Problém s Explorer

Zpráva

Hydron · #1 Příspěvek od **Hydron** » 03 srp 2010 01:26

Ahoj, mám takový problém. Používám windows vista home premium 32-bit OEM CZ SP2. Můj problém je, že když otevřu složku a chci praovat se soubory ( ať už jakýkoliv ) vždy se sekne průzkumník windows a neodpovídá, musím ho restartovat. Po všech návodech co jsem četl, sem si stáhl eScan Anti Virus a Spyware Toolkit Ulitily. Našel mi chyby v systému. Odstranění téhle havěti se to přestane sekat ( doufám ). Bohužel tam u některých souborů není napsaná cesta, a tak Vás prosím, zda byste mi neřekli, jak to dát pryč a popřípadě zablokovat automatické spuštění. Už jsem z toho zoufalý, ten průzkumník se sekne na 100% což je blbé. Na Windows 7, ani XP mi to nedělalo, ale používám vistu protože mám origoš klíč na ní. Doufám, že se najde řešení a tahle havěť mi už nebude ukončovat explorer.exe. Prosím o dobrou radu, zatím mějte se a děkuji za návody. Dávám LOG z toho programu

03 VIII 2010 01:08:32 - **********************************************************
03 VIII 2010 01:08:32 - eScan Anti Virus & Spyware Toolkit Utility.
03 VIII 2010 01:08:32 - Copyright © MicroWorld Technologies
03 VIII 2010 01:08:32 - **********************************************************
03 VIII 2010 01:08:32 - Source: E:\GOOGLE~1\mwav.exe
03 VIII 2010 01:08:32 - Version 11.0.86 (C:\USERS\HYDRON\APPDATA\LOCAL\TEMP\MEXE.COM)
03 VIII 2010 01:08:32 - Log File: C:\Users\Hydron\AppData\Local\Temp\MWAV.LOG
03 VIII 2010 01:08:32 - MWAV Registered: FALSE
03 VIII 2010 01:08:32 - User Account: Hydron (Administrator Mode)
03 VIII 2010 01:08:32 - OS Type: Windows Workstation
03 VIII 2010 01:08:32 - OS: Windows Vista [OS Install Date: 02 Aug 2010 12:56:53]
03 VIII 2010 01:08:32 - Ver: Personal Service Pack 2 (Build 6002)
03 VIII 2010 01:08:32 - System Up Time: 39 Minutes, 19 Seconds

03 VIII 2010 01:08:32 - Parent Process Name : E:\Google Chrome\mwav.exe
03 VIII 2010 01:08:32 - Windows Root Folder: C:\Windows
03 VIII 2010 01:08:32 - Windows Sys32 Folder: C:\Windows\system32
03 VIII 2010 01:08:32 - DHCP NameServer: 93.91.144.100 212.80.67.98
03 VIII 2010 01:08:32 - Interface0 DHCPNameServer: 93.91.144.100 212.80.67.98
03 VIII 2010 01:08:32 - Local Fixed Drives: c:\,d:\,e:\
03 VIII 2010 01:08:32 - MWAV Mode: Only Scan files
03 VIII 2010 01:08:32 - [CREATED ZIP FILE: C:\Users\Hydron\AppData\Local\Temp\pinfect.zip]

03 VIII 2010 01:08:32 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******
03 VIII 2010 01:08:32 - C:\Windows\atl80.dll (96256), 02-Aug-2010, Microsoft Corporation, Microsoft® Visual Studio® 2005
03 VIII 2010 01:08:32 - C:\Windows\gdiplus.dll (1645320), 02-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
03 VIII 2010 01:08:32 - C:\Windows\ijl15.dll (372736), 02-Aug-2010, Intel Corporation, Intel® JPEG Library
03 VIII 2010 01:08:33 - C:\Windows\mfc70.dll (974848), 02-Aug-2010, Microsoft Corporation, Microsoft® Visual Studio .NET
03 VIII 2010 01:08:33 - C:\Windows\mfc80.dll (1101824), 02-Aug-2010, Microsoft Corporation, Microsoft® Visual Studio® 2005
03 VIII 2010 01:08:33 - C:\Windows\mfc80u.dll (1093120), 02-Aug-2010, Microsoft Corporation, Microsoft® Visual Studio® 2005
03 VIII 2010 01:08:33 - C:\Windows\mfcm80.dll (69632), 02-Aug-2010, Microsoft Corporation, Microsoft® Visual Studio® 2005
03 VIII 2010 01:08:33 - C:\Windows\mfcm80u.dll (57856), 02-Aug-2010, Microsoft Corporation, Microsoft® Visual Studio® 2005
03 VIII 2010 01:08:33 - C:\Windows\msvbvm60.dll (1392671), 02-Aug-2010, Microsoft Corporation, Visual Basic
03 VIII 2010 01:08:33 - C:\Windows\msvcm80.dll (479232), 02-Aug-2010, Microsoft Corporation, Microsoft® Visual Studio® 2005
03 VIII 2010 01:08:34 - C:\Windows\msvcp70.dll (487424), 02-Aug-2010, Microsoft Corporation, Microsoft® Visual Studio .NET
03 VIII 2010 01:08:34 - C:\Windows\msvcr70.dll (344064), 02-Aug-2010, Microsoft Corporation, Microsoft® Visual Studio .NET
03 VIII 2010 01:08:34 - C:\Windows\system32\ATIDEMGX.dll (446464), 02-Aug-2010, Advanced Micro Devices, Inc., Catalyst® Control Centre
03 VIII 2010 01:08:34 - C:\Windows\system32\cabview.dll (98304), 02-Aug-2010, Microsoft Corporation, Operační systém Microsoft® Windows®
03 VIII 2010 01:08:34 - C:\Windows\system32\d3dx9_24.dll (2222800), 02-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®
03 VIII 2010 01:08:34 - C:\Windows\system32\d3dx9_25.dll (2337488), 02-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®
03 VIII 2010 01:08:34 - C:\Windows\system32\d3dx9_26.dll (2297552), 02-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®
03 VIII 2010 01:08:34 - C:\Windows\system32\DIFxAPI.dll (319456), 02-Aug-2010, Microsoft Corporation, Driver Install Frameworks API (DIFxAPI)
03 VIII 2010 01:08:34 - C:\Windows\system32\DynamicInterpolation.ax (69632), 02-Aug-2010, Microsoft Corporation, DirectX 9.0 Sample
03 VIII 2010 01:08:34 - C:\Windows\system32\ETCoInst.dll (73728), 02-Aug-2010 [Added C:\Windows\system32\ETCoInst.dll to ZIP FILE]
03 VIII 2010 01:08:34 - C:\Windows\system32\Etprop.ax (131072), 02-Aug-2010, EtProp ???????
03 VIII 2010 01:08:34 - C:\Windows\system32\hpzids01.dll (258048), 02-Aug-2010, Hewlett-Packard, HP Installer
03 VIII 2010 01:08:35 - C:\Windows\system32\hpzll4v2.dll (117760), 02-Aug-2010, Hewlett-Packard Company, Language Monitor
03 VIII 2010 01:08:35 - C:\Windows\system32\Machnm32.sys (2304), 02-Aug-2010 [Added C:\Windows\system32\Machnm32.sys to ZIP FILE]
03 VIII 2010 01:08:35 - C:\Windows\system32\MpSigStub.exe (221568), 02-Aug-2010, Microsoft Corporation, Microsoft Malware Protection
03 VIII 2010 01:08:35 - C:\Windows\system32\RemoveET.exe (110592), 02-Aug-2010 [Added C:\Windows\system32\RemoveET.exe to ZIP FILE]
03 VIII 2010 01:08:35 - C:\Windows\system32\wintrust.dll (172032), 02-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
03 VIII 2010 01:08:35 - C:\Windows\system32\wuapi.dll (575704), 02-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
03 VIII 2010 01:08:35 - C:\Windows\system32\wuapp.exe (33792), 02-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
03 VIII 2010 01:08:35 - C:\Windows\system32\wuauclt.exe (53472), 02-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
03 VIII 2010 01:08:35 - C:\Windows\system32\wuaueng.dll (1929952), 02-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
03 VIII 2010 01:08:35 - C:\Windows\system32\wucltux.dll (2421760), 02-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
03 VIII 2010 01:08:35 - C:\Windows\system32\wudriver.dll (87552), 02-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
03 VIII 2010 01:08:35 - C:\Windows\system32\wups.dll (35552), 02-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
03 VIII 2010 01:08:35 - C:\Windows\system32\wups2.dll (44768), 02-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
03 VIII 2010 01:08:35 - C:\Windows\system32\wuwebv.dll (171608), 02-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
03 VIII 2010 01:08:35 - C:\Windows\system32\drivers\ETdrv.sys (153344), 02-Aug-2010, Etron, Etron Camera Driver
03 VIII 2010 01:08:35 - C:\Windows\system32\drivers\PdiPorts.sys (17064), 02-Aug-2010, Portrait Displays, Inc., PDI Kernel Ports Driver
03 VIII 2010 01:08:35 - C:\Windows\system32\drivers\sptd.sys (691696), 02-Aug-2010 [Unable to Add C:\Windows\system32\drivers\sptd.sys to ZIP FILE! ResultCode: 512]

03 VIII 2010 01:08:35 - C:\Windows\Debug, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Windows\Fonts, 02-Nov-2006 [SR] [Folder]
03 VIII 2010 01:08:35 - C:\Windows\Media, 02-Nov-2006 [SR] [Folder]
03 VIII 2010 01:08:35 - C:\Windows\Panther, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Windows\SoftwareDistribution, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Windows\system32\Macromed, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Windows\system32\Microsoft, 02-Nov-2006 [S] [Folder]
03 VIII 2010 01:08:35 - C:\Boot, 02-Aug-2010 [HS] [Folder]
03 VIII 2010 01:08:35 - C:\Documents and Settings, 02-Nov-2006 [HS] [Folder]
03 VIII 2010 01:08:35 - C:\ProgramData, 02-Nov-2006 [H] [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\Acer Display, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\ATI, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\ATI Technologies, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\ETRON, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\HP, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\K-Lite Mega Codec Pack, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\Microsoft Security Essentials, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\Portrait Displays, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\WinPcap, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\Common Files\ATI Technologies, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\Common Files\HP, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\Common Files\InstallShield, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\Common Files\Portrait Displays, 02-Aug-2010 [Folder]
03 VIII 2010 01:08:35 - C:\Program Files\Common Files\Microsoft Shared\VC, 02-Aug-2010 [Folder]

03 VIII 2010 01:08:35 - *********************************************************************************************

03 VIII 2010 01:08:44 - ** Deleted Value of "DisableCAD" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon". Its value was DWORD:1.
03 VIII 2010 01:08:44 - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "ChromeHTML" to "htmlfile"
03 VIII 2010 01:08:44 - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "ChromeHTML" to "htmlfile"
03 VIII 2010 01:08:44 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\MWAVDBX.MDB [Log: C:\Users\Hydron\AppData\Local\Temp\MWAVDB.LOG]
03 VIII 2010 01:08:45 - Loaded/Created FileScan Database...
03 VIII 2010 01:08:45 - Loading AV Library [DB]...
03 VIII 2010 01:08:59 - AV Library Loaded [DB-DIRECT].
03 VIII 2010 01:08:59 - MWAV doing self scanning...
03 VIII 2010 01:09:00 - Scanning File C:\Users\Hydron\AppData\Local\Temp\avxdisk.dll
03 VIII 2010 01:09:00 - Scanning File C:\Users\Hydron\AppData\Local\Temp\scan.dll
03 VIII 2010 01:09:00 - Scanning File C:\Users\Hydron\AppData\Local\Temp\bdcore.dll
03 VIII 2010 01:09:00 - Scanning File C:\Users\Hydron\AppData\Local\Temp\bdupdateservice.dll
03 VIII 2010 01:09:00 - MWAV files are clean.
03 VIII 2010 01:09:09 - Datum vydání databáze: 06 Nov 2009
03 VIII 2010 01:09:09 - Verze virové databáze: 4481875
03 VIII 2010 01:09:12 - Stahování Antivirus a Antispyware databází...
03 VIII 2010 01:13:10 - Stahování dokončeno...
03 VIII 2010 01:13:14 - Indexed Spyware Databases Successfully Created...
03 VIII 2010 01:13:14 - Not Reloading the Antivirus Database, as Signatures are Same...
03 VIII 2010 01:13:36 - ReCreated FileScan Database...

03 VIII 2010 01:13:38 - **********************************************************
03 VIII 2010 01:13:38 - eScan Anti Virus & Spyware Toolkit Utility.
03 VIII 2010 01:13:38 - Copyright © 2003-2006, MicroWorld Technologies Inc.
03 VIII 2010 01:13:38 -
03 VIII 2010 01:13:38 - Podpora [EN]: support@mwti.net
03 VIII 2010 01:13:38 - Web: http://www.mwti.net
03 VIII 2010 01:13:38 - **********************************************************
03 VIII 2010 01:13:38 - Verze 11.0.86[DB] (C:\USERS\HYDRON\APPDATA\LOCAL\TEMP\MEXE.COM)
03 VIII 2010 01:13:38 - Log soubor: C:\Users\Hydron\AppData\Local\Temp\MWAV.LOG
03 VIII 2010 01:13:38 - User Account: Hydron
03 VIII 2010 01:13:38 - Parent Process Name : E:\Google Chrome\mwav.exe
03 VIII 2010 01:13:38 - Windows Root Folder: C:\Windows
03 VIII 2010 01:13:38 - Windows Sys32 Folder: C:\Windows\system32
03 VIII 2010 01:13:38 - OS: Windows Vista [OS Install Date: 02 Aug 2010 12:56:53]
03 VIII 2010 01:13:38 - Ver: Personal Service Pack 2 (Build 6002)

03 VIII 2010 01:13:38 - Nastavení vybraná uživatelem:
03 VIII 2010 01:13:38 - Kontrola paměti: Zapnuto
03 VIII 2010 01:13:38 - Kontorla registrů: Zapnuto
03 VIII 2010 01:13:38 - Kontrola souborů po spuštění: Zapnuto
03 VIII 2010 01:13:38 - Kontrola systémových složek: Zapnuto
03 VIII 2010 01:13:38 - Kontrola služeb: Zapnuto
03 VIII 2010 01:13:38 - Otestovat Spyware: Zapnuto
03 VIII 2010 01:13:38 - Kotrola disku: Vypnuto
03 VIII 2010 01:13:38 - Kontrola všech disků:Zapnuto
03 VIII 2010 01:13:38 - Kontrola složek: Zapnuto
03 VIII 2010 01:13:38 - Vybrané složky = C:\Windows
03 VIII 2010 01:13:38 - SCAN: All_Files

A NAŠLO MI TO TYHLE HROZBY, JAK NA NĚ ?

** Scanning may fail! File Locked [SUSPICIOUS]: C:\Windows\system32\Drivers\sptd.sys (????)
Objekt "CoreGuardAntivirus2009 Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "YahooSpyMon Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "YahooSpyMon Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "YahooSpyMon Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Your Protection Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Orifice2K.plugin Trojan" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".07". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".3". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".CZ". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mdf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".r40". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".Twilight-RELOADED". Provedené akce: Ponecháno, neodstraněno!.

#2 Příspěvek od **Rudy** » 03 srp 2010 17:49

Nalezené položky jsou pouze neškodné zbytky po dříve vyléčené infekci a neplatné klíče. PC vyčistěte CCleanerem: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 .

Hydron · #3 Příspěvek od **Hydron** » 03 srp 2010 22:10

Vyčistil jsem CCleanerem a uvedené položky mi to stejně nachází. Problém je v tom, že mi zasekávájí process explorer.exe. Při otevření složky a najetí, nebo otevření souboru se sekne PC a napíše to "Průzkumník Windows neodpovídá". Už jsem zoufalý, proč mi to dělá ? Věděl byste ?

#4 Příspěvek od **Rudy** » 04 srp 2010 19:00

Zkontrolujeme to jinou utilitou. Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

Hydron · #5 Příspěvek od **Hydron** » 04 srp 2010 19:48

Logfile of random's system information tool 1.08 (written by random/random)
Run by Hydron at 2010-08-04 20:42:42
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 26 GB (51%) free of 50 GB
Total RAM: 3071 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:44:02, on 4.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\system32\conime.exe
D:\Programy\Mozilla Firefox\firefox.exe
D:\Programy\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
D:\Programy\Advanced SystemCare 3\AWC.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
D:\Programy\Advanced SystemCare 3\Sup_SmartRAM.exe
D:\Programy\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Users\Hydron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hydron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hydron\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Programy\Skype\Phone\Skype.exe
C:\Users\Hydron\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Users\Hydron\AppData\Local\Google\Chrome\Application\chrome.exe
E:\Google Chrome\RSIT.exe
C:\Program Files\trend micro\Hydron.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SmartRAM] "D:\Programy\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "D:\Programy\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4030401163-1192879156-1406224068-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Mamka')
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ6.5\ICQ.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

--
End of file - 4556 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AWC AutoCare.job
C:\Windows\tasks\AWC AutoSweep.job
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\AWC Update.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4030401163-1192879156-1406224068-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4030401163-1192879156-1406224068-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DT ACR"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2008-06-06 81920]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"=D:\Programy\Advanced SystemCare 3\Sup_SmartRAM.exe [2010-07-02 198864]
"DAEMON Tools Lite"=D:\Programy\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"RocketDock"=D:\Programy\RocketDock\RocketDock.exe [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\Programy\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Hydron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-02 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2010-08-04 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-08-04 20:42:45 ----D---- C:\Program Files\trend micro
2010-08-04 20:42:42 ----D---- C:\rsit
2010-08-04 19:08:23 ----D---- C:\Users\Hydron\AppData\Roaming\Stardock
2010-08-04 19:08:17 ----DC---- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2010-08-04 18:51:44 ----A---- C:\Windows\system32\drivers\sptd.sys
2010-08-04 15:28:20 ----D---- C:\Windows\system32\WindowsPowerShell
2010-08-04 15:27:02 ----A---- C:\Windows\system32\winrsmgr.dll
2010-08-04 15:26:46 ----A---- C:\Windows\system32\wsmprovhost.exe
2010-08-04 15:26:46 ----A---- C:\Windows\system32\winrshost.exe
2010-08-04 15:26:46 ----A---- C:\Windows\system32\winrs.exe
2010-08-04 15:26:45 ----A---- C:\Windows\system32\wsmplpxy.dll
2010-08-04 15:26:45 ----A---- C:\Windows\system32\winrssrv.dll
2010-08-04 15:26:42 ----A---- C:\Windows\system32\WsmRes.dll
2010-08-04 15:26:42 ----A---- C:\Windows\system32\wevtfwd.dll
2010-08-04 15:26:42 ----A---- C:\Windows\system32\wecutil.exe
2010-08-04 15:26:42 ----A---- C:\Windows\system32\wecsvc.dll
2010-08-04 15:26:42 ----A---- C:\Windows\system32\wecapi.dll
2010-08-04 15:26:41 ----A---- C:\Windows\system32\pwrshplugin.dll
2010-08-04 15:26:34 ----A---- C:\Windows\system32\winrm.vbs
2010-08-04 15:26:32 ----A---- C:\Windows\system32\WsmWmiPl.dll
2010-08-04 15:26:32 ----A---- C:\Windows\system32\WsmSvc.dll
2010-08-04 15:26:32 ----A---- C:\Windows\system32\WsmAuto.dll
2010-08-04 15:26:32 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2010-08-04 15:26:32 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2010-08-04 15:26:32 ----A---- C:\Windows\system32\winrscmd.dll
2010-08-04 15:24:27 ----D---- C:\Program Files\Microsoft Silverlight
2010-08-04 15:05:21 ----A---- C:\Windows\system32\winhttp.dll
2010-08-04 14:54:30 ----D---- C:\Program Files\Windows Portable Devices
2010-08-04 02:36:19 ----A---- C:\Windows\system32\UIAnimation.dll
2010-08-04 02:36:18 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-08-04 02:36:18 ----A---- C:\Windows\system32\UIRibbon.dll
2010-08-04 02:35:32 ----A---- C:\Windows\system32\WMPhoto.dll
2010-08-04 02:35:31 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2010-08-04 02:35:31 ----A---- C:\Windows\system32\cdd.dll
2010-08-04 02:35:30 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-08-04 02:35:30 ----A---- C:\Windows\system32\d3d10warp.dll
2010-08-04 02:35:29 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-08-04 02:35:29 ----A---- C:\Windows\system32\XpsPrint.dll
2010-08-04 02:35:29 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-08-04 02:35:29 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-08-04 02:35:29 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-08-04 02:35:29 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-08-04 02:35:29 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-08-04 02:35:29 ----A---- C:\Windows\system32\dxdiagn.dll
2010-08-04 02:35:29 ----A---- C:\Windows\system32\dxdiag.exe
2010-08-04 02:35:29 ----A---- C:\Windows\system32\d2d1.dll
2010-08-04 02:35:28 ----A---- C:\Windows\system32\xpsservices.dll
2010-08-04 02:35:28 ----A---- C:\Windows\system32\OpcServices.dll
2010-08-04 02:35:28 ----A---- C:\Windows\system32\FntCache.dll
2010-08-04 02:35:28 ----A---- C:\Windows\system32\dxgi.dll
2010-08-04 02:35:28 ----A---- C:\Windows\system32\DWrite.dll
2010-08-04 02:35:28 ----A---- C:\Windows\system32\d3d11.dll
2010-08-04 02:35:28 ----A---- C:\Windows\system32\d3d10level9.dll
2010-08-04 02:35:28 ----A---- C:\Windows\system32\d3d10core.dll
2010-08-04 02:35:28 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-08-04 02:35:28 ----A---- C:\Windows\system32\d3d10_1.dll
2010-08-04 02:35:28 ----A---- C:\Windows\system32\d3d10.dll
2010-08-04 02:34:49 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-08-04 02:34:49 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-08-04 02:34:49 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-08-04 02:34:46 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-08-04 02:34:43 ----A---- C:\Windows\system32\WPDSp.dll
2010-08-04 02:34:43 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-08-04 02:34:43 ----A---- C:\Windows\system32\wpdshext.dll
2010-08-04 02:34:43 ----A---- C:\Windows\system32\wpd_ci.dll
2010-08-04 02:34:43 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-08-04 02:34:43 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-08-04 02:34:43 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-08-04 02:34:43 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-08-04 02:33:48 ----A---- C:\Windows\system32\oleaccrc.dll
2010-08-04 02:33:47 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-08-04 02:33:47 ----A---- C:\Windows\system32\oleacc.dll
2010-08-04 02:22:55 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-08-04 02:22:54 ----A---- C:\Windows\system32\PresentationHost.exe
2010-08-04 02:22:54 ----A---- C:\Windows\system32\netfxperf.dll
2010-08-04 02:22:54 ----A---- C:\Windows\system32\mscoree.dll
2010-08-04 02:22:54 ----A---- C:\Windows\system32\dfshim.dll
2010-08-04 02:22:38 ----A---- C:\Windows\system32\browserchoice.exe
2010-08-04 02:19:51 ----A---- C:\Windows\system32\nshhttp.dll
2010-08-04 02:19:35 ----A---- C:\Windows\system32\drivers\http.sys
2010-08-04 02:19:33 ----A---- C:\Windows\system32\httpapi.dll
2010-08-04 02:18:27 ----D---- C:\Program Files\MSXML 4.0
2010-08-04 01:22:22 ----A---- C:\Windows\system32\javaws.exe
2010-08-04 01:22:22 ----A---- C:\Windows\system32\javaw.exe
2010-08-04 01:22:22 ----A---- C:\Windows\system32\java.exe
2010-08-04 01:22:22 ----A---- C:\Windows\system32\deploytk.dll
2010-08-04 01:21:48 ----D---- C:\Program Files\Java
2010-08-03 18:50:15 ----D---- C:\Users\Hydron\AppData\Roaming\ICQ
2010-08-03 15:19:00 ----AD---- C:\Windows\rundll16.exe
2010-08-03 15:19:00 ----AD---- C:\Windows\logo1_.exe
2010-08-03 14:48:03 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-03 14:48:02 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-03 14:48:00 ----A---- C:\Windows\system32\t2embed.dll
2010-08-03 14:47:39 ----A---- C:\Windows\system32\TCPSVCS.EXE
2010-08-03 14:47:39 ----A---- C:\Windows\system32\NETSTAT.EXE
2010-08-03 14:47:39 ----A---- C:\Windows\system32\netiohlp.dll
2010-08-03 14:47:39 ----A---- C:\Windows\system32\ARP.EXE
2010-08-03 14:47:38 ----A---- C:\Windows\system32\ROUTE.EXE
2010-08-03 14:47:38 ----A---- C:\Windows\system32\MRINFO.EXE
2010-08-03 14:47:38 ----A---- C:\Windows\system32\HOSTNAME.EXE
2010-08-03 14:47:38 ----A---- C:\Windows\system32\finger.exe
2010-08-03 14:47:37 ----A---- C:\Windows\system32\netevent.dll
2010-08-03 14:46:57 ----A---- C:\Windows\system32\wlanmsm.dll
2010-08-03 14:46:56 ----A---- C:\Windows\system32\wlansec.dll
2010-08-03 14:46:56 ----A---- C:\Windows\system32\wlanapi.dll
2010-08-03 14:46:56 ----A---- C:\Windows\system32\L2SecHC.dll
2010-08-03 14:46:55 ----A---- C:\Windows\system32\wlansvc.dll
2010-08-03 14:46:51 ----A---- C:\Windows\system32\msxml6.dll
2010-08-03 14:46:50 ----A---- C:\Windows\system32\msxml3.dll
2010-08-03 14:46:46 ----A---- C:\Windows\system32\msv1_0.dll
2010-08-03 14:46:43 ----A---- C:\Windows\system32\inetcomm.dll
2010-08-03 14:46:39 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2010-08-03 14:46:39 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2010-08-03 14:46:39 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2010-08-03 14:46:35 ----A---- C:\Windows\system32\WMVCORE.DLL
2010-08-03 14:46:34 ----A---- C:\Windows\system32\mf.dll
2010-08-03 14:46:26 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-03 14:46:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-03 14:46:18 ----A---- C:\Windows\system32\asycfilt.dll
2010-08-03 14:46:16 ----A---- C:\Windows\system32\vbscript.dll
2010-08-03 14:46:14 ----A---- C:\Windows\system32\atl.dll
2010-08-03 14:46:08 ----A---- C:\Windows\system32\gameux.dll
2010-08-03 14:46:06 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-08-03 14:46:05 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-08-03 14:45:57 ----A---- C:\Windows\system32\tzres.dll
2010-08-03 14:45:31 ----A---- C:\Windows\system32\wkssvc.dll
2010-08-03 14:45:28 ----A---- C:\Windows\system32\mstscax.dll
2010-08-03 14:45:22 ----A---- C:\Windows\system32\lpk.dll
2010-08-03 14:45:22 ----A---- C:\Windows\system32\fontsub.dll
2010-08-03 14:45:22 ----A---- C:\Windows\system32\dciman32.dll
2010-08-03 14:45:22 ----A---- C:\Windows\system32\atmlib.dll
2010-08-03 14:45:22 ----A---- C:\Windows\system32\atmfd.dll
2010-08-03 14:45:13 ----A---- C:\Windows\system32\localspl.dll
2010-08-03 14:45:05 ----A---- C:\Windows\system32\kerberos.dll
2010-08-03 14:45:04 ----A---- C:\Windows\system32\wdigest.dll
2010-08-03 14:45:04 ----A---- C:\Windows\system32\schannel.dll
2010-08-03 14:45:03 ----A---- C:\Windows\system32\lsasrv.dll
2010-08-03 14:45:03 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2010-08-03 14:45:02 ----A---- C:\Windows\system32\secur32.dll
2010-08-03 14:45:02 ----A---- C:\Windows\system32\lsass.exe
2010-08-03 14:44:53 ----A---- C:\Windows\system32\jscript.dll
2010-08-03 14:44:46 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-03 14:44:45 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-08-03 14:44:45 ----A---- C:\Windows\system32\drivers\tunnel.sys
2010-08-03 14:44:45 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2010-08-03 14:44:33 ----A---- C:\Windows\system32\mshtml.dll
2010-08-03 14:44:32 ----A---- C:\Windows\system32\wininet.dll
2010-08-03 14:44:32 ----A---- C:\Windows\system32\urlmon.dll
2010-08-03 14:44:31 ----A---- C:\Windows\system32\ieframe.dll
2010-08-03 14:44:30 ----A---- C:\Windows\system32\mshtmled.dll
2010-08-03 14:44:30 ----A---- C:\Windows\system32\ieui.dll
2010-08-03 14:44:29 ----A---- C:\Windows\system32\iepeers.dll
2010-08-03 14:44:29 ----A---- C:\Windows\system32\ieencode.dll
2010-08-03 14:44:28 ----A---- C:\Windows\system32\ieapfltr.dll
2010-08-03 14:44:02 ----A---- C:\Windows\system32\wmpdxm.dll
2010-08-03 14:43:46 ----A---- C:\Windows\system32\secproc_isv.dll
2010-08-03 14:43:44 ----A---- C:\Windows\system32\secproc.dll
2010-08-03 14:43:42 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-08-03 14:43:41 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-08-03 14:43:41 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-08-03 14:43:40 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-08-03 14:43:40 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-08-03 14:43:40 ----A---- C:\Windows\system32\RMActivate.exe
2010-08-03 14:43:40 ----A---- C:\Windows\system32\msdrm.dll
2010-08-03 14:43:33 ----A---- C:\Windows\system32\msasn1.dll
2010-08-03 14:43:27 ----A---- C:\Windows\system32\shell32.dll
2010-08-03 14:43:23 ----A---- C:\Windows\system32\rpcrt4.dll
2010-08-03 14:43:19 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-03 14:43:16 ----A---- C:\Windows\system32\win32k.sys
2010-08-03 14:43:12 ----A---- C:\Windows\system32\rastls.dll
2010-08-03 14:43:09 ----A---- C:\Windows\system32\WSDApi.dll
2010-08-03 14:42:17 ----A---- C:\Windows\system32\quartz.dll
2010-08-03 14:42:17 ----A---- C:\Windows\system32\msvidc32.dll
2010-08-03 14:42:16 ----A---- C:\Windows\system32\tsbyuv.dll
2010-08-03 14:42:16 ----A---- C:\Windows\system32\msyuv.dll
2010-08-03 14:42:16 ----A---- C:\Windows\system32\msrle32.dll
2010-08-03 14:42:16 ----A---- C:\Windows\system32\iyuv_32.dll
2010-08-03 14:42:15 ----A---- C:\Windows\system32\mciavi32.dll
2010-08-03 14:42:15 ----A---- C:\Windows\system32\avifil32.dll
2010-08-03 14:42:14 ----A---- C:\Windows\system32\msvfw32.dll
2010-08-03 14:42:11 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2010-08-03 14:41:14 ----A---- C:\Windows\system32\wmp.dll
2010-08-03 14:41:12 ----A---- C:\Windows\system32\unregmp2.exe
2010-08-03 14:41:08 ----A---- C:\Windows\system32\wmploc.DLL
2010-08-03 14:41:06 ----A---- C:\Windows\system32\dxmasf.dll
2010-08-03 14:41:05 ----A---- C:\Windows\system32\spwmp.dll
2010-08-03 01:13:13 ----AD---- C:\Windows\VDLL.DLL
2010-08-03 01:13:13 ----AD---- C:\Windows\system32\runouce.exe
2010-08-03 01:13:13 ----AD---- C:\Windows\RUNDL132.EXE
2010-08-03 01:13:13 ----AD---- C:\Windows\logo_1.exe
2010-08-03 01:08:48 ----A---- C:\Windows\system32\msvcr80.dll
2010-08-03 01:08:47 ----A---- C:\Windows\system32\msvcp80.dll
2010-08-03 01:08:46 ----A---- C:\Windows\system32\eEmpty.exe
2010-08-03 01:08:35 ----D---- C:\Program Files\Common Files\MicroWorld
2010-08-03 01:08:31 ----D---- C:\ProgramData\MicroWorld
2010-08-03 00:34:07 ----N---- C:\Windows\system32\MpSigStub.exe
2010-08-02 15:56:48 ----D---- C:\Program Files\Microsoft Security Essentials
2010-08-02 15:31:15 ----D---- C:\Users\Hydron\AppData\Roaming\TeamViewer
2010-08-02 15:22:37 ----D---- C:\Users\Hydron\AppData\Roaming\WinRAR
2010-08-02 15:13:15 ----D---- C:\Users\Hydron\AppData\Roaming\Skype
2010-08-02 15:12:59 ----D---- C:\ProgramData\Skype
2010-08-02 15:08:35 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-08-02 14:53:53 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-08-02 14:53:52 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-08-02 14:53:47 ----D---- C:\Windows\system32\Macromed
2010-08-02 14:49:29 ----D---- C:\Users\Hydron\AppData\Roaming\InstallShield Installation Information
2010-08-02 14:19:48 ----D---- C:\Users\Hydron\AppData\Roaming\DAEMON Tools Lite
2010-08-02 14:19:46 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-08-02 14:18:04 ----D---- C:\Program Files\WinPcap
2010-08-02 14:14:20 ----D---- C:\Users\Hydron\AppData\Roaming\Macromedia
2010-08-02 14:14:20 ----D---- C:\Users\Hydron\AppData\Roaming\Adobe
2010-08-02 13:57:37 ----D---- C:\Users\Hydron\AppData\Roaming\IObit
2010-08-02 13:55:11 ----D---- C:\ProgramData\Alawar Stargaze
2010-08-02 13:54:07 ----A---- C:\Windows\system32\unrar.dll
2010-08-02 13:54:06 ----A---- C:\Windows\avisplitter.ini
2010-08-02 13:54:02 ----D---- C:\Program Files\K-Lite Mega Codec Pack
2010-08-02 13:48:57 ----D---- C:\Windows\Panther
2010-08-02 13:48:44 ----RAS---- C:\BOOTSECT.BAK
2010-08-02 13:48:42 ----SHD---- C:\Boot
2010-08-02 13:45:21 ----D---- C:\Users\Hydron\AppData\Roaming\DisplayTune
2010-08-02 13:41:54 ----A---- C:\Windows\system32\Machnm32.sys
2010-08-02 13:41:53 ----D---- C:\Program Files\Portrait Displays
2010-08-02 13:41:00 ----A---- C:\Windows\system32\drivers\PdiPorts.sys
2010-08-02 13:40:44 ----A---- C:\Windows\msvcr70.dll
2010-08-02 13:40:44 ----A---- C:\Windows\msvcp70.dll
2010-08-02 13:40:44 ----A---- C:\Windows\msvbvm60.dll
2010-08-02 13:40:44 ----A---- C:\Windows\mfcm80u.dll
2010-08-02 13:40:44 ----A---- C:\Windows\mfc70.dll
2010-08-02 13:40:44 ----A---- C:\Windows\gdiplus.dll
2010-08-02 13:40:43 ----A---- C:\Windows\msvcr80.dll
2010-08-02 13:40:43 ----A---- C:\Windows\msvcp80.dll
2010-08-02 13:40:43 ----A---- C:\Windows\msvcm80.dll
2010-08-02 13:40:43 ----A---- C:\Windows\mfcm80.dll
2010-08-02 13:40:43 ----A---- C:\Windows\mfc80u.dll
2010-08-02 13:40:43 ----A---- C:\Windows\mfc80.dll
2010-08-02 13:40:43 ----A---- C:\Windows\ijl15.dll
2010-08-02 13:40:43 ----A---- C:\Windows\atl80.dll
2010-08-02 13:40:42 ----D---- C:\Program Files\Common Files\Portrait Displays
2010-08-02 13:40:42 ----D---- C:\Program Files\Acer Display
2010-08-02 13:40:10 ----D---- C:\Program Files\Common Files\InstallShield
2010-08-02 13:32:38 ----D---- C:\Program Files\ETRON
2010-08-02 13:32:38 ----A---- C:\Windows\system32\RemoveET.exe
2010-08-02 13:32:38 ----A---- C:\Windows\system32\ETCoInst.dll
2010-08-02 13:32:38 ----A---- C:\Windows\system32\drivers\ETdrv.sys
2010-08-02 13:32:38 ----A---- C:\Windows\system32\DIFxAPI.dll
2010-08-02 13:32:37 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-02 13:25:46 ----D---- C:\ProgramData\WEBREG
2010-08-02 13:25:18 ----D---- C:\Users\Hydron\AppData\Roaming\HP
2010-08-02 13:22:47 ----D---- C:\Program Files\Common Files\HP
2010-08-02 13:21:24 ----D---- C:\ProgramData\Hewlett-Packard
2010-08-02 13:20:33 ----A---- C:\Windows\system32\hpzids01.dll
2010-08-02 13:20:32 ----A---- C:\Windows\system32\hpzll4v2.dll
2010-08-02 13:20:02 ----D---- C:\Program Files\HP
2010-08-02 13:18:23 ----D---- C:\ProgramData\HP
2010-08-02 13:14:54 ----D---- C:\Users\Hydron\AppData\Roaming\ATI
2010-08-02 13:14:54 ----D---- C:\ProgramData\ATI
2010-08-02 13:11:32 ----D---- C:\Program Files\Common Files\ATI Technologies
2010-08-02 13:10:34 ----A---- C:\Windows\system32\ATIDEMGX.dll
2010-08-02 13:09:59 ----SHD---- C:\Windows\Installer
2010-08-02 13:09:58 ----D---- C:\Program Files\ATI
2010-08-02 13:08:59 ----D---- C:\Program Files\ATI Technologies
2010-08-02 13:08:29 ----A---- C:\Windows\system32\wintrust.dll
2010-08-02 13:08:28 ----A---- C:\Windows\system32\cabview.dll
2010-08-02 13:04:01 ----D---- C:\Users\Hydron\AppData\Roaming\Identities
2010-08-02 13:03:53 ----SD---- C:\Users\Hydron\AppData\Roaming\Microsoft
2010-08-02 13:03:53 ----D---- C:\Users\Hydron\AppData\Roaming\Media Center Programs
2010-08-02 13:02:41 ----A---- C:\Windows\system32\wups2.dll
2010-08-02 13:02:41 ----A---- C:\Windows\system32\wucltux.dll
2010-08-02 13:02:41 ----A---- C:\Windows\system32\wuaueng.dll
2010-08-02 13:02:41 ----A---- C:\Windows\system32\wuauclt.exe
2010-08-02 13:02:23 ----A---- C:\Windows\system32\wups.dll
2010-08-02 13:02:23 ----A---- C:\Windows\system32\wudriver.dll
2010-08-02 13:02:23 ----A---- C:\Windows\system32\wuapi.dll
2010-08-02 13:02:05 ----A---- C:\Windows\system32\wuwebv.dll
2010-08-02 13:02:05 ----A---- C:\Windows\system32\wuapp.exe
2010-08-02 13:01:05 ----SHD---- C:\ProgramData\Šablony
2010-08-02 13:01:05 ----SHD---- C:\ProgramData\Plocha
2010-08-02 13:01:05 ----SHD---- C:\ProgramData\Oblíbené položky
2010-08-02 13:01:05 ----SHD---- C:\ProgramData\Nabídka Start
2010-08-02 13:01:05 ----SHD---- C:\ProgramData\Dokumenty
2010-08-02 13:01:05 ----SHD---- C:\ProgramData\Data aplikací
2010-08-02 13:00:19 ----D---- C:\Windows\Debug
2010-08-02 12:53:32 ----D---- C:\Windows\SoftwareDistribution
2010-08-02 12:49:47 ----D---- C:\Windows\Prefetch
2010-08-02 12:49:37 ----SHD---- C:\System Volume Information
2010-08-02 12:49:37 ----ASH---- C:\pagefile.sys

======List of files/folders modified in the last 1 months======

2010-08-04 20:43:33 ----D---- C:\Windows\Temp
2010-08-04 20:42:45 ----RD---- C:\Program Files
2010-08-04 19:10:36 ----RSD---- C:\Windows\assembly
2010-08-04 19:08:17 ----HD---- C:\ProgramData
2010-08-04 18:51:44 ----D---- C:\Windows\system32\drivers
2010-08-04 18:38:20 ----D---- C:\Windows\rescache
2010-08-04 18:27:47 ----D---- C:\Windows\System32
2010-08-04 18:27:47 ----D---- C:\Windows\inf
2010-08-04 18:27:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-04 17:41:46 ----D---- C:\Windows
2010-08-04 17:28:51 ----SHD---- C:\$Recycle.Bin
2010-08-04 17:28:25 ----RD---- C:\Users
2010-08-04 17:27:47 ----RSD---- C:\Windows\Media
2010-08-04 16:46:24 ----D---- C:\Windows\Microsoft.NET
2010-08-04 15:29:13 ----D---- C:\Windows\winsxs
2010-08-04 15:28:22 ----D---- C:\Windows\system32\cs-CZ
2010-08-04 15:28:22 ----D---- C:\Windows\PolicyDefinitions
2010-08-04 15:28:07 ----D---- C:\Windows\system32\catroot
2010-08-04 15:28:06 ----D---- C:\Windows\system32\catroot2
2010-08-04 15:25:22 ----SD---- C:\ProgramData\Microsoft
2010-08-04 15:24:06 ----D---- C:\Windows\system32\drivers\cs-CZ
2010-08-04 15:18:32 ----D---- C:\Windows\system32\Tasks
2010-08-04 14:54:32 ----D---- C:\Program Files\Windows Mail
2010-08-04 14:54:29 ----D---- C:\Windows\system32\wbem
2010-08-04 14:54:27 ----D---- C:\Windows\system32\zh-TW
2010-08-04 14:54:27 ----D---- C:\Windows\system32\zh-HK
2010-08-04 14:54:27 ----D---- C:\Windows\system32\uk-UA
2010-08-04 14:54:27 ----D---- C:\Windows\system32\tr-TR
2010-08-04 14:54:27 ----D---- C:\Windows\system32\th-TH
2010-08-04 14:54:27 ----D---- C:\Windows\system32\sv-SE
2010-08-04 14:54:27 ----D---- C:\Windows\system32\sr-Latn-CS
2010-08-04 14:54:27 ----D---- C:\Windows\system32\sl-SI
2010-08-04 14:54:27 ----D---- C:\Windows\system32\sk-SK
2010-08-04 14:54:27 ----D---- C:\Windows\system32\pt-PT
2010-08-04 14:54:27 ----D---- C:\Windows\system32\pt-BR
2010-08-04 14:54:27 ----D---- C:\Windows\system32\pl-PL
2010-08-04 14:54:27 ----D---- C:\Windows\system32\nl-NL
2010-08-04 14:54:27 ----D---- C:\Windows\system32\lv-LV
2010-08-04 14:54:27 ----D---- C:\Windows\system32\lt-LT
2010-08-04 14:54:27 ----D---- C:\Windows\system32\ko-KR
2010-08-04 14:54:27 ----D---- C:\Windows\system32\it-IT
2010-08-04 14:54:27 ----D---- C:\Windows\system32\hu-HU
2010-08-04 14:54:27 ----D---- C:\Windows\system32\hr-HR
2010-08-04 14:54:27 ----D---- C:\Windows\system32\he-IL
2010-08-04 14:54:27 ----D---- C:\Windows\system32\fr-FR
2010-08-04 14:54:27 ----D---- C:\Windows\system32\fi-FI
2010-08-04 14:54:27 ----D---- C:\Windows\system32\es-ES
2010-08-04 14:54:27 ----D---- C:\Windows\system32\el-GR
2010-08-04 14:54:27 ----D---- C:\Windows\system32\bg-BG
2010-08-04 14:54:26 ----D---- C:\Windows\system32\zh-CN
2010-08-04 14:54:26 ----D---- C:\Windows\system32\ru-RU
2010-08-04 14:54:26 ----D---- C:\Windows\system32\ro-RO
2010-08-04 14:54:26 ----D---- C:\Windows\system32\nb-NO
2010-08-04 14:54:26 ----D---- C:\Windows\system32\ja-JP
2010-08-04 14:54:26 ----D---- C:\Windows\system32\et-EE
2010-08-04 14:54:26 ----D---- C:\Windows\system32\en-US
2010-08-04 14:54:26 ----D---- C:\Windows\system32\de-DE
2010-08-04 14:54:26 ----D---- C:\Windows\system32\da-DK
2010-08-04 14:54:26 ----D---- C:\Windows\system32\ar-SA
2010-08-04 14:54:25 ----D---- C:\Windows\AppPatch
2010-08-04 14:54:23 ----D---- C:\Program Files\Movie Maker
2010-08-04 14:54:22 ----D---- C:\Windows\ehome
2010-08-04 14:54:16 ----RSD---- C:\Windows\Fonts
2010-08-04 14:53:44 ----D---- C:\Windows\system32\drivers\UMDF
2010-08-04 02:05:26 ----D---- C:\Program Files\Windows Media Player
2010-08-03 18:52:16 ----SD---- C:\Windows\Downloaded Program Files
2010-08-03 14:47:02 ----D---- C:\Windows\system32\WDI
2010-08-03 01:08:35 ----D---- C:\Program Files\Common Files
2010-08-03 00:29:33 ----D---- C:\Windows\system32\Msdtc
2010-08-03 00:28:47 ----D---- C:\Windows\system32\config
2010-08-03 00:28:29 ----D---- C:\Windows\system32\XPSViewer
2010-08-03 00:28:29 ----D---- C:\Windows\system32\migwiz
2010-08-03 00:28:28 ----D---- C:\Windows\servicing
2010-08-03 00:28:28 ----D---- C:\Program Files\Windows Defender
2010-08-03 00:28:20 ----D---- C:\Windows\Tasks
2010-08-03 00:28:20 ----D---- C:\Windows\system32\spool
2010-08-03 00:28:19 ----D---- C:\Windows\Help
2010-08-03 00:28:19 ----D---- C:\Program Files\Microsoft Games
2010-08-03 00:28:12 ----D---- C:\Windows\registration
2010-08-02 14:06:40 ----D---- C:\Windows\Logs
2010-08-02 13:32:38 ----N---- C:\Windows\win.ini
2010-08-02 13:10:14 ----D---- C:\Program Files\Common Files\microsoft shared
2010-08-02 13:01:05 ----D---- C:\Program Files\Windows NT
2010-08-02 13:00:58 ----D---- C:\Windows\system32\restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 50704]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-06-29 100368]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-15 5068800]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\System32\Drivers\PdiPorts.sys [2008-06-04 17064]
R3 Ph3xIB32;Philips 713x VU PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 usbet;ET USB 2.0 WebCAM; C:\Windows\system32\DRIVERS\ETdrv.sys [2009-06-25 153344]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-08-04 691696]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-04-11 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-15 172032]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2008-06-06 69632]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-06-04 90112]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 04 srp 2010 20:39

Log vypadá čistý. Dejte ještě log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Ještě poznámka:

A NAŠLO MI TO TYHLE HROZBY, JAK NA NĚ ?

** Scanning may fail! File Locked [SUSPICIOUS]: C:\Windows\system32\Drivers\sptd.sys (????)
Objekt "CoreGuardAntivirus2009 Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "YahooSpyMon Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "YahooSpyMon Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "YahooSpyMon Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Your Protection Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Orifice2K.plugin Trojan" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".07". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".3". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".CZ". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mdf". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".r40". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".Twilight-RELOADED". Provedené akce: Ponecháno, neodstraněno!.

Záznamy z registry jsou neplatné (zbytečné) klíče zbylé po legitimní odinstalované aplikaci.
Všechny poloižky tohoto typu:

Objekt "User Account Control (Fake) Spyware/Adware" nalezen v souborovém systému!

tzn, bez cesty k souboru jsou jen neškodné zbytky po dříve vyléčené infekci. Odstraňovat se nemusí.

Hydron · #7 Příspěvek od **Hydron** » 04 srp 2010 20:58

ComboFix 10-08-04.02 - Hydron 04.08.2010 21:47:39.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3071.2135 [GMT 2:00]
Spuštěný z: e:\google chrome\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
c:\users\Hydron\Documents\cc_20100803_150613.reg
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-04 do 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-04 18:42 . 2010-08-04 18:44 -------- d-----w- c:\program files\trend micro
2010-08-04 18:42 . 2010-08-04 18:44 -------- d-----w- C:\rsit
2010-08-04 17:10 . 2010-08-04 17:10 -------- d-----w- c:\users\Mamka\AppData\Local\PackageAware
2010-08-04 17:09 . 2010-08-04 17:09 -------- d-----w- c:\users\Mamka\AppData\Roaming\Stardock
2010-08-04 17:08 . 2010-08-04 17:08 -------- d-----w- c:\users\Hydron\AppData\Roaming\Stardock
2010-08-04 17:08 . 2010-08-04 17:37 -------- dc----w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2010-08-04 17:08 . 2010-06-22 19:49 3349784 -c--a-w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
2010-08-04 17:07 . 2010-08-04 17:07 -------- d-----w- c:\users\Hydron\AppData\Local\PackageAware
2010-08-04 16:51 . 2010-08-04 16:51 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-04 15:41 . 2010-08-04 15:41 0 ----a-w- c:\windows\nsreg.dat
2010-08-04 15:41 . 2010-08-04 15:41 -------- d-----w- c:\users\Mamka\AppData\Local\Mozilla
2010-08-04 15:35 . 2010-08-04 15:35 -------- d-----w- c:\users\Mamka\AppData\Roaming\DisplayTune
2010-08-04 15:29 . 2010-08-04 15:31 -------- d-----w- c:\users\Mamka\AppData\Roaming\Skype
2010-08-04 15:29 . 2010-08-04 15:29 50336 ----a-w- c:\users\Mamka\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-04 13:27 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-08-04 13:24 . 2010-08-04 13:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-04 13:05 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-08-04 12:54 . 2010-08-04 12:54 -------- d-----w- c:\program files\Windows Portable Devices
2010-08-04 00:36 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-08-04 00:36 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-08-04 00:36 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-08-04 00:34 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-08-04 00:34 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-08-04 00:34 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-08-04 00:34 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-08-04 00:34 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-08-04 00:34 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-08-04 00:34 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-08-04 00:34 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-08-04 00:34 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-08-04 00:34 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-08-04 00:34 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-08-04 00:34 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-08-04 00:33 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-08-04 00:33 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-08-04 00:33 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-08-04 00:22 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-04 00:22 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-04 00:22 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-04 00:22 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-04 00:22 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-04 00:22 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-04 00:19 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-04 00:19 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-04 00:19 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-08-04 00:18 . 2010-08-04 00:18 -------- d-----w- c:\program files\MSXML 4.0
2010-08-03 23:22 . 2010-08-03 23:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-08-03 23:21 . 2010-08-03 23:21 -------- d-----w- c:\program files\Java
2010-08-03 16:50 . 2010-08-04 18:33 -------- d-----w- c:\users\Hydron\AppData\Roaming\ICQ
2010-08-03 13:19 . 2010-08-03 13:19 -------- d---a-w- c:\windows\rundll16.exe
2010-08-03 13:19 . 2010-08-03 13:19 -------- d---a-w- c:\windows\logo1_.exe
2010-08-03 12:48 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-03 12:48 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-03 12:48 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-03 12:47 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-08-03 12:47 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-08-03 12:47 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-08-03 12:47 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-08-03 12:47 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-08-03 12:47 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-08-03 12:47 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-08-03 12:47 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2010-08-03 12:47 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-03 12:45 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-03 12:43 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-08-03 12:42 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-08-03 12:42 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-08-03 12:42 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-08-03 12:42 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-08-03 12:42 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-08-03 12:42 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-08-03 12:42 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-08-03 12:42 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-08-03 12:42 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-08-03 12:42 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-08-03 12:41 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-08-03 12:41 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-03 12:41 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-08-03 12:41 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-08-02 23:13 . 2010-08-02 23:13 -------- d---a-w- c:\windows\VDLL.DLL
2010-08-02 23:13 . 2010-08-02 23:13 -------- d---a-w- c:\windows\system32\runouce.exe
2010-08-02 23:13 . 2010-08-02 23:13 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-08-02 23:13 . 2010-08-02 23:13 -------- d---a-w- c:\windows\logo_1.exe
2010-08-02 23:08 . 2010-08-02 23:08 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-08-02 23:08 . 2010-08-02 23:08 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-08-02 23:08 . 2010-08-02 23:08 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-08-02 23:08 . 2010-08-02 23:08 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-08-02 23:08 . 2010-08-02 23:08 -------- d-----w- c:\programdata\MicroWorld
2010-08-02 22:34 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-02 14:19 . 2010-08-02 14:19 -------- d-----w- c:\users\Hydron\AppData\Local\Apps
2010-08-02 13:56 . 2010-08-02 13:57 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-02 13:31 . 2010-08-02 13:37 -------- d-----w- c:\users\Hydron\AppData\Roaming\TeamViewer
2010-08-02 13:13 . 2010-08-04 19:46 -------- d-----w- c:\users\Hydron\AppData\Roaming\Skype
2010-08-02 13:12 . 2010-08-02 13:13 -------- d-----w- c:\programdata\Skype
2010-08-02 13:08 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-08-02 12:53 . 2010-08-02 12:47 380928 ----a-w- c:\users\Hydron\AppData\Roaming\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\_setup.dll
2010-08-02 12:53 . 2010-08-02 13:42 -------- d-----w- c:\windows\system32\Macromed
2010-08-02 12:49 . 2004-10-22 03:16 118736 ----a-w- c:\users\Hydron\AppData\Roaming\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe
2010-08-02 12:49 . 2010-08-02 12:49 -------- d-----w- c:\users\Hydron\AppData\Roaming\InstallShield Installation Information
2010-08-02 12:19 . 2010-08-02 12:26 -------- d-----w- c:\users\Hydron\AppData\Roaming\DAEMON Tools Lite
2010-08-02 12:19 . 2010-08-02 12:19 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-08-02 12:18 . 2010-08-02 12:18 -------- d-----w- c:\program files\WinPcap
2010-08-02 12:13 . 2010-08-02 12:13 -------- d-----w- c:\users\Hydron\AppData\Local\Google
2010-08-02 11:57 . 2010-08-02 12:03 -------- d-----w- c:\users\Hydron\AppData\Roaming\IObit
2010-08-02 11:55 . 2010-08-02 11:55 -------- d-----w- c:\programdata\Alawar Stargaze
2010-08-02 11:54 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-02 11:54 . 2010-08-02 11:54 -------- d-----w- c:\program files\K-Lite Mega Codec Pack
2010-08-02 11:48 . 2010-08-02 10:56 -------- d-----w- c:\windows\Panther
2010-08-02 11:48 . 2010-08-02 11:48 -------- d-----w- C:\Boot
2010-08-02 11:45 . 2010-08-02 11:45 -------- d-----w- c:\users\Hydron\AppData\Roaming\DisplayTune
2010-08-02 11:41 . 2004-11-22 10:07 2304 ----a-w- c:\windows\system32\Machnm32.sys
2010-08-02 11:41 . 2010-08-02 11:41 -------- d-----w- c:\program files\Portrait Displays
2010-08-02 11:41 . 2008-06-04 15:59 17064 ----a-w- c:\windows\system32\drivers\PdiPorts.sys
2010-08-02 11:32 . 2010-08-02 11:32 -------- d-----w- c:\program files\ETRON
2010-08-02 11:32 . 2009-06-25 13:45 153344 ----a-w- c:\windows\system32\drivers\ETdrv.sys
2010-08-02 11:32 . 2009-06-22 12:01 110592 ----a-w- c:\windows\system32\RemoveET.exe
2010-08-02 11:32 . 2009-06-22 11:57 73728 ----a-w- c:\windows\system32\ETCoInst.dll
2010-08-02 11:32 . 2006-11-01 13:21 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2010-08-02 11:32 . 2010-08-03 16:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 11:25 . 2010-08-02 11:25 -------- d-----w- c:\programdata\WEBREG
2010-08-02 11:25 . 2010-08-02 11:25 -------- d-----w- c:\users\Hydron\AppData\Roaming\HP
2010-08-02 11:22 . 2010-08-02 11:24 -------- d-----w- c:\program files\Common Files\HP
2010-08-02 11:21 . 2010-08-02 11:21 -------- d-----w- c:\programdata\Hewlett-Packard
2010-08-02 11:21 . 2007-01-29 12:21 273920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4v2.dll
2010-08-02 11:20 . 2007-02-01 07:14 258048 ----a-w- c:\windows\system32\hpzids01.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 16:27 . 2009-04-13 09:31 598594 ----a-w- c:\windows\system32\perfh005.dat
2010-08-04 16:27 . 2009-04-13 09:31 114786 ----a-w- c:\windows\system32\perfc005.dat
2010-08-04 12:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-04 12:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-04 12:53 . 2010-08-04 12:53 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-04 00:08 . 2010-08-02 11:04 50336 ----a-w- c:\users\Hydron\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-02 22:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-08-02 22:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-08-02 11:40 . 2010-08-02 11:40 -------- d-----w- c:\program files\Common Files\Portrait Displays
2010-08-02 11:40 . 2010-08-02 11:40 -------- d-----w- c:\program files\Acer Display
2010-08-02 11:40 . 2010-08-02 11:40 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-02 11:12 . 2010-08-02 11:08 -------- d-----w- c:\program files\ATI Technologies
2010-08-02 11:10 . 2010-08-02 11:03 680 ----a-w- c:\users\Hydron\AppData\Local\d3d9caps.dat
2010-08-02 11:10 . 2010-08-02 11:10 10134 ----a-r- c:\users\Hydron\AppData\Roaming\Microsoft\Installer\{1486B3B8-DCD0-BD86-698E-B15237058FDF}\ARPPRODUCTICON.exe
2010-08-02 11:09 . 2010-08-02 11:09 -------- d-----w- c:\program files\ATI
2010-08-02 11:01 . 2010-08-02 11:01 -------- d-sh--we c:\programdata\Plocha
2010-08-02 11:01 . 2010-08-02 11:01 -------- d-sh--we c:\programdata\Oblíbené položky
2010-08-02 11:01 . 2010-08-02 11:01 -------- d-sh--we c:\programdata\Šablony
2010-08-02 11:01 . 2010-08-02 11:01 -------- d-sh--we c:\programdata\Nabídka Start
2010-08-02 11:01 . 2010-08-02 11:01 -------- d-sh--we c:\programdata\Dokumenty
2010-08-02 11:01 . 2010-08-02 11:01 -------- d-sh--we c:\programdata\Data aplikací
2010-08-02 10:55 . 2010-08-02 10:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-05-26 17:06 . 2010-08-03 12:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-08-03 12:45 289792 ----a-w- c:\windows\system32\atmfd.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="d:\programy\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-07-02 198864]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RocketDock"="d:\programy\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- d:\programy\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-02 12:13 136176 ----atw- c:\users\Hydron\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-08-03 23:22 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):62,22,80,d4,a9,ba,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4030401163-1192879156-1406224068-1001]
"EnableNotificationsRef"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-04 691696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 172032]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-06-04 90112]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 usbet;ET USB 2.0 WebCAM;c:\windows\system32\DRIVERS\ETdrv.sys [2009-06-25 153344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-08-02 c:\windows\Tasks\AWC AutoCare.job
- d:\programy\Advanced SystemCare 3\AutoCare.exe [2010-08-02 12:10]

2010-08-04 c:\windows\Tasks\AWC AutoSweep.job
- d:\programy\Advanced SystemCare 3\AutoSweep.exe [2010-08-02 12:11]

2010-08-04 c:\windows\Tasks\AWC Startup.job
- d:\programy\Advanced SystemCare 3\AWC.exe [2010-08-02 15:33]

2010-08-04 c:\windows\Tasks\AWC Update.job
- d:\programy\Advanced SystemCare 3\IObitUpdate.exe [2010-08-02 14:18]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4030401163-1192879156-1406224068-1000Core.job
- c:\users\Hydron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-02 12:13]

2010-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4030401163-1192879156-1406224068-1000UA.job
- c:\users\Hydron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-02 12:13]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\programy\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programy\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\programy\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\programy\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\programy\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-04 21:53
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2010-08-04 21:56:18
ComboFix-quarantined-files.txt 2010-08-04 19:56

Před spuštěním: Volných bajtů: 27 433 385 984
Po spuštění: Volných bajtů: 27 748 864 000

- - End Of File - - A5DEFA50354EF9ACED1D46234E041515

POTŘEBUJI ZJISTIT, PROČ SE MI PO NAJETÍ DO SLOŽEK APOD. SEKNE PRŮZKUMNÍK WINDOWS A NEODPOVÍDÁ, CO JE ŠPATNĚ

#8 Příspěvek od **Rudy** » 04 srp 2010 21:46

3 polžky smazány, zbytek logu vypadá čistý. Nastala nějaká změna?

Hydron · #9 Příspěvek od **Hydron** » 05 srp 2010 09:38

Právě že ne, jakmile otevřu složku ( hlavně místní disk E ), tak se sekne PC a napíše to "Průzkumník Windows neodpovídá" ... V čem může být chyba ? neblokuje něco ten process ?

#10 Příspěvek od **Rudy** » 05 srp 2010 17:36

Virem to pravděpodobně nebude, neboť CF PC vyčistil. Zkuste obnovu systému k datu, kdy korektně fungoval.

VIRY.CZ

Problém s Explorer

Problém s Explorer

Re: Problém s Explorer

Re: Problém s Explorer

Re: Problém s Explorer

Re: Problém s Explorer

Re: Problém s Explorer

Re: Problém s Explorer

Re: Problém s Explorer

Re: Problém s Explorer

Re: Problém s Explorer