Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:41, on 20.6.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal
Running processes:
C:\Users\Tomashek\AppData\Local\Temp\Lw1.exe
C:\Windows\Lxyqaa.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\GBM\GRemote Pro\GRemoteServer.exe
C:\Program Files (x86)\CT24\ct24crawl.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Macro Express3\MacExp.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.EXE
C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\NaturalPoint\SmartNAV\DwellClicker.exe
C:\Program Files (x86)\Petit\ClickNType\Click-N-Type.exe
C:\Program Files (x86)\Altap Salamander\salamand.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Tomashek\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4791y217
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4791y217
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4791y217
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t4791y217
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [NaturalPoint] C:\Program Files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [GRemoteServer Pro] C:\Program Files (x86)\GBM\GRemote Pro\GRemoteServer.exe
O4 - HKCU\..\Run: [ct24crawl] C:\Program Files (x86)\CT24\ct24crawl.exe
O4 - HKCU\..\Run: [4ECYTQ9SIC] C:\Users\Tomashek\AppData\Local\Temp\Lw1.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files (x86)\Macro Express3\MacExp.exe
O4 - Global Startup: NDAS Device Management.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Prevést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Prevést cíl vazby do existujícího PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Prevést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridat do stávajícího PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
--
End of file - 17018 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu
Ještě poprosím o log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu
ComboFix 11-06-19.0r1 - Tomashek 20.06.2011 18:49:42.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4085.2356 [GMT 2:00]
Spuštěný z: c:\users\Tomashek\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Acer Bio Protection\PwdFilterV64.dll
c:\users\Tomashek\AppData\Local\Temp\11DFC4DD-43E38C21-8EB896E2-D107A09C\225319.exe
c:\users\Tomashek\AppData\Local\Temp\11DFC4DD-43E38C21-8EB896E2-D107A09C\48d80_xp.exe
c:\users\Tomashek\AppData\Local\Temp\11DFC4DD-43E38C21-8EB896E2-D107A09C\setup.dll
c:\windows\Lxyqaa.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-20 do 2011-06-20 )))))))))))))))))))))))))))))))
.
.
2011-06-20 16:58 . 2011-06-20 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-20 14:33 . 2011-06-20 14:33 -------- d-----w- C:\dac99401e538585195ebf1
2011-06-20 14:29 . 2011-06-20 14:29 106496 --sha-r- c:\windows\SysWow64\C_208389.dll
2011-06-20 13:50 . 2011-06-20 14:10 -------- d-----w- c:\program files (x86)\Macro Express Pro
2011-06-20 13:40 . 2011-06-20 13:40 -------- d-----w- c:\programdata\Insight Software
2011-06-20 13:40 . 2011-06-20 14:05 -------- d-----w- c:\program files (x86)\Common Files\Insight Software Solutions
2011-06-20 13:40 . 2011-06-20 14:05 -------- d-----w- c:\program files (x86)\Macro Express3
2011-06-20 12:42 . 2011-06-20 12:42 -------- d-----w- c:\programdata\eMule
2011-06-20 12:41 . 2011-06-20 12:41 -------- d-----w- c:\program files (x86)\eMule
2011-06-20 12:05 . 2011-06-20 12:05 -------- d-----w- c:\programdata\InstallShield
2011-06-20 12:04 . 2011-06-20 12:04 -------- d-----w- c:\programdata\ScanSoft
2011-06-20 12:04 . 2011-06-20 12:04 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared
2011-06-20 12:04 . 2011-06-20 12:04 -------- d-----w- c:\program files (x86)\ScanSoft
2011-06-20 12:02 . 2011-06-20 12:02 -------- d-----w- c:\program files (x86)\ArcSoft
2011-06-20 12:02 . 1995-07-31 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2011-06-20 12:00 . 2011-06-20 12:00 -------- d--h--w- c:\programdata\CanonBJ
2011-06-20 12:00 . 2006-09-12 20:00 80896 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP8A.DLL
2011-06-20 12:00 . 2006-09-12 20:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD8A.DLL
2011-06-20 12:00 . 2011-06-20 12:00 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-06-20 11:59 . 2006-09-12 20:00 234496 ----a-w- c:\windows\system32\CNMLM8A.DLL
2011-06-20 11:59 . 2006-06-29 05:30 17408 ----a-w- c:\windows\system32\cnco810.dll
2011-06-20 11:59 . 2006-07-20 07:14 49664 ----a-w- c:\windows\system32\CNCI810.DLL
2011-06-20 11:59 . 2006-05-26 07:23 96768 ----a-w- c:\windows\system32\CNCL810.DLL
2011-06-20 11:59 . 2006-07-20 07:14 1336320 ----a-w- c:\windows\system32\CNCC810.DLL
2011-06-20 11:59 . 2011-06-20 11:59 -------- d--h--w- c:\program files\CanonBJ
2011-06-20 11:56 . 2011-06-20 13:32 -------- d-----w- c:\program files (x86)\Canon
2011-06-20 10:23 . 2009-08-19 21:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-06-20 01:03 . 2011-06-20 01:03 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-06-19 23:29 . 2011-06-19 23:29 472576 ----a-w- c:\windows\AutoKMS.exe
2011-06-19 23:21 . 2011-06-19 23:21 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-06-19 23:20 . 2011-06-19 23:20 -------- d-----w- c:\windows\PCHEALTH
2011-06-19 23:20 . 2011-06-19 23:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-06-19 23:20 . 2011-06-19 23:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-06-19 23:18 . 2011-06-19 23:18 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-06-19 23:18 . 2011-06-19 23:18 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-06-19 23:18 . 2011-06-19 23:18 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-06-19 23:16 . 2011-06-19 23:16 -------- d-----r- C:\MSOCache
2011-06-19 22:34 . 2011-06-19 22:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-19 19:32 . 2011-05-04 02:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-19 19:32 . 2011-06-19 22:33 -------- d-----w- c:\program files (x86)\Java
2011-06-19 19:29 . 2011-06-19 19:52 -------- d-----w- c:\program files (x86)\JDownloader
2011-06-19 17:29 . 2011-06-19 18:01 -------- d-----w- c:\program files (x86)\ICQ7.5
2011-06-19 17:15 . 2011-06-20 08:00 -------- d-----r- c:\program files (x86)\Skype
2011-06-19 17:15 . 2011-06-20 08:00 -------- d-----w- c:\programdata\Skype
2011-06-19 13:56 . 2011-06-19 13:56 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-06-19 13:56 . 2011-06-19 13:56 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-19 13:46 . 2011-06-19 13:46 -------- d-----w- c:\program files\PlayReady
2011-06-19 11:20 . 2011-06-19 11:20 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-19 11:20 . 2011-06-19 11:20 -------- d-----w- c:\windows\system32\Wat
2011-06-19 11:16 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-06-19 11:16 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-06-19 11:08 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-06-19 11:08 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-06-18 22:22 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-06-18 22:22 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-06-18 22:22 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-18 22:22 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-06-18 22:22 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-06-18 22:22 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-06-18 22:22 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-06-18 22:22 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-06-18 22:22 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-06-18 22:22 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-18 22:22 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-06-18 22:19 . 2011-06-18 22:19 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-06-18 22:14 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-06-18 22:14 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-06-18 22:08 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-06-18 22:08 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-06-18 20:17 . 2006-12-15 14:19 521456 ----a-w- c:\windows\system32\drivers\ndasfat.sys
2011-06-18 20:17 . 2006-12-15 14:18 306928 ----a-w- c:\windows\system32\drivers\lfsfilt.sys
2011-06-18 20:13 . 2011-06-18 20:13 -------- d-----w- c:\program files\NDAS
2011-06-18 19:00 . 2011-06-18 19:00 -------- d-----w- c:\program files (x86)\VideoLAN
2011-06-18 17:08 . 2011-06-18 17:08 -------- d-----w- c:\program files (x86)\GSpot270a
2011-06-18 17:02 . 2011-06-18 17:02 -------- d-----w- c:\program files (x86)\CT24
2011-06-18 16:41 . 2009-08-19 21:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-18 16:13 . 2011-06-20 10:13 -------- d---a-w- c:\program files (x86)\Altap Salamander 2.5
2011-06-18 15:59 . 2011-06-20 13:40 -------- d-----w- c:\programdata\Insight Software Solutions
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----w- c:\programdata\FLEXnet
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-06-18 15:20 . 2011-06-18 15:20 -------- d-----w- c:\program files\MediaInfo
2011-06-18 15:18 . 2011-06-19 22:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-18 15:04 . 2011-06-18 15:04 -------- d-----w- c:\program files (x86)\GBM
2011-06-18 15:01 . 2011-06-18 15:01 -------- d-----w- c:\program files (x86)\Sparus Software
2011-06-18 14:46 . 2011-06-18 14:51 -------- d-----w- c:\windows\WindowsMobile
2011-06-18 14:35 . 2011-06-19 21:43 -------- d-----w- c:\programdata\Active Home Professional
2011-06-18 14:35 . 2011-06-19 12:22 -------- d-----w- c:\programdata\X10 Settings
2011-06-18 14:35 . 2011-06-18 14:35 -------- d-----w- C:\My Images
2011-06-18 14:34 . 1999-06-25 07:56 127184 ----a-w- c:\windows\Unwise.exe
2011-06-18 14:34 . 2011-06-18 14:36 -------- d-----w- c:\program files (x86)\ActiveHome Pro
2011-06-18 14:34 . 2011-06-18 14:34 -------- d-----w- c:\program files (x86)\Common Files\X10
2011-06-18 14:10 . 2011-06-18 14:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-18 13:59 . 2011-06-18 13:59 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2011-06-18 13:37 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-06-18 13:36 . 2010-01-19 09:05 424960 ----a-w- c:\windows\system32\secproc.dll
2011-06-18 13:35 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-06-18 13:35 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-06-18 13:35 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2011-06-18 13:35 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-06-18 13:35 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-06-18 13:35 . 2009-12-13 09:46 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-06-18 13:35 . 2009-12-13 09:30 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-06-18 13:33 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-06-18 13:33 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-06-18 13:33 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-18 13:33 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-06-18 13:33 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-06-18 13:31 . 2009-12-22 08:36 243200 ----a-w- c:\windows\system32\wow64.dll
2011-06-18 13:28 . 2011-06-18 13:28 -------- d-----w- c:\program files (x86)\Alcohol Soft
2011-06-18 13:26 . 2011-06-18 13:26 503352 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-06-18 13:21 . 2011-06-18 13:21 -------- d-----w- c:\program files (x86)\AnvSoft
2011-06-18 13:13 . 2011-06-18 13:13 -------- d-----w- c:\program files (x86)\PCNetSoftware
2011-06-18 13:02 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-06-18 13:02 . 2011-05-24 17:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{275EBEBC-AB59-4587-96A7-F2FC304901DA}\mpengine.dll
2011-06-18 13:00 . 2011-06-18 13:01 -------- d-----w- c:\program files (x86)\Altap Salamander
2011-06-18 12:56 . 2010-12-21 06:16 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-06-18 12:56 . 2010-11-02 05:12 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-06-18 12:56 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-06-18 12:54 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-18 12:53 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-06-18 12:53 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-06-18 12:51 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-06-18 12:49 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-06-18 12:49 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-06-18 12:49 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 18:45 . 2011-06-05 18:45 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\qwavedrv.sys.mui
2011-06-05 18:45 . 2011-06-05 18:45 5632 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
2011-06-05 18:45 . 2011-06-05 18:45 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\scfilter.sys.mui
2011-06-05 18:44 . 2011-06-05 18:44 50176 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\tcpip.sys.mui
2011-06-05 18:44 . 2011-06-05 18:44 27136 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\bfe.dll.mui
2011-06-05 18:44 . 2011-06-05 18:44 15360 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\pacer.sys.mui
2011-06-05 09:03 . 2009-09-08 03:51 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-09-08 04:02 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-08 39408]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"GRemoteServer Pro"="c:\program files (x86)\GBM\GRemote Pro\GRemoteServer.exe" [2010-05-04 2310368]
"ct24crawl"="c:\program files (x86)\CT24\ct24crawl.exe" [2010-08-09 929280]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-22 261888]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 825864]
"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-08-28 3567616]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480]
"NaturalPoint"="c:\program files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe" [2008-07-06 386560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-9-8 708608]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-17 1079584]
Macro Express 3.lnk - c:\program files (x86)\Macro Express3\MacExp.exe [2011-6-20 3818496]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2006-12-15 366320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-09-08 332272]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 ndasfat;NDAS FAT;c:\windows\system32\DRIVERS\ndasfat.sys [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2011/06/05 11:49];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-02 17:52 146928]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 796192]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-08-28 3450368]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-22 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus64.sys [x]
S3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\DRIVERS\GRemoteJoy64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Ltn_stk7770P;PCTV LITEON TT128xDA based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7770P.sys [x]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [x]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 15:15]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 15:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-09-08 04:02 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF24563.cfxxe" [X]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-19 496160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-03 8098848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-26 16369768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_8940g&r=273606110126l0333z115t4791y217
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_8940g&r=273606110126l0333z115t4791y217
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\Tomashek\AppData\Roaming\Mozilla\Firefox\Profiles\j58psk07.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\progra~2\COMMON~1\X10\Common\x10nets.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\NaturalPoint\SmartNAV\DwellClicker.exe
c:\windows\WindowsMobile\WmdHost.exe
c:\program files (x86)\Sparus Software\EveryWAN Remote Support Personal Edition\PRS.exe
.
**************************************************************************
.
Celkový čas: 2011-06-20 19:05:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-20 17:05
.
Před spuštěním: Volných bajtů: 419 945 705 472
Po spuštění: Volných bajtů: 420 338 573 312
.
- - End Of File - - 661D270E0D12BA4397CD858E2D28AB8C
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4085.2356 [GMT 2:00]
Spuštěný z: c:\users\Tomashek\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Acer Bio Protection\PwdFilterV64.dll
c:\users\Tomashek\AppData\Local\Temp\11DFC4DD-43E38C21-8EB896E2-D107A09C\225319.exe
c:\users\Tomashek\AppData\Local\Temp\11DFC4DD-43E38C21-8EB896E2-D107A09C\48d80_xp.exe
c:\users\Tomashek\AppData\Local\Temp\11DFC4DD-43E38C21-8EB896E2-D107A09C\setup.dll
c:\windows\Lxyqaa.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-20 do 2011-06-20 )))))))))))))))))))))))))))))))
.
.
2011-06-20 16:58 . 2011-06-20 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-20 14:33 . 2011-06-20 14:33 -------- d-----w- C:\dac99401e538585195ebf1
2011-06-20 14:29 . 2011-06-20 14:29 106496 --sha-r- c:\windows\SysWow64\C_208389.dll
2011-06-20 13:50 . 2011-06-20 14:10 -------- d-----w- c:\program files (x86)\Macro Express Pro
2011-06-20 13:40 . 2011-06-20 13:40 -------- d-----w- c:\programdata\Insight Software
2011-06-20 13:40 . 2011-06-20 14:05 -------- d-----w- c:\program files (x86)\Common Files\Insight Software Solutions
2011-06-20 13:40 . 2011-06-20 14:05 -------- d-----w- c:\program files (x86)\Macro Express3
2011-06-20 12:42 . 2011-06-20 12:42 -------- d-----w- c:\programdata\eMule
2011-06-20 12:41 . 2011-06-20 12:41 -------- d-----w- c:\program files (x86)\eMule
2011-06-20 12:05 . 2011-06-20 12:05 -------- d-----w- c:\programdata\InstallShield
2011-06-20 12:04 . 2011-06-20 12:04 -------- d-----w- c:\programdata\ScanSoft
2011-06-20 12:04 . 2011-06-20 12:04 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared
2011-06-20 12:04 . 2011-06-20 12:04 -------- d-----w- c:\program files (x86)\ScanSoft
2011-06-20 12:02 . 2011-06-20 12:02 -------- d-----w- c:\program files (x86)\ArcSoft
2011-06-20 12:02 . 1995-07-31 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2011-06-20 12:00 . 2011-06-20 12:00 -------- d--h--w- c:\programdata\CanonBJ
2011-06-20 12:00 . 2006-09-12 20:00 80896 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP8A.DLL
2011-06-20 12:00 . 2006-09-12 20:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD8A.DLL
2011-06-20 12:00 . 2011-06-20 12:00 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-06-20 11:59 . 2006-09-12 20:00 234496 ----a-w- c:\windows\system32\CNMLM8A.DLL
2011-06-20 11:59 . 2006-06-29 05:30 17408 ----a-w- c:\windows\system32\cnco810.dll
2011-06-20 11:59 . 2006-07-20 07:14 49664 ----a-w- c:\windows\system32\CNCI810.DLL
2011-06-20 11:59 . 2006-05-26 07:23 96768 ----a-w- c:\windows\system32\CNCL810.DLL
2011-06-20 11:59 . 2006-07-20 07:14 1336320 ----a-w- c:\windows\system32\CNCC810.DLL
2011-06-20 11:59 . 2011-06-20 11:59 -------- d--h--w- c:\program files\CanonBJ
2011-06-20 11:56 . 2011-06-20 13:32 -------- d-----w- c:\program files (x86)\Canon
2011-06-20 10:23 . 2009-08-19 21:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-06-20 01:03 . 2011-06-20 01:03 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-06-19 23:29 . 2011-06-19 23:29 472576 ----a-w- c:\windows\AutoKMS.exe
2011-06-19 23:21 . 2011-06-19 23:21 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-06-19 23:20 . 2011-06-19 23:20 -------- d-----w- c:\windows\PCHEALTH
2011-06-19 23:20 . 2011-06-19 23:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2011-06-19 23:20 . 2011-06-19 23:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-06-19 23:18 . 2011-06-19 23:18 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-06-19 23:18 . 2011-06-19 23:18 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-06-19 23:18 . 2011-06-19 23:18 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-06-19 23:16 . 2011-06-19 23:16 -------- d-----r- C:\MSOCache
2011-06-19 22:34 . 2011-06-19 22:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-19 19:32 . 2011-05-04 02:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-06-19 19:32 . 2011-06-19 22:33 -------- d-----w- c:\program files (x86)\Java
2011-06-19 19:29 . 2011-06-19 19:52 -------- d-----w- c:\program files (x86)\JDownloader
2011-06-19 17:29 . 2011-06-19 18:01 -------- d-----w- c:\program files (x86)\ICQ7.5
2011-06-19 17:15 . 2011-06-20 08:00 -------- d-----r- c:\program files (x86)\Skype
2011-06-19 17:15 . 2011-06-20 08:00 -------- d-----w- c:\programdata\Skype
2011-06-19 13:56 . 2011-06-19 13:56 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-06-19 13:56 . 2011-06-19 13:56 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-19 13:46 . 2011-06-19 13:46 -------- d-----w- c:\program files\PlayReady
2011-06-19 11:20 . 2011-06-19 11:20 -------- d-----w- c:\windows\SysWow64\Wat
2011-06-19 11:20 . 2011-06-19 11:20 -------- d-----w- c:\windows\system32\Wat
2011-06-19 11:16 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-06-19 11:16 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-06-19 11:08 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-06-19 11:08 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-06-18 22:22 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-06-18 22:22 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-06-18 22:22 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-18 22:22 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-06-18 22:22 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-06-18 22:22 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-06-18 22:22 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-06-18 22:22 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-06-18 22:22 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-06-18 22:22 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-06-18 22:22 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-06-18 22:19 . 2011-06-18 22:19 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-06-18 22:14 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-06-18 22:14 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-06-18 22:08 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-06-18 22:08 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-06-18 20:17 . 2006-12-15 14:19 521456 ----a-w- c:\windows\system32\drivers\ndasfat.sys
2011-06-18 20:17 . 2006-12-15 14:18 306928 ----a-w- c:\windows\system32\drivers\lfsfilt.sys
2011-06-18 20:13 . 2011-06-18 20:13 -------- d-----w- c:\program files\NDAS
2011-06-18 19:00 . 2011-06-18 19:00 -------- d-----w- c:\program files (x86)\VideoLAN
2011-06-18 17:08 . 2011-06-18 17:08 -------- d-----w- c:\program files (x86)\GSpot270a
2011-06-18 17:02 . 2011-06-18 17:02 -------- d-----w- c:\program files (x86)\CT24
2011-06-18 16:41 . 2009-08-19 21:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-18 16:13 . 2011-06-20 10:13 -------- d---a-w- c:\program files (x86)\Altap Salamander 2.5
2011-06-18 15:59 . 2011-06-20 13:40 -------- d-----w- c:\programdata\Insight Software Solutions
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----w- c:\programdata\FLEXnet
2011-06-18 15:44 . 2011-06-18 15:44 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-06-18 15:20 . 2011-06-18 15:20 -------- d-----w- c:\program files\MediaInfo
2011-06-18 15:18 . 2011-06-19 22:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-06-18 15:04 . 2011-06-18 15:04 -------- d-----w- c:\program files (x86)\GBM
2011-06-18 15:01 . 2011-06-18 15:01 -------- d-----w- c:\program files (x86)\Sparus Software
2011-06-18 14:46 . 2011-06-18 14:51 -------- d-----w- c:\windows\WindowsMobile
2011-06-18 14:35 . 2011-06-19 21:43 -------- d-----w- c:\programdata\Active Home Professional
2011-06-18 14:35 . 2011-06-19 12:22 -------- d-----w- c:\programdata\X10 Settings
2011-06-18 14:35 . 2011-06-18 14:35 -------- d-----w- C:\My Images
2011-06-18 14:34 . 1999-06-25 07:56 127184 ----a-w- c:\windows\Unwise.exe
2011-06-18 14:34 . 2011-06-18 14:36 -------- d-----w- c:\program files (x86)\ActiveHome Pro
2011-06-18 14:34 . 2011-06-18 14:34 -------- d-----w- c:\program files (x86)\Common Files\X10
2011-06-18 14:10 . 2011-06-18 14:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-18 13:59 . 2011-06-18 13:59 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2011-06-18 13:37 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-06-18 13:36 . 2010-01-19 09:05 424960 ----a-w- c:\windows\system32\secproc.dll
2011-06-18 13:35 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-06-18 13:35 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-06-18 13:35 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2011-06-18 13:35 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-06-18 13:35 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-06-18 13:35 . 2009-12-13 09:46 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-06-18 13:35 . 2009-12-13 09:30 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-06-18 13:33 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-06-18 13:33 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-06-18 13:33 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-18 13:33 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-06-18 13:33 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-06-18 13:31 . 2009-12-22 08:36 243200 ----a-w- c:\windows\system32\wow64.dll
2011-06-18 13:28 . 2011-06-18 13:28 -------- d-----w- c:\program files (x86)\Alcohol Soft
2011-06-18 13:26 . 2011-06-18 13:26 503352 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-06-18 13:21 . 2011-06-18 13:21 -------- d-----w- c:\program files (x86)\AnvSoft
2011-06-18 13:13 . 2011-06-18 13:13 -------- d-----w- c:\program files (x86)\PCNetSoftware
2011-06-18 13:02 . 2011-05-24 17:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-06-18 13:02 . 2011-05-24 17:12 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{275EBEBC-AB59-4587-96A7-F2FC304901DA}\mpengine.dll
2011-06-18 13:00 . 2011-06-18 13:01 -------- d-----w- c:\program files (x86)\Altap Salamander
2011-06-18 12:56 . 2010-12-21 06:16 214016 ----a-w- c:\windows\system32\winsrv.dll
2011-06-18 12:56 . 2010-11-02 05:12 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-06-18 12:56 . 2010-11-02 04:35 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-06-18 12:54 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-18 12:53 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-06-18 12:53 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-06-18 12:51 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-06-18 12:49 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-06-18 12:49 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-06-18 12:49 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 18:45 . 2011-06-05 18:45 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\qwavedrv.sys.mui
2011-06-05 18:45 . 2011-06-05 18:45 5632 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\ndiscap.sys.mui
2011-06-05 18:45 . 2011-06-05 18:45 2560 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\scfilter.sys.mui
2011-06-05 18:44 . 2011-06-05 18:44 50176 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\tcpip.sys.mui
2011-06-05 18:44 . 2011-06-05 18:44 27136 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\bfe.dll.mui
2011-06-05 18:44 . 2011-06-05 18:44 15360 ----a-w- c:\windows\SysWow64\drivers\cs-CZ\pacer.sys.mui
2011-06-05 09:03 . 2009-09-08 03:51 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-09-08 04:02 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-08 39408]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"GRemoteServer Pro"="c:\program files (x86)\GBM\GRemote Pro\GRemoteServer.exe" [2010-05-04 2310368]
"ct24crawl"="c:\program files (x86)\CT24\ct24crawl.exe" [2010-08-09 929280]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-22 261888]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 825864]
"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2009-08-28 3567616]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-05 181480]
"NaturalPoint"="c:\program files (x86)\NaturalPoint\SmartNAV\SmartNAV.exe" [2008-07-06 386560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-9-8 708608]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-17 1079584]
Macro Express 3.lnk - c:\program files (x86)\Macro Express3\MacExp.exe [2011-6-20 3818496]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2006-12-15 366320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-09-08 332272]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 ndasfat;NDAS FAT;c:\windows\system32\DRIVERS\ndasfat.sys [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2011/06/05 11:49];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-09-02 17:52 146928]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 796192]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe [2009-08-28 3450368]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-22 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus64.sys [x]
S3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\DRIVERS\GRemoteJoy64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Ltn_stk7770P;PCTV LITEON TT128xDA based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7770P.sys [x]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [x]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 15:15]
.
2011-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-20 15:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2009-09-08 04:02 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF24563.cfxxe" [X]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-19 496160]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-03 8098848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-26 16369768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_8940g&r=273606110126l0333z115t4791y217
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=aspire_8940g&r=273606110126l0333z115t4791y217
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\Tomashek\AppData\Roaming\Mozilla\Firefox\Profiles\j58psk07.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\progra~2\COMMON~1\X10\Common\x10nets.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\NaturalPoint\SmartNAV\DwellClicker.exe
c:\windows\WindowsMobile\WmdHost.exe
c:\program files (x86)\Sparus Software\EveryWAN Remote Support Personal Edition\PRS.exe
.
**************************************************************************
.
Celkový čas: 2011-06-20 19:05:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-20 17:05
.
Před spuštěním: Volných bajtů: 419 945 705 472
Po spuštění: Volných bajtů: 420 338 573 312
.
- - End Of File - - 661D270E0D12BA4397CD858E2D28AB8C
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu
Všechny trojany CF smazal, zbytek logu vypadá čistý. Zjišťuji ale, že váš OS, nebo MSOffice nejsou legální.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: prosím o kontrolu logu
díky ... pc jsem koupil nový se SW, to je divné 
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: prosím o kontrolu logu
Toto: c:\windows\AutoKMS.exe je aktivátor, který se používá k cracknutí produktů MS. No, nic, necháme toho.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?