10:41:34 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-06-04 10:41:34 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-06-04 10:41:34 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-06-04 10:40:41 ----D---- C:\ProgramData\InstallShield
2010-06-02 20:59:27 ----D---- C:\ProgramData\KONAMI
2010-06-02 06:54:12 ----D---- C:\ProgramData\Nokia
2010-06-02 06:50:51 ----D---- C:\Program Files\PC Connectivity Solution
2010-06-02 06:32:58 ----D---- C:\Program Files\Nokia
2010-05-30 06:57:07 ----D---- C:\Windows\system32\Adobe
2010-05-28 19:49:46 ----D---- C:\ProgramData\Blueberry
2010-05-28 18:46:23 ----D---- C:\Users\mato\AppData\Roaming\Blueberry
2010-05-28 18:46:05 ----A---- C:\Windows\system32\bbchlp.dll
2010-05-28 18:46:05 ----A---- C:\Windows\system32\bbcap.dll
2010-05-28 18:45:54 ----D---- C:\Users\mato\AppData\Roaming\LogSys
2010-05-28 18:45:53 ----D---- C:\Windows\system32\ShellDD
2010-05-28 18:45:53 ----D---- C:\ProgramData\LogSys
2010-05-28 18:45:43 ----D---- C:\Program Files\Common Files\Blueberry Software
2010-05-28 18:45:43 ----D---- C:\Program Files\BB FlashBack Pro
2010-05-28 18:45:25 ----HDC---- C:\ProgramData\{D82AC81F-4D4A-4B9D-9FE5-FF3930123446}
2010-05-25 21:42:33 ----D---- C:\Program Files\BlueSoleil
2010-05-25 20:59:58 ----D---- C:\Program Files\IVT Corporation
2010-05-25 18:16:43 ----D---- C:\Program Files\Cheat Engine
2010-05-23 15:36:13 ----D---- C:\Program Files\FreshDevices
2010-05-23 14:52:00 ----D---- C:\Program Files\Greasemetal
2010-05-22 18:51:40 ----D---- C:\Users\mato\AppData\Roaming\Red Alert 3 Uprising
2010-05-22 18:48:12 ----D---- C:\ProgramData\Electronic Arts
2010-05-21 16:46:29 ----D---- C:\ProgramData\Sun
2010-05-21 16:46:27 ----D---- C:\Program Files\Common Files\Java
2010-05-21 16:45:59 ----A---- C:\Windows\system32\javaws.exe
2010-05-21 16:45:59 ----A---- C:\Windows\system32\javaw.exe
2010-05-21 16:45:59 ----A---- C:\Windows\system32\java.exe
2010-05-21 16:45:59 ----A---- C:\Windows\system32\deployJava1.dll
2010-05-21 16:45:38 ----D---- C:\Program Files\Java
2010-05-21 16:21:39 ----D---- C:\Users\mato\AppData\Roaming\BlackBean
2010-05-19 17:48:48 ----D---- C:\Program Files\Get Styles
2010-05-19 14:21:55 ----A---- C:\ProgramData\ra3.ini
2010-05-19 09:36:55 ----D---- C:\Users\mato\AppData\Roaming\Red Alert 3
2010-05-18 17:57:28 ----D---- C:\Users\mato\AppData\Roaming\BSplayer PRO
2010-05-18 17:57:21 ----D---- C:\Program Files\BSplayerPro
2010-05-14 08:17:59 ----D---- C:\Users\mato\AppData\Roaming\ABBYY
2010-05-14 08:04:49 ----D---- C:\Program Files\Common Files\ABBYY
2010-05-14 07:51:06 ----D---- C:\ProgramData\ABBYY
2010-05-14 07:51:06 ----D---- C:\Program Files\ABBYY FineReader 10
2010-05-14 07:44:53 ----D---- C:\Program Files\abby
2010-05-14 06:20:04 ----A---- C:\Windows\system32\inetcomm.dll

======List of files/folders modified in the last 1 months======

2010-06-13 22:29:10 ----D---- C:\Windows\Prefetch
2010-06-13 22:29:00 ----D---- C:\Windows\Temp
2010-06-13 22:29:00 ----D---- C:\Program Files\trend micro
2010-06-13 22:26:10 ----D---- C:\Windows
2010-06-13 22:19:42 ----D---- C:\Windows\system32\drivers
2010-06-13 22:09:43 ----RD---- C:\Program Files
2010-06-13 22:08:49 ----D---- C:\hry
2010-06-13 21:41:05 ----D---- C:\Windows\System32
2010-06-13 21:41:05 ----D---- C:\Windows\inf
2010-06-13 21:41:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-13 19:28:22 ----D---- C:\Users\mato\AppData\Roaming\Skype
2010-06-13 19:25:57 ----A---- C:\Windows\system.ini
2010-06-13 19:23:26 ----D---- C:\Windows\AppPatch
2010-06-13 19:23:25 ----D---- C:\Program Files\Common Files
2010-06-13 19:18:51 ----SHD---- C:\System Volume Information
2010-06-13 19:17:04 ----D---- C:\Users\mato\AppData\Roaming\uTorrent
2010-06-13 16:01:24 ----D---- C:\Users\mato\AppData\Roaming\skypePM
2010-06-13 13:34:00 ----SD---- C:\Users\mato\AppData\Roaming\Microsoft
2010-06-13 07:23:30 ----D---- C:\Users\mato\AppData\Roaming\vlc
2010-06-12 16:29:46 ----D---- C:\Users\mato\AppData\Roaming\dvdcss
2010-06-11 19:55:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-11 19:52:15 ----D---- C:\Windows\Debug
2010-06-11 15:50:28 ----D---- C:\Windows\Microsoft.NET
2010-06-11 15:49:56 ----RSD---- C:\Windows\assembly
2010-06-11 07:19:49 ----D---- C:\Windows\rescache
2010-06-11 07:14:37 ----D---- C:\Windows\winsxs
2010-06-11 07:04:32 ----D---- C:\Windows\system32\catroot
2010-06-11 07:02:44 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-11 07:01:46 ----D---- C:\Windows\system32\sk-SK
2010-06-11 07:01:46 ----D---- C:\Windows\system32\migration
2010-06-11 07:01:46 ----D---- C:\Program Files\Windows Mail
2010-06-11 07:01:46 ----D---- C:\Program Files\Internet Explorer
2010-06-11 07:01:17 ----SHD---- C:\Windows\Installer
2010-06-11 07:00:47 ----D---- C:\ProgramData\Microsoft Help
2010-06-11 06:59:51 ----SD---- C:\ProgramData\Microsoft
2010-06-11 06:56:56 ----D---- C:\Program Files\Common Files\microsoft shared
2010-06-11 06:56:44 ----D---- C:\Program Files\Microsoft
2010-06-11 06:55:06 ----D---- C:\Windows\system32\wbem
2010-06-11 06:50:19 ----D---- C:\Windows\system32\catroot2
2010-06-09 21:04:21 ----D---- C:\Program Files\ICQ7.0
2010-06-07 18:56:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-06-06 10:21:52 ----D---- C:\Windows\system32\Tasks
2010-06-06 00:09:16 ----D---- C:\Program Files\fraps
2010-06-04 10:40:44 ----D---- C:\Windows\Logs
2010-06-04 10:40:41 ----D---- C:\Users\mato\AppData\Roaming\InstallShield
2010-06-04 10:40:41 ----D---- C:\ProgramData
2010-06-04 10:40:29 ----D---- C:\ProgramData\Ubisoft
2010-06-04 10:33:23 ----SD---- C:\Windows\Downloaded Program Files
2010-06-04 10:33:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-03 07:37:03 ----D---- C:\Program Files\Mozilla Firefox
2010-06-03 07:36:44 ----D---- C:\Program Files\Google
2010-06-02 06:51:10 ----D---- C:\ProgramData\Installations
2010-06-02 06:51:08 ----DC---- C:\Windows\system32\DRVSTORE
2010-06-02 06:32:59 ----D---- C:\Program Files\Common Files\Nokia
2010-05-31 06:45:50 ----AD---- C:\ProgramData\TEMP
2010-05-28 21:37:34 ----A---- C:\Windows\system32\mrt.exe
2010-05-28 14:30:49 ----D---- C:\Windows\Tasks
2010-05-27 18:44:11 ----D---- C:\Program Files\Common Files\InstallShield
2010-05-26 14:28:50 ----D---- C:\Windows\system32\WDI
2010-05-25 06:24:18 ----D---- C:\Users\mato\AppData\Roaming\IObit
2010-05-23 14:28:20 ----D---- C:\Windows\system32\config
2010-05-23 14:26:59 ----D---- C:\Windows\system32\Msdtc
2010-05-23 14:26:59 ----D---- C:\Windows\Panther
2010-05-23 13:34:17 ----D---- C:\Program Files\CCleaner
2010-05-21 14:14:28 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-18 15:13:23 ----D---- C:\Program Files\IObit
2010-05-15 21:37:48 ----D---- C:\Users\mato\AppData\Roaming\.purple
2010-05-15 09:14:19 ----D---- C:\Users\mato\AppData\Roaming\gtk-2.0
2010-05-15 07:50:18 ----D---- C:\Program Files\Pidgin
2010-05-14 06:49:26 ----D---- C:\Program Files\ABBYY FineReader 6.0 Sprint

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 nltdi;nltdi; \??\C:\Windows\system32\drivers\nltdi.sys [2007-04-23 82200]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-04-13 165376]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-12-18 135048]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-04-13 18048]
R3 bbcap;bbcap; C:\Windows\system32\DRIVERS\bbcap.sys [2010-05-28 4096]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-01-08 33096]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-07-22 123904]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 BTCOM;Bluetooth Serial port driver; C:\Windows\system32\DRIVERS\btcomport.sys []
S3 BTCOMBUS;Bluetooth Serial Port Bus Service; C:\Windows\System32\Drivers\btcombus.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2010-03-02 83328]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-02 691696]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2007-03-21 516096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2010-03-11 603904]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-04-27 611840]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-07 135664]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GoogleDesktopManager-051210-111108;Správca pre program Google Desktop 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-03 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2010-03-11 360192]

-----------------EOF-----------------

VIRY.CZ

Prosim o kontrolu logu

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu