Avast hlásí vir, co nelze odstranit

Zpráva

tLamina · #1 Příspěvek od **tLamina** » 30 srp 2010 11:48

Ahoj, tady je log z RSIT.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sisa at 2010-08-30 12:43:57
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 114 GB (39%) free of 295 GB
Total RAM: 2429 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:14, on 30.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Sisa\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Works\WkCalRem.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Sisa\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Sisa.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7535
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_7535
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Tango - {96478E07-63FC-4FF4-8CE6-B565BF708B5B} - C:\Windows\system32\4c78.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Tango - {96478E06-63FC-4FF4-8CE6-B565BF708B5B} - C:\Windows\system32\4c78.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP Infium\infium.exe" /autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [GabPath] C:\Users\Sisa\AppData\Roaming\GabPath\gabpath.exe
O4 - HKCU\..\Run: [SfKg6wIPuSp] C:\Users\Sisa\AppData\Roaming\Microsoft\Windows\jnipmo.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htm (file missing)
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{55B383B9-F868-4A46-8F1D-A4EB1A392285}: NameServer = 10.0.1.2,10.0.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Služba Google Update (gupdate1ca2e05b43d13a1) (gupdate1ca2e05b43d13a1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: ResultDns Service - Unknown owner - C:\ProgramData\ResultDns\resultdns115.exe
O23 - Service: SpaceQuery Service - Unknown owner - C:\ProgramData\SpaceQuery\spacequery135.exe (file missing)

--
End of file - 12826 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{79608EC9-9DB2-49ED-ACBA-8857D92640D9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96478E07-63FC-4FF4-8CE6-B565BF708B5B}]
Tango - C:\Windows\system32\4c78.dll [2010-08-03 847872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{96478E06-63FC-4FF4-8CE6-B565BF708B5B} - Tango - C:\Windows\system32\4c78.dll [2010-08-03 847872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"AmIcoSinglun"=C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [2008-10-24 237568]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-18 61440]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-11 6957600]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2009-02-24 204800]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-02-24 870920]
"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-04-11 249600]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-04-03 698912]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-05-13 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2009-05-14 345384]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2009-09-17 156968]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2009-06-16 173288]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2009-07-02 206120]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"Infium"=C:\Program Files\QIP Infium\infium.exe /autorun []
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-03-15 319792]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"ares"=C:\Program Files\Ares\Ares.exe [2010-02-08 1015808]
"GabPath"=C:\Users\Sisa\AppData\Roaming\GabPath\gabpath.exe []
"SfKg6wIPuSp"=C:\Users\Sisa\AppData\Roaming\Microsoft\Windows\jnipmo.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Sisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files\Digsby\digsby.exe
wkcalrem.LNK - C:\Program Files\Microsoft Works\WkCalRem.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-30 12:43:57 ----D---- C:\rsit
2010-08-30 12:43:57 ----D---- C:\Program Files\trend micro
2010-08-24 19:32:45 ----D---- C:\Program Files\Common Files\Java
2010-08-24 19:28:55 ----A---- C:\Windows\system32\rtutils.dll
2010-08-24 19:28:25 ----A---- C:\Windows\system32\mshtml.dll
2010-08-24 19:28:25 ----A---- C:\Windows\system32\iertutil.dll
2010-08-24 19:28:24 ----A---- C:\Windows\system32\ieframe.dll
2010-08-24 19:28:22 ----A---- C:\Windows\system32\urlmon.dll
2010-08-24 19:28:22 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-24 19:28:21 ----A---- C:\Windows\system32\wininet.dll
2010-08-24 19:28:21 ----A---- C:\Windows\system32\occache.dll
2010-08-24 19:28:21 ----A---- C:\Windows\system32\mstime.dll
2010-08-24 19:28:21 ----A---- C:\Windows\system32\ieui.dll
2010-08-24 19:28:21 ----A---- C:\Windows\system32\iepeers.dll
2010-08-24 19:28:21 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-24 19:28:21 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-24 19:28:20 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-24 19:28:20 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-24 19:28:20 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-24 19:28:20 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-24 19:28:20 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-24 19:28:20 ----A---- C:\Windows\system32\iesetup.dll
2010-08-24 19:28:20 ----A---- C:\Windows\system32\iernonce.dll
2010-08-24 19:28:17 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-24 19:28:17 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-24 19:28:15 ----A---- C:\Windows\system32\iccvid.dll
2010-08-24 19:28:13 ----A---- C:\Windows\system32\schannel.dll
2010-08-24 19:27:52 ----A---- C:\Windows\system32\win32k.sys
2010-08-24 19:26:49 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-24 19:26:48 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-24 19:25:29 ----A---- C:\Windows\system32\msxml3.dll
2010-08-24 19:25:25 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-24 19:14:07 ----A---- C:\Windows\system32\javaws.exe
2010-08-24 19:14:07 ----A---- C:\Windows\system32\javaw.exe
2010-08-24 19:14:07 ----A---- C:\Windows\system32\java.exe
2010-08-03 22:57:47 ----D---- C:\ProgramData\ResultDns
2010-08-03 22:57:47 ----D---- C:\Program Files\ResultDns
2010-08-03 22:57:37 ----D---- C:\Users\Sisa\AppData\Roaming\GabPath
2010-08-03 22:57:37 ----A---- C:\Windows\system32\4c78.dll
2010-08-03 13:49:04 ----A---- C:\Windows\system32\shell32.dll

======List of files/folders modified in the last 1 months======

2010-08-30 12:43:57 ----RD---- C:\Program Files
2010-08-30 12:43:54 ----D---- C:\Windows\Temp
2010-08-30 12:40:22 ----D---- C:\Program Files\Digsby
2010-08-30 12:37:08 ----D---- C:\Users\Sisa\AppData\Roaming\uTorrent
2010-08-28 12:06:50 ----D---- C:\Users\Sisa\AppData\Roaming\vlc
2010-08-27 17:38:50 ----D---- C:\Windows\System32
2010-08-27 17:38:50 ----D---- C:\Windows\inf
2010-08-27 17:38:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-27 16:00:16 ----SHD---- C:\System Volume Information
2010-08-26 21:21:40 ----SHD---- C:\Windows\Installer
2010-08-26 19:06:51 ----D---- C:\Windows\system32\catroot2
2010-08-25 05:27:03 ----D---- C:\Windows\Microsoft.NET
2010-08-25 05:26:52 ----RSD---- C:\Windows\assembly
2010-08-25 03:49:36 ----D---- C:\Windows\winsxs
2010-08-25 03:34:54 ----D---- C:\Program Files\Internet Explorer
2010-08-25 03:34:53 ----D---- C:\Windows\system32\migration
2010-08-25 03:34:53 ----D---- C:\Program Files\Movie Maker
2010-08-25 03:34:52 ----D---- C:\Windows\system32\drivers
2010-08-25 03:09:45 ----D---- C:\Program Files\Microsoft Works
2010-08-25 03:07:43 ----D---- C:\ProgramData\Microsoft Help
2010-08-25 03:02:33 ----D---- C:\Windows\system32\catroot
2010-08-25 03:02:27 ----D---- C:\Program Files\Windows Mail
2010-08-24 19:32:45 ----D---- C:\Program Files\Common Files
2010-08-24 19:14:01 ----D---- C:\Program Files\Java
2010-08-03 22:57:47 ----HD---- C:\ProgramData
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ahcix86s;ahcix86s; C:\Windows\system32\DRIVERS\ahcix86s.sys [2008-10-03 183312]
R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-28 14352]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-10-27 721904]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2009-01-16 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2009-01-16 8704]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2009-03-19 4386304]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2009-03-19 93184]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-02-23 195120]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-30 952832]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-11 2338720]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-26 15360]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-02-21 153952]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 anld17f8;anld17f8; C:\Windows\system32\drivers\anld17f8.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-04-10 84256]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2009-03-25 106784]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-03-25 17056]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\Windows\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-03-19 733184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-04-13 578848]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-05-20 75048]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-04-03 723488]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 ResultDns Service;ResultDns Service; C:\ProgramData\ResultDns\resultdns115.exe [2010-08-23 57608]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 gupdate1ca2e05b43d13a1;Služba Google Update (gupdate1ca2e05b43d13a1); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-05 133104]
S2 SpaceQuery Service;SpaceQuery Service; C:\ProgramData\SpaceQuery\spacequery135.exe C:\Program Files\SpaceQuery\spacequery.dll slljgcszvuxp []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#2 Příspěvek od **stell** » 30 srp 2010 12:38

Ahoj

Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-
sprav komplet skan,,log vloz sem,

tLamina · #3 Příspěvek od **tLamina** » 30 srp 2010 14:55

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4505

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

30.8.2010 15:52:53
mbam-log-2010-08-30 (15-52-53).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 307814
Uplynulý čas: 1 hodina(y), 29 minuta(y), 2 sekunda(y)

Infikované procesy v paměti: 2
Infikované moduly v paměti: 2
Infikované klíče registru: 16
Infikované hodnoty registru: 4
Infikované datové položky registru: 7
Infikované složky: 12
Infikované soubory: 28

Infikované procesy v paměti:
C:\ProgramData\ResultDns\resultdns115.exe (Adware.ResultDns) -> No action taken.
C:\Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> No action taken.

Infikované moduly v paměti:
C:\Program Files\ResultDns\resultdns.dll (Adware.Agent.Gen) -> No action taken.
C:\Users\Sisa\AppData\Roaming\Mozilla\Firefox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\components\gpff.dll (Adware.Agent) -> No action taken.

Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{96478e06-63fc-4ff4-8ce6-b565bf708b5b} (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{96478e06-63fc-4ff4-8ce6-b565bf708b5b} (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{96478e06-63fc-4ff4-8ce6-b565bf708b5b} (Adware.Mirar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96478e06-63fc-4ff4-8ce6-b565bf708b5b} (Adware.Mirar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{96478e07-63fc-4ff4-8ce6-b565bf708b5b} (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{96478e07-63fc-4ff4-8ce6-b565bf708b5b} (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{96478e07-63fc-4ff4-8ce6-b565bf708b5b} (Adware.Mirar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96478e07-63fc-4ff4-8ce6-b565bf708b5b} (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gabpath (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\resultdns (Adware.ResultDns) -> No action taken.
HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> No action taken.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SpaceQuery (Adware.SpaceQuery) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDns) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpaceQuery Service (Adware.SpaceQuery) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{96478e06-63fc-4ff4-8ce6-b565bf708b5b} (Adware.Mirar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{96478e06-63fc-4ff4-8ce6-b565bf708b5b} (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\gabpath (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipusp (Trojan.Downloader) -> No action taken.

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> No action taken.

Infikované složky:
C:\Users\Sisa\AppData\Roaming\GabPath (Adware.Agent) -> No action taken.
C:\ProgramData\ResultDns (Adware.ResultDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9} (Adware.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\chrome (Adware.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\defaults (Adware.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\defaults\preferences (Adware.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} (Adware.ResultDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome (Adware.ResultDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults (Adware.ResultDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences (Adware.ResultDns) -> No action taken.
C:\Program Files\ResultDns (Adware.ResultDns) -> No action taken.
C:\Program Files\SpaceQuery (Adware.SpaceQuery) -> No action taken.

Infikované soubory:
C:\Program Files\ResultDns\resultdns.dll (Adware.Agent.Gen) -> No action taken.
C:\ProgramData\ResultDns\resultdns115.exe (Adware.ResultDns) -> No action taken.
C:\Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> No action taken.
C:\Users\Sisa\AppData\Roaming\Mozilla\Firefox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}\components\gpff.dll (Adware.Agent) -> No action taken.
C:\Program Files\SpaceQuery\spacequery.exe (Adware.SpaceQuery) -> No action taken.
C:\Users\Sisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TMB6D2RA\access[1].exe (Adware.Mirar) -> No action taken.
C:\Users\Sisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYI0N9GC\access[1].exe (Adware.Mirar) -> No action taken.
C:\Users\Sisa\AppData\Local\Temp\1.exe (Adware.GabPath) -> No action taken.
C:\Users\Sisa\AppData\Local\Temp\10.exe (Adware.GabPath) -> No action taken.
C:\Users\Sisa\AppData\Local\Temp\GPUninstall.exe (Adware.GabPath) -> No action taken.
C:\Users\Sisa\AppData\Local\Temp\4.exe (Adware.TangoBar) -> No action taken.
C:\Windows\System32\4c78.dll (Adware.Mirar) -> No action taken.
C:\Windows\Temp\RES3F53.tmp\upgrade.exe (Adware.Dropper.Gen) -> No action taken.
C:\Windows\Temp\RES4F86.tmp\upgrade.exe (Adware.Dropper.Gen) -> No action taken.
C:\Windows\Temp\SPA3545.tmp\upgrade.exe (Adware.Dropper.Gen) -> No action taken.
C:\Windows\Temp\SPAAC7A.tmp\upgrade.exe (Adware.Dropper.Gen) -> No action taken.
C:\Users\Sisa\AppData\Roaming\GabPath\config.cfg (Adware.Agent) -> No action taken.
C:\Users\Sisa\AppData\Roaming\GabPath\GPUninstall.exe (Adware.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\chrome.manifest (Adware.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\install.rdf (Adware.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\chrome\spacequery.jar (Adware.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\defaults\preferences\prefs.js (Adware.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome.manifest (Adware.ResultDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\install.rdf (Adware.ResultDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome\resultdns.jar (Adware.ResultDns) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences\prefs.js (Adware.ResultDns) -> No action taken.
C:\Program Files\ResultDns\uninstall.exe (Adware.ResultDns) -> No action taken.
C:\Program Files\SpaceQuery\spacequery.dll (Adware.SpaceQuery) -> No action taken.

#4 Příspěvek od **stell** » 30 srp 2010 15:00

daj zmazat vsetko.

1. Je potřeba vypnout nástroj obnova systému - Ovládací panely>systém>obnovení systému>vypnout nástroj obnovení systému>OK nebo použít a nyní jen restartovat PC
2. Po restartu je tento adresář kompletně smazán, obnovu opět zapnout.http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart.

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

tLamina · #5 Příspěvek od **tLamina** » 30 srp 2010 16:35

ComboFix 10-08-29.04 - Sisa 30.08.2010 17:19:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2429.1679 [GMT 2:00]
Spuštěný z: c:\users\Sisa\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Sisa\AppData\Roaming\.#

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-28 do 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 15:30 . 2010-08-30 15:30 -------- d-----w- c:\users\Sisa\AppData\Local\temp
2010-08-30 15:30 . 2010-08-30 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-30 12:07 . 2010-08-30 12:07 -------- d-----w- c:\users\Sisa\AppData\Roaming\Malwarebytes
2010-08-30 12:07 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 12:07 . 2010-08-30 12:07 -------- d-----w- c:\programdata\Malwarebytes
2010-08-30 12:07 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 12:07 . 2010-08-30 12:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 10:43 . 2010-08-30 10:44 -------- d-----w- C:\rsit
2010-08-30 10:43 . 2010-08-30 10:44 -------- d-----w- c:\program files\trend micro
2010-08-24 17:32 . 2010-08-24 17:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-24 17:27 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-24 17:26 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-24 17:26 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-24 17:25 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-24 17:25 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 15:12 . 2009-09-02 20:45 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-30 15:12 . 2010-03-07 11:17 -------- d-----w- c:\users\Sisa\AppData\Roaming\uTorrent
2010-08-30 10:40 . 2010-05-10 21:05 -------- d-----w- c:\program files\Digsby
2010-08-28 10:06 . 2010-05-27 18:19 -------- d-----w- c:\users\Sisa\AppData\Roaming\vlc
2010-08-27 15:38 . 2009-03-05 20:21 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-08-27 15:38 . 2009-03-05 20:21 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-08-25 01:09 . 2009-03-05 13:09 -------- d-----w- c:\program files\Microsoft Works
2010-08-25 01:07 . 2009-03-05 13:07 -------- d-----w- c:\programdata\Microsoft Help
2010-08-25 01:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-24 17:14 . 2009-10-15 00:12 -------- d-----w- c:\program files\Java
2010-08-02 17:19 . 2009-10-07 21:43 1356 ----a-w- c:\users\Sisa\AppData\Local\d3d9caps.dat
2010-07-17 03:00 . 2010-05-13 23:17 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 06:05 . 2010-08-24 17:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-24 17:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-24 17:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-24 17:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-18 17:31 . 2010-08-24 17:28 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-24 17:28 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-24 17:28 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-11 16:16 . 2010-08-24 17:28 274944 ----a-w- c:\windows\system32\schannel.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-15 319792]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ares"="c:\program files\Ares\Ares.exe" [2010-02-08 1015808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-24 204800]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-17 156968]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-06-16 173288]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-07-02 206120]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Sisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-21 46432]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):72,e5,81,b1,8e,41,ca,01

R2 gupdate1ca2e05b43d13a1;Služba Google Update (gupdate1ca2e05b43d13a1);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-10-27 721904]
S1 aswSP;avast! Self Protection; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-05-20 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-04-03 723488]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-03-19 4386304]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-03-19 93184]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 08:48]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 08:48]

2010-08-30 c:\windows\Tasks\User_Feed_Synchronization-{79608EC9-9DB2-49ED-ACBA-8857D92640D9}.job
- c:\windows\system32\msfeedssync.exe [2010-08-24 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.Google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0909&m=aspire_7535
mSearch Bar = hxxp://www.google.com
uCustomizeSearch = hxxp://www.Google.com/
uSearchAssistant = hxxp://www.Google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
TCP: {55B383B9-F868-4A46-8F1D-A4EB1A392285} = 10.0.1.2,10.0.0.2
FF - ProfilePath - c:\users\Sisa\AppData\Roaming\Mozilla\Firefox\Profiles\qhwb7zku.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - component: c:\users\Sisa\AppData\Roaming\Mozilla\Firefox\Profiles\qhwb7zku.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Sisa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: FFComponent: {4bcdbfd0-fa26-11de-8a39-0800200c9a66} - c:\users\Sisa\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-Infium - c:\program files\QIP Infium\infium.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 17:30
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-08-30 17:33:53
ComboFix-quarantined-files.txt 2010-08-30 15:33

Před spuštěním: Volných bajtů: 165 632 458 752
Po spuštění: Volných bajtů: 165 550 866 432

- - End Of File - - AEDE401C921459E3CB494DB416591ADF

#6 Příspěvek od **stell** » 30 srp 2010 16:48

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
DDS::
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_7535
FireFox::
FF - ProfilePath - c:\users\Sisa\AppData\Roaming\Mozilla\Firefox\Profiles\qhwb7zku.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

tLamina · #7 Příspěvek od **tLamina** » 30 srp 2010 22:10

ComboFix 10-08-29.04 - Sisa 30.08.2010 18:24:10.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2429.1495 [GMT 2:00]
Spuštěný z: c:\users\Sisa\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Sisa\Desktop\CFScript.txt.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-28 do 2010-08-30 )))))))))))))))))))))))))))))))
.

2010-08-30 16:33 . 2010-08-30 20:27 -------- d-----w- c:\users\Sisa\AppData\Local\temp
2010-08-30 16:33 . 2010-08-30 16:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-30 12:07 . 2010-08-30 12:07 -------- d-----w- c:\users\Sisa\AppData\Roaming\Malwarebytes
2010-08-30 12:07 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 12:07 . 2010-08-30 12:07 -------- d-----w- c:\programdata\Malwarebytes
2010-08-30 12:07 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 12:07 . 2010-08-30 12:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 10:43 . 2010-08-30 10:44 -------- d-----w- C:\rsit
2010-08-30 10:43 . 2010-08-30 10:44 -------- d-----w- c:\program files\trend micro
2010-08-24 17:32 . 2010-08-24 17:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-24 17:27 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-24 17:26 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-24 17:26 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-24 17:25 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-24 17:25 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 16:33 . 2009-09-02 20:45 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-30 15:12 . 2010-03-07 11:17 -------- d-----w- c:\users\Sisa\AppData\Roaming\uTorrent
2010-08-30 10:40 . 2010-05-10 21:05 -------- d-----w- c:\program files\Digsby
2010-08-28 10:06 . 2010-05-27 18:19 -------- d-----w- c:\users\Sisa\AppData\Roaming\vlc
2010-08-27 15:38 . 2009-03-05 20:21 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-08-27 15:38 . 2009-03-05 20:21 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-08-25 01:09 . 2009-03-05 13:09 -------- d-----w- c:\program files\Microsoft Works
2010-08-25 01:07 . 2009-03-05 13:07 -------- d-----w- c:\programdata\Microsoft Help
2010-08-25 01:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-24 17:14 . 2009-10-15 00:12 -------- d-----w- c:\program files\Java
2010-08-02 17:19 . 2009-10-07 21:43 1356 ----a-w- c:\users\Sisa\AppData\Local\d3d9caps.dat
2010-07-17 03:00 . 2010-05-13 23:17 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 06:05 . 2010-08-24 17:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-24 17:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-24 17:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-24 17:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-18 17:31 . 2010-08-24 17:28 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-24 17:28 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-24 17:28 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-11 16:16 . 2010-08-24 17:28 274944 ----a-w- c:\windows\system32\schannel.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-15 319792]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ares"="c:\program files\Ares\Ares.exe" [2010-02-08 1015808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-24 204800]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-24 870920]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-17 156968]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-06-16 173288]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-07-02 206120]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Sisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2010-3-3 141488]
wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-21 46432]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):72,e5,81,b1,8e,41,ca,01

R2 gupdate1ca2e05b43d13a1;Služba Google Update (gupdate1ca2e05b43d13a1);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-10-27 721904]
S1 aswSP;avast! Self Protection; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-05-20 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-04-03 723488]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-03-19 4386304]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-03-19 93184]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 08:48]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-05 08:48]

2010-08-30 c:\windows\Tasks\User_Feed_Synchronization-{79608EC9-9DB2-49ED-ACBA-8857D92640D9}.job
- c:\windows\system32\msfeedssync.exe [2010-08-24 04:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.Google.com
mSearch Bar = hxxp://www.google.com
uCustomizeSearch = hxxp://www.Google.com/
uSearchAssistant = hxxp://www.Google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
TCP: {55B383B9-F868-4A46-8F1D-A4EB1A392285} = 10.0.1.2,10.0.0.2
FF - ProfilePath - c:\users\Sisa\AppData\Roaming\Mozilla\Firefox\Profiles\qhwb7zku.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedie (cs)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\users\Sisa\AppData\Roaming\Mozilla\Firefox\Profiles\qhwb7zku.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Sisa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: FFComponent: {4bcdbfd0-fa26-11de-8a39-0800200c9a66} - c:\users\Sisa\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-30 22:27
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3400)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-08-30 22:35:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-30 20:35
ComboFix2.txt 2010-08-30 15:33

Před spuštěním: Volných bajtů: 165 550 125 056
Po spuštění: Volných bajtů: 165 618 319 360

- - End Of File - - 5DF835B71B01A8D50B6DBC923201F8C5

#8 Příspěvek od **stell** » 31 srp 2010 06:50

odinstaluj combofix-start-spustit-skopiru prikaz combofix /uninstall
Preinstaluj AVAST-a.
Vycisti pc CCleanerom, a napis ako sa chova pc.

VIRY.CZ

Avast hlásí vir, co nelze odstranit

Avast hlásí vir, co nelze odstranit

Re: Avast hlásí vir, co nelze odstranit

Re: Avast hlásí vir, co nelze odstranit

Re: Avast hlásí vir, co nelze odstranit

Re: Avast hlásí vir, co nelze odstranit

Re: Avast hlásí vir, co nelze odstranit

Re: Avast hlásí vir, co nelze odstranit

Re: Avast hlásí vir, co nelze odstranit