SpyBot-Nejde odstranit Right Media

[oplis]

Dobry den. SpyBot mi nachazi pořad stejny vir RightMedia.

Log RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Vlastnik at 2010-09-15 14:08:04
Microsoft Windows 7 Home Premium
System drive C: has 95 GB (47%) free of 200 GB
Total RAM: 3327 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:08:27, on 15.9.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Java\jre6\launch4j-tmp\frd.exe
C:\Users\Vlastnik\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\Vlastnik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Vlastnik\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Qbyrd Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKCU\..\Run: [VistaStartMenu] C:\Program Files\Vista Start Menu\VistaStartMenu.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Vlastnik\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Vlastnik\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Users\Vlastnik\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Users\Vlastnik\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Add to Favorites - {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - (no file)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Open Tidy Favorites - {E3CB497B-E230-4445-8B34-13476822F867} - (no file)
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 10156 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-04 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}]
FlashGetBHO - C:\Users\Vlastnik\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll [2010-05-11 144944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-03-10 1395664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-04-12 1018616]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192]
{D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-03-10 1395664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]
"ATKOSD2"=C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe [2009-06-10 8568832]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-07-21 1545512]
"HControlUser"=C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe [2009-04-01 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"=C:\Program Files\Vista Start Menu\VistaStartMenu.exe [2010-07-08 2780568]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-04-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"="C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3"
"C:\Users\Vlastnik\AppData\Roaming\FlashgetSetup\fgmini.exe"="C:\Users\Vlastnik\AppData\Roaming\FlashgetSetup\fgmini.exe:*:Enabled:fg_ol_silent"
"C:\Program Files\FlashGet Network\FlashGet Mini\FlashGetMini.exe"="C:\Program Files\FlashGet Network\FlashGet Mini\FlashGetMini.exe:*:Enabled:FlashGetMini"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-09-15 14:08:04 ----D---- C:\rsit
2010-09-15 14:08:04 ----D---- C:\Program Files\trend micro
2010-09-15 12:46:22 ----A---- C:\Windows\system32\iertutil.dll
2010-09-15 12:45:58 ----A---- C:\Windows\system32\spoolsv.exe
2010-09-13 22:33:59 ----D---- C:\Program Files\XMedia Recode
2010-09-13 22:32:22 ----D---- C:\Users\Vlastnik\AppData\Roaming\XMedia Recode
2010-09-13 20:06:48 ----D---- C:\Program Files\RADVideo
2010-09-05 13:51:06 ----D---- C:\Program Files\Ask.com
2010-08-29 19:55:38 ----A---- C:\Windows\system32\oleaut32.dll
2010-08-23 11:22:35 ----A---- C:\Windows\system32\javaws.exe
2010-08-23 11:22:35 ----A---- C:\Windows\system32\javaw.exe
2010-08-23 11:22:35 ----A---- C:\Windows\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-09-15 14:08:07 ----D---- C:\Windows\Temp
2010-09-15 14:08:04 ----RD---- C:\Program Files
2010-09-15 14:05:09 ----SHD---- C:\Windows\Installer
2010-09-15 13:22:13 ----D---- C:\Users\Vlastnik\AppData\Roaming\Media Player Classic
2010-09-15 13:07:31 ----D---- C:\Windows\system32\drivers\etc
2010-09-15 13:05:52 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-09-15 13:03:37 ----D---- C:\Windows\system32\config
2010-09-15 12:56:08 ----D---- C:\Windows\System32
2010-09-15 12:56:08 ----D---- C:\Windows\inf
2010-09-15 12:56:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-15 12:50:40 ----D---- C:\Windows\winsxs
2010-09-15 12:50:11 ----D---- C:\Windows
2010-09-15 12:49:23 ----D---- C:\Users\Vlastnik\AppData\Roaming\ICQ
2010-09-15 12:46:47 ----D---- C:\Windows\debug
2010-09-15 12:46:40 ----A---- C:\Windows\system32\MRT.exe
2010-09-15 12:46:28 ----D---- C:\Windows\system32\catroot
2010-09-15 12:46:15 ----SHD---- C:\System Volume Information
2010-09-14 20:37:15 ----D---- C:\Windows\system32\NDF
2010-09-14 11:19:19 ----D---- C:\Windows\system32\catroot2
2010-09-13 23:32:05 ----D---- C:\Windows\system32\Tasks
2010-09-13 23:28:33 ----D---- C:\Program Files\CCleaner
2010-09-13 23:03:25 ----D---- C:\Users\Vlastnik\AppData\Roaming\Skype
2010-09-13 22:59:38 ----AD---- C:\ProgramData\TEMP
2010-09-13 22:32:01 ----D---- C:\Users\Vlastnik\AppData\Roaming\Vista Start Menu
2010-09-13 21:44:50 ----D---- C:\Users\Vlastnik\AppData\Roaming\Any DVD Converter Professional
2010-09-13 21:44:36 ----D---- C:\Windows\Prefetch
2010-09-13 20:48:37 ----D---- C:\ProgramData\DivX
2010-09-13 20:48:37 ----D---- C:\Program Files\Common Files
2010-09-13 20:43:58 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-09-13 20:43:19 ----D---- C:\Windows\Tasks
2010-09-13 17:02:37 ----D---- C:\Users\Vlastnik\AppData\Roaming\skypePM
2010-09-12 13:11:20 ----D---- C:\Program Files\Opera
2010-09-08 21:30:40 ----HD---- C:\Windows\Icons
2010-09-07 17:11:54 ----A---- C:\Windows\system32\aswBoot.exe
2010-09-05 13:37:22 ----D---- C:\Program Files\ICQ7.1
2010-09-05 06:57:51 ----D---- C:\Windows\system32\drivers
2010-09-05 06:57:48 ----D---- C:\Windows\system32\drivers\UMDF
2010-09-05 06:46:39 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-04 23:05:38 ----D---- C:\Users\Vlastnik\AppData\Roaming\BITS
2010-08-29 19:56:20 ----D---- C:\Windows\AppPatch
2010-08-23 11:22:22 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2010-04-01 30264]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 14392]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2009-06-18 15416]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-16 691696]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 50704]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-06-25 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-25 44544]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-25 38400]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-05 4994560]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-21 13880]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2009-05-13 14392]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-04-02 47360]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1766592]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\Windows\system32\drivers\srs_PremiumSound_i386.sys [2009-05-18 233512]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-07-21 213552]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 ammc2ksf;ammc2ksf; C:\Windows\system32\drivers\ammc2ksf.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-02-12 75776]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2009-07-14 48128]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-05 176128]
R2 ASLDRService;ASLDR Service; C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe [2008-08-13 100920]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 582944]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-04-12 246520]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-06-16 75064]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 SRS_VolSync_Service;SRS Volume Sync Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-07-09 107744]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-01 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-03 182768]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-04-01 435016]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]

-----------------EOF-----------------

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[oplis]

Log z Combofix

ComboFix 10-09-15.01 - Vlastnik 15.09.2010 23:43:56.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3327.2422 [GMT 2:00]
Spuštěný z: c:\users\Vlastnik\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCore.dll
c:\program files\FlashGet Network\FlashGet 3\P2SCore.dll
c:\program files\FlashGet Network\FlashGet 3\PatchWise.bak\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\PatchWise.log
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_clock.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_disk.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\Gray\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\users\Vlastnik\AppData\Roaming\BITS
c:\users\Vlastnik\AppData\Roaming\BITS\BITS.ini
c:\users\Vlastnik\AppData\Roaming\BITS\DHTTable.dat
c:\users\Vlastnik\AppData\Roaming\BITS\P2PCfg.ini
c:\users\Vlastnik\AppData\Roaming\BITS\ProxyList.ini
c:\users\Vlastnik\AppData\Roaming\BITS\pstat.dat
c:\users\Vlastnik\AppData\Roaming\BITS\pup.dat
c:\users\Vlastnik\AppData\Roaming\Desktopicon
c:\users\Vlastnik\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Vlastnik\AppData\Roaming\Desktopicon\uninst.exe
c:\users\Vlastnik\AppData\Roaming\EurekaLog
c:\users\Vlastnik\AppData\Roaming\FlashGetBHO
c:\users\Vlastnik\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
c:\users\Vlastnik\AppData\Roaming\FlashGetBHO\FlashGetHook.dll
c:\users\Vlastnik\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
c:\users\Vlastnik\AppData\Roaming\FlashGetBHO\GetUrl.htm
c:\users\Vlastnik\AppData\Roaming\inst.exe
c:\users\Vlastnik\AppData\Roaming\Microsoft\Windows\Recent\desktop_3889451.ico
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
c:\windows\system32\vbzlib1.dll
c:\windows\temp.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-15 do 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-15 21:54 . 2010-09-15 21:54 -------- d-----w- C:\Device
2010-09-15 21:53 . 2010-09-15 21:58 -------- d-----w- c:\users\Vlastnik\AppData\Local\temp
2010-09-15 21:53 . 2010-09-15 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-15 12:08 . 2010-09-15 12:08 -------- d-----w- C:\rsit
2010-09-15 12:08 . 2010-09-15 12:08 -------- d-----w- c:\program files\trend micro
2010-09-15 10:45 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-13 20:33 . 2010-09-13 20:34 -------- d-----w- c:\program files\XMedia Recode
2010-09-13 20:32 . 2010-09-13 20:32 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\XMedia Recode
2010-09-13 18:06 . 2010-09-13 18:06 -------- d-----w- c:\program files\RADVideo
2010-09-08 08:10 . 2010-09-08 08:10 -------- d-----w- c:\users\Vlastnik\AppData\Local\AskToolbar
2010-09-05 11:51 . 2010-09-05 11:51 -------- d-----w- c:\program files\Ask.com
2010-08-29 17:55 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 21:48 . 2009-08-26 09:31 631292 ----a-w- c:\windows\system32\perfh005.dat
2010-09-15 21:48 . 2009-08-26 09:31 121914 ----a-w- c:\windows\system32\perfc005.dat
2010-09-15 11:22 . 2010-04-07 14:38 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\Media Player Classic
2010-09-15 11:05 . 2010-04-05 11:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-15 10:49 . 2010-04-01 22:53 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\ICQ
2010-09-13 21:28 . 2010-05-23 17:54 -------- d-----w- c:\program files\CCleaner
2010-09-13 21:03 . 2010-04-01 22:48 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\Skype
2010-09-13 20:32 . 2010-04-01 23:22 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\Vista Start Menu
2010-09-13 19:44 . 2010-04-01 23:16 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\Any DVD Converter Professional
2010-09-13 18:48 . 2010-07-05 19:33 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-13 18:48 . 2010-07-05 19:30 -------- d-----w- c:\programdata\DivX
2010-09-13 18:48 . 2010-09-13 18:42 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-13 18:43 . 2010-07-05 19:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-09-13 17:40 . 2010-04-01 23:37 1 ----a-w- c:\users\Vlastnik\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-13 15:02 . 2010-04-01 22:49 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\skypePM
2010-09-12 11:11 . 2010-04-01 19:14 -------- d-----w- c:\program files\Opera
2010-09-08 19:16 . 2010-09-08 19:16 6729728 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\AlmostGolden.tls.dll
2010-09-07 15:12 . 2010-06-30 23:01 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-04-01 20:00 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-04-01 20:01 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-04-01 20:01 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-04-01 20:01 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-04-01 20:01 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-04-01 20:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-05 19:02 . 2010-05-09 04:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-09-05 19:02 . 2010-05-09 04:20 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-05 11:37 . 2010-04-01 22:53 -------- d-----w- c:\program files\ICQ7.1
2010-09-05 04:57 . 2010-09-05 04:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-09-05 04:57 . 2010-09-05 04:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-09-05 04:46 . 2010-04-02 20:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-23 09:22 . 2010-05-12 19:01 -------- d-----w- c:\program files\Java
2010-08-23 09:14 . 2010-05-12 16:40 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-08-23 09:14 . 2010-05-12 16:40 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-08-12 16:44 . 2010-08-12 16:42 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\Zoner
2010-08-12 16:42 . 2010-08-12 16:42 -------- d-----w- c:\program files\Zoner
2010-08-12 08:07 . 2010-04-02 00:33 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\Vso
2010-08-06 12:12 . 2010-06-16 20:06 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-06 12:12 . 2010-06-16 20:06 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-31 23:52 . 2010-07-31 23:48 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\Jpeg Resampler
2010-07-30 21:46 . 2010-07-30 21:46 -------- d-----w- c:\program files\Microsoft.NET
2010-07-29 06:30 . 2010-08-12 14:55 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 14:55 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-26 09:58 . 2010-04-05 13:14 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\PC Suite
2010-07-24 23:32 . 2010-07-24 23:32 -------- d-----w- c:\programdata\vsosdk
2010-07-21 20:17 . 2010-04-01 23:24 -------- d-----w- c:\users\Vlastnik\AppData\Roaming\Audacity
2010-07-17 03:00 . 2010-05-12 19:01 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-02 23:21 . 2010-07-02 23:21 95232 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-07-02 23:21 . 2010-07-02 23:21 8192 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-07-02 23:21 . 2010-07-02 23:21 61440 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-07-02 23:21 . 2010-07-02 23:21 10240 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-07-02 23:19 . 2010-07-02 23:21 36684048 ----a-w- c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_cze.exe
2010-06-30 06:25 . 2010-08-12 14:54 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-12 14:56 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 14:56 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 14:56 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-12 14:55 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 14:55 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 14:56 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 14:55 2326016 ----a-w- c:\windows\system32\win32k.sys
2009-04-08 08:31 . 2009-04-08 08:31 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-08-11 19:45 . 2008-08-11 19:45 155648 ----a-w- c:\program files\Common Files\MSIactionall.dll
2008-05-22 06:35 . 2008-05-22 06:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 07:34 . 2007-06-12 07:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-10 1395664]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-10 17:33 1395664 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-10 1395664]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-10 1395664]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2010-07-08 2780568]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-06-10 8568832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-04-01 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" /hideme
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"ATKMEDIA"=c:\program files\ASUS\ATK Media\DMedia.exe
"ADSMTray"=c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 133104]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-16 691696]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15416]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-04-12 246520]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-07-09 107744]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-05-18 233512]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 20:01]

2010-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 20:01]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - c:\users\Vlastnik\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Vlastnik\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Stahnou vse FlashGet3 - c:\users\Vlastnik\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Stahnout FlashGet3 - c:\users\Vlastnik\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: ????3?? - c:\users\Vlastnik\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Vlastnik\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: ???????? - c:\program files\FlashGet Network\FlashGet Mini\GetUrl.htm
IE: ???????????? - c:\program files\FlashGet Network\FlashGet Mini\GetAllUrl.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {DC8DD02C-C44B-47EE-8558-F1C17307A79A} -
IE: {{E3CB497B-E230-4445-8B34-13476822F867} - {5AAF9669-C519-4AFF-BB6D-CCEE38D21C90} -
Trusted Zone: kuaiche.com\software
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
AddRemove-eBay Icon - c:\users\Vlastnik\AppData\Roaming\Desktopicon\uninst.exe
AddRemove-FlashGet 3.5 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2966052927-2731903198-2444892622-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Users\\Vlastnik\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-2966052927-2731903198-2444892622-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Users\\Vlastnik\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3072)
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
c:\program files\Vista Start Menu\VistaStartMenu.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-09-16 00:04:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-15 22:04

Před spuštěním: Volných bajtů: 99 118 452 736
Po spuštění: Volných bajtů: 98 964 131 840

- - End Of File - - B75BE9F63E4F87472093EBEB0EB4976D

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com
c:\users\Vlastnik\AppData\Local\AskToolbar

Ŕegistry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[oplis]

Diky za pomoc. Ale ještě poslední věc. Po kontrole Combofix se mi na disku D objevila složka $RECYCLE.BIN a už není jako skryta složka a nevím jak ji dat zpatky jako skrytou.

A na dicku C se mi objevily složky Boot, Device, Qoobox, rsit. Mam je tam nechat nebo je mužu odstranit?

[Rudy]

RSIT normálně odstraňte odinstalací a ComboFix Start>spustit>(napsat) combofix /uninstall>OK. CF se spustí a odinstaluje. Zbytky po odinstalacích smažte. Složky Device a Boot ponechte.

[Václav Sedlář]

jelikož mám stejný problém jako zakladatel tohoto vlákna (SpyBot-Nejde odstranit Right Media), tak to dám sem:

log z combofixu (co dělat?):


ComboFix 11-02-20.03 - Václav Sedlář 21.02.2011 19:44:52.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.4094.2349 [GMT 1:00]
Spuštěný z: c:\users\Václav Sedlář\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SysWow64\CFG
c:\windows\SysWow64\CFG\log.cfg
c:\windows\SysWow64\CFG\pten.cfg
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-21 do 2011-02-21 )))))))))))))))))))))))))))))))
.

2011-02-21 18:50 . 2011-02-21 18:50 -------- d-----w- c:\users\Martina Sedlářová\AppData\Local\temp
2011-02-21 18:50 . 2011-02-21 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-18 08:20 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6189533-F149-4E9A-A7F4-34FF04F33919}\mpengine.dll
2011-02-11 08:11 . 2011-02-11 08:11 -------- d-----w- c:\users\Václav Sedlář\AppData\Local\CrashRpt
2011-02-11 07:40 . 2011-02-11 07:40 -------- d-----w- c:\program files (x86)\Atari
2011-01-30 13:57 . 2011-01-30 13:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-21 18:54 . 2010-02-17 02:36 30528 ----a-w- c:\windows\GVTDrv64.sys
2011-02-21 18:53 . 2010-02-17 02:34 25640 ----a-w- c:\windows\gdrv.sys
2011-01-11 22:27 . 2010-06-01 17:00 362784 ----a-w- c:\windows\system32\guard64.dll
2011-01-11 22:27 . 2010-06-01 17:00 285480 ----a-w- c:\windows\SysWow64\guard32.dll
2011-01-11 22:27 . 2010-06-01 17:00 89840 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-11 22:27 . 2010-06-01 17:00 39888 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-11 22:27 . 2010-06-01 17:00 14184 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-01-11 22:27 . 2010-06-04 09:55 250008 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-12-10 17:29 . 2010-12-10 17:29 64864 ----a-w- c:\windows\SysWow64\sqlctr90.dll
2010-12-10 17:29 . 2010-12-10 17:29 2248032 ----a-w- c:\windows\SysWow64\sqlncli.dll
2010-12-10 16:34 . 2010-12-10 16:34 2882400 ----a-w- c:\windows\system32\sqlncli.dll
2010-11-27 00:38 . 2010-11-27 00:38 1146 ----a-w- C:\zalohasptd.reg
2006-01-09 19:59 . 2010-08-15 22:21 7101440 ----a-w- c:\program files (x86)\PocketDivXEncoder_0.3.60.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-17 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"EasyTuneVPro"="c:\program files (x86)\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 20480]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 atidgllk;atidgllk;c:\program files (x86)\GIGABYTE\ET5Pro\atidgllk.sys [2006-07-19 12048]
R3 cpuz130;cpuz130;c:\users\VCLAVS~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-07-05 25640]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-04-06 50688]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-27 834544]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-01-11 250008]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-01-11 39888]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 136584]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/17 20:48];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-02-28 18:40 146928]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 123200]
S2 GEST Service;GEST Service for program management.;c:\program files (x86)\Gigabyte\EnergySaver\GSvr.exe [2009-12-02 68136]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-02-21 30528]
S3 MarkFun_NT;MarkFun_NT;c:\program files (x86)\GIGABYTE\ET5Pro\markfun.a64 [2007-09-21 19008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S4 atillk64;atillk64;c:\program files (x86)\GIGABYTE\ET5Pro\atillk64.sys [2006-07-19 14608]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MARKFUN_NT

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2716216]
"WheelMouse"="c:\program files\Mouse\Amoumain.exe" [2008-03-03 196608]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 3832064]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-22 8866120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Václav Sedlář\AppData\Roaming\Mozilla\Firefox\Profiles\sdv1213o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: České slovníky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - %profile%\extensions\cs@dictionaries.addons.mozilla.org
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MarkFun_NT]
"ImagePath"="\??\c:\program files (x86)\GIGABYTE\ET5Pro\markfun.a64"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-342074640-1979808654-670201236-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b3,56,35,a2,e3,5f,e7,87,cf,98,f8,0a,89,07,cf,27,71,fe,52,7c,6f,74,03,
30,93,eb,63,dc,1a,83,c0,cd,64,32,c3,08,8c,63,74,7d,7d,03,9e,8f,3d,b8,b5,df,\
"??"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="FBB11AEE139EC2BCA218027050D98813F79978B4C9E51BD85AEBDD150A5FEE49B5EE27F77F08991726C8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5D1407BA7FD869164D6794E4934890366DB336925C0F848BDC9E40C26F5DBF3553A75C410B7D533E89BA9AE6A1AAC7D8865B1967DF8D339BF1BEA6F9B7815F91EDC3704D0A2E0294FCAD3EC753ED03FA00B84324F38DD090C175FC4D7DCAC8E60C809E1A97332F70D97C924DF2CDB06E0AE50A6A4C0DFD29313295DCFB9C70016D415BE89AF83EC9D51ECEF23258C576F20F831305DF609549750CFA5830C81FF37C6127DE3B158D4E21EDE5A4EF394F31F78E2A982E1FFEB956BAB217114D7327BFB07D130C9E1A4324AE0943CB86A25CF3C9EDEAF2E6FCD3004640A4237B27B1A709C3CBD2CAC457DB94F2EA772D1332EC19D1BF006A1E8CAF1112CD975552E2E87187FE460AD5D38FE6EE5AD0B1B514DFA5FEC0F65BE4FEB8C4CEC4FADD862D4A348B8976D387231E30FA378A9B1305DED9CFFBD07547E77F4F4E21A62345A828DEC4AA44238C56F440C809ACF529AF0F6753E2D8F22F2A7FE19DDCCB2F850E6F44DC04E6F686211B2AC03E10D067DF28C24D4AAE15F94BC8F07C567195B33DA5FAAF9F66510F5BA645FBA4E43F3508782336EB4721F9F479365FCFEDEAADBAE0DBD06621B93180432CC8F22ED9683BE18439E468DF7675CB2EEE6FF0C846AACD86062A4839ECB0343D2B40C13C50B359A736B6AF1DA7BF889A884078CE465A2ADBC69B63DFB7B04B9D5808C905AD4E6891BFC60C2ABC678C01BB305A9CE6B7CA82C1544AC0F7E6F2B3BAACC6D8350AAA089D5FC1DA57274CA94E133ED757549464D84FABF00A6125A972718ADE108ED299CA2C68090E5E4D21B69CA32BBB6984B0A16B890BBECCF2EFD07F3CC2DA23A69478BFEA10690EA93A23E8D8C32A512AD8656C3930D98080B9DBE2D634A7357E8E09100AD1695A108974F683532D0A2812A079657F927287FC4E8BA8677A55485E147459B2FE10C1E73D279C0FC4B6B558851E0A23163E527518CD54924CB88521652DC09A109B1672C7427032649E1E68FA49F9C3042542225AE250F28AB749B77C58FB76F68DF68B9071A077F12C40C4984F5B8F6F0ACB47ECE6E84896CF3F448C7E9938029EE2564642A024C9EE90B3ADE6283AE175F66A58D9BBD4C4A1A3AFFD077FD172A7EBBCCFA83A7BB81916BF392B2DF9D513DFD7DCA0BB61DE72C8A6E940E3BE7EA5B76CC37A0A470583EBB6F39D0C0B3CB2361FEC042FB8A0AB1299245B537AD03B8156F0F101D562A5BFAAC49EBCA87AC73F912E2FB12BBC58FABCAB6C2E84072F98AF55AD6379FDA0D7F0CAF7069966EAD2477B34B18BD72A"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\GIGABYTE\ET5Pro\GUI.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Celkový čas: 2011-02-21 19:58:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-21 18:58

Před spuštěním: Volných bajtů: 28 486 430 720
Po spuštění: Volných bajtů: 28 332 109 824

- - End Of File - - DDDEDAEBA1B284B05018C64985C7C168

[Rudy]

2Václav Sedlář: Založte si, prosím, vlastní topic a log do něj vložte. Zde máme zavedeno, že každý user musí mít vlastní topic zdůvodu přehlednosti. Děkujeme.

[Václav Sedlář]

aha,nevěděl jsem-na jiných forech je to prohřešek dělat kopii...

[Rudy]

aha,nevěděl jsem-na jiných forech je to prohřešek dělat kopii...

Tady ne, stejný problém může mít různá řešení. Tím se thread stane nepřehledným. Děkuji za pochopení.