Prosím pěkně o preventivku

[Seel]

ComboFix 10-08-10.07 - Illesil 11.08.2010 20:31:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2525.1568 [GMT 2:00]
Spuštěný z: c:\users\Illesil\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Illesil\Documents\cc_20100811_172641.reg

----- BITS: Možné infikované stránky -----

hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_osppsvc


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-11 do 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-11 18:53 . 2010-08-11 19:00 -------- d-----w- c:\users\Illesil\AppData\Local\temp
2010-08-11 18:53 . 2010-08-11 18:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-11 15:59 . 2010-08-11 16:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-11 15:59 . 2010-08-11 16:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-10 20:58 . 2010-08-10 20:58 -------- d-----w- C:\_OTL
2010-08-10 11:37 . 2010-08-10 11:41 -------- d-----w- c:\program files\trend micro
2010-08-10 11:37 . 2010-08-10 11:42 -------- d-----w- C:\rsit
2010-08-03 19:02 . 2010-08-03 19:02 -------- d-----w- c:\program files\Garena Hack EXP
2010-07-30 14:26 . 2010-07-30 14:26 -------- d-----w- c:\users\Illesil\AppData\Local\CyberLink
2010-07-30 14:26 . 2010-07-31 19:40 -------- d-----w- c:\users\Illesil\AppData\Local\PlayMovie
2010-07-30 14:26 . 2010-07-30 14:26 -------- d-----w- c:\users\Illesil\AppData\Local\SoftDMA
2010-07-30 14:26 . 2010-07-30 14:26 -------- d-----w- c:\users\Illesil\AppData\Local\Acer Arcade Deluxe
2010-07-30 14:26 . 2010-07-30 14:26 -------- d-----w- c:\users\Illesil\AppData\Roaming\CyberLink
2010-07-26 10:43 . 2010-07-26 10:43 -------- d-----w- c:\users\Illesil\AppData\Local\DOSBox
2010-07-25 23:10 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-07-25 16:16 . 2010-07-31 19:42 -------- d-----w- c:\users\Illesil\AppData\Roaming\dvdcss
2010-07-23 21:02 . 2010-07-24 19:36 -------- d-----w- c:\users\Illesil\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2010-07-18 15:11 . 2010-07-26 20:38 -------- d-----w- c:\users\Illesil\AppData\Roaming\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 18:55 . 2010-06-19 17:40 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-11 15:48 . 2008-01-21 06:46 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-08-11 15:48 . 2008-01-21 06:46 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-08-11 15:30 . 2008-09-03 00:56 -------- d-----w- c:\program files\Acer GameZone
2010-08-10 13:25 . 2010-08-10 13:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-31 19:20 . 2010-06-16 03:26 -------- d-----w- c:\programdata\CyberLink
2010-07-25 22:59 . 2008-09-03 00:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-22 21:31 . 2010-06-16 14:21 -------- d-----w- c:\users\Illesil\AppData\Roaming\BSplayer
2010-07-17 14:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-30 21:54 . 2010-06-16 14:58 103992 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-30 21:54 . 2010-06-16 02:22 8224 ----a-w- c:\users\Illesil\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-30 21:45 . 2008-09-03 01:16 -------- d-----w- c:\programdata\Microsoft Help
2010-06-30 21:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-06-30 21:36 . 2010-06-30 21:36 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-30 21:35 . 2010-06-30 21:35 -------- d-----w- c:\program files\Microsoft.NET
2010-06-30 21:35 . 2010-06-30 21:35 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-06-30 21:35 . 2010-06-30 21:35 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-30 21:34 . 2010-06-30 21:34 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-30 21:32 . 2010-06-30 21:32 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-06-30 21:20 . 2008-09-03 01:18 -------- d-----w- c:\program files\Microsoft Works
2010-06-29 10:17 . 2010-06-16 11:35 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-29 08:47 . 2010-06-29 08:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-06-28 22:29 . 2010-06-28 22:29 249856 ------w- c:\windows\Setup1.exe
2010-06-28 22:29 . 2010-06-28 22:29 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-06-24 11:45 . 2010-06-24 11:45 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb50FE.tmp.exe
2010-06-18 16:44 . 2010-06-18 16:44 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-06-18 09:22 . 2010-06-18 09:22 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-18 09:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-17 19:40 . 2010-06-16 02:23 -------- d-----w- c:\program files\Google
2010-06-17 15:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-06-17 15:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-06-17 15:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-06-17 15:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-06-17 15:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-06-17 15:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-06-16 15:13 . 2010-06-16 15:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-16 14:21 . 2010-06-16 14:21 -------- d-----w- c:\users\Illesil\AppData\Roaming\BSplayer Pro
2010-06-16 12:28 . 2010-06-16 12:28 -------- d-----w- c:\program files\MSXML 4.0
2010-06-16 11:31 . 2008-09-03 00:42 -------- d-----w- c:\programdata\McAfee
2010-06-16 11:28 . 2008-09-03 00:44 -------- d-----w- c:\programdata\SiteAdvisor
2010-06-16 04:01 . 2008-09-03 00:30 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-06-16 04:01 . 2010-06-16 04:01 -------- d-----w- c:\program files\Realtek
2010-06-16 04:00 . 2010-06-16 04:00 -------- d-----w- c:\users\Illesil\AppData\Roaming\ATI
2010-06-16 03:56 . 2010-06-16 03:56 -------- d-----w- c:\programdata\ATI
2010-06-16 03:54 . 2010-06-16 03:54 0 ----a-w- c:\windows\ativpsrm.bin
2010-06-16 03:50 . 2010-06-16 03:50 -------- d-----w- c:\program files\Acer Incorporated
2010-06-16 03:47 . 2010-06-16 03:27 -------- d-----w- c:\program files\Acer Arcade Deluxe
2010-06-16 03:41 . 2010-06-16 02:22 680 ----a-w- c:\users\Illesil\AppData\Local\d3d9caps.dat
2010-06-16 03:27 . 2010-06-16 03:27 53319 ----a-w- c:\programdata\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2010-06-16 03:25 . 2010-06-16 03:26 53319 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2010-06-16 03:25 . 2010-06-16 03:25 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
2010-06-16 03:25 . 2010-06-16 03:25 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
2010-06-16 03:24 . 2010-06-16 03:24 23040 ----a-w- c:\windows\system32\ShlCmd.exe
2010-06-16 03:24 . 2010-06-16 03:24 5632 ----a-w- c:\windows\system32\biologon.dll
2010-06-16 03:24 . 2010-06-16 03:24 43184 ----a-w- c:\windows\system32\drivers\AlfaFF.sys
2010-06-16 03:24 . 2010-06-16 03:24 331776 ----a-w- c:\windows\system32\DrvCrypt.dll
2010-06-16 03:24 . 2010-06-16 03:24 16384 ----a-w- c:\windows\system32\AlfaFF.dll
2010-06-16 03:24 . 2010-06-16 03:24 1468928 ----a-w- c:\windows\system32\bsapi.dll
2010-06-16 03:24 . 2008-09-03 00:41 -------- d-----w- c:\program files\Acer
2010-06-16 03:24 . 2010-06-16 03:22 -------- d-----w- c:\program files\Common Files\SPBA
2010-06-16 03:22 . 2010-06-16 03:22 -------- d-----w- c:\programdata\UIB
2010-06-16 02:50 . 2010-06-16 02:50 -------- d-----w- c:\program files\Acer Inc
2010-06-16 02:48 . 2010-06-16 02:48 -------- d-----w- c:\program files\Launch Manager
2010-06-16 02:46 . 2010-06-16 02:46 -------- d-----w- c:\users\Illesil\AppData\Roaming\InstallShield
2010-06-16 02:43 . 2010-06-16 02:43 -------- d-----w- c:\program files\WIDCOMM
2010-06-16 02:42 . 2010-06-16 02:42 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-06-16 02:41 . 2010-06-16 02:41 -------- d-----w- c:\program files\Synaptics
2010-06-16 02:38 . 2010-06-16 02:38 10134 ----a-r- c:\users\Illesil\AppData\Roaming\Microsoft\Installer\{A02153E8-8DF8-42E6-B7BF-D88EEA33565F}\ARPPRODUCTICON.exe
2010-06-16 02:36 . 2010-06-16 02:30 -------- d-----w- c:\program files\ATI Technologies
2010-06-16 02:30 . 2010-06-16 02:30 -------- d-----w- c:\program files\ATI
2010-06-16 02:30 . 2010-06-16 02:30 10134 ----a-r- c:\users\Illesil\AppData\Roaming\Microsoft\Installer\{A73A8DFE-C038-771D-7E02-E10489D5FDE2}\ARPPRODUCTICON.exe
2010-06-16 02:24 . 2010-06-16 02:24 157168 ----a-w- c:\programdata\Partner\partner.dll
2010-06-16 02:24 . 2010-06-16 02:24 110576 ----a-w- c:\programdata\Partner\partner.exe
2010-06-16 02:24 . 2010-06-16 02:24 -------- d-----w- c:\programdata\Partner
2010-06-16 02:19 . 2010-06-16 02:19 -------- d-sh--we c:\programdata\Plocha
2010-06-16 02:19 . 2010-06-16 02:19 -------- d-sh--we c:\programdata\Oblíbené položky
2010-06-16 02:19 . 2010-06-16 02:19 -------- d-sh--we c:\programdata\Šablony
2010-06-16 02:19 . 2010-06-16 02:19 -------- d-sh--we c:\programdata\Nabídka Start
2010-06-16 02:19 . 2010-06-16 02:19 -------- d-sh--we c:\programdata\Dokumenty
2010-06-16 02:19 . 2010-06-16 02:19 -------- d-sh--we c:\programdata\Data aplikací
2010-06-16 02:13 . 2010-06-16 02:13 -------- d-----w- c:\program files\Winbond Electronics Corporation
2010-06-16 02:12 . 2010-06-16 02:12 -------- d-----w- c:\program files\AMD
2010-06-01 17:37 . 2010-06-16 11:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-16 12:15 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-16 12:15 289792 ----a-w- c:\windows\system32\atmfd.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-06-16 02:24 157168 ----a-w- c:\programdata\Partner\partner.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 19:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 15:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-16 24064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-06-30 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-17 817672]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2010-06-16 3673600]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"Skytel"="Skytel.exe" [2008-08-19 1833504]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2010-06-16 03:24 3116032 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ea,2a,17,a0,2f,0e,cb,01

R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-17 135664]
R3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-16 24064]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2010-06-16 43184]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2010-06-16 3521024]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-17 19:40]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-17 19:40]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1854294868-2281072054-747833555-1000Core.job
- c:\users\Illesil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-16 11:20]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1854294868-2281072054-747833555-1000UA.job
- c:\users\Illesil\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-16 11:20]

2010-08-10 c:\windows\Tasks\User_Feed_Synchronization-{C594F610-D99A-4372-98B6-2E49C8E32FF4}.job
- c:\windows\system32\msfeedssync.exe [2010-06-16 04:30]
.
.
------- Doplňkový sken -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 21:01
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3916)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2010-08-11 21:12:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-11 19:12

Před spuštěním: Volných bajtů: 102 878 945 280
Po spuštění: Volných bajtů: 102 519 705 600

- - End Of File - - C4F740E309E2AD0F160EA47F8D1EE8AA

[vyosek]

Instalace Spybot - Search & Destroy nebyla nejlepsi volbou - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

• Nahrady za Spybota:
  • Spyware Terminator - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=44730
  • SuperAntiSpyare - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=51359
• Samozrejme pouzivejte jen jeden z nich
• Tihle se zabyvat ale az PC bude ciste

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• c:\programdata\Partner\partner.dll
  c:\programdata\Partner\partner.exe
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
• Kliknete na Otestovat soubor
• Vysledek analyzy sem vlozte (jako odkaz)

[Seel]

Tady to je.

http://www.virustotal.com/file-scan/rep ... 1281561669
http://www.virustotal.com/file-scan/rep ... 1281561862

Ještě mě napadlo že ComboFix jsem nespouštěl v nouzovém režimu...nevadí to?

[vyosek]

Nekolik polozek smazano, co na to PC - jak se chova

[Seel]

Nevím...svchost.exe si pořád bere relativně hodně a CPU skáče kolem 15% a při sebemenší činnosti vyleze až k 70-100% Už si moc nevím rady

[vyosek]

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[Seel]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4422

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

12.8.2010 23:39:59
mbam-log-2010-08-12 (23-39-59).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 286941
Uplynulý čas: 3 hodina(y), 10 minuta(y), 33 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[vyosek]

Tohle Google Toolbar jste odinstaloval, je to obcast uzanse zpomalovadlo.

[Seel]

Nevím...asi jdu přeinstalovat windows. Každopádně mnohokrát díky za pomoc...

[vyosek]

No je to na Vas, jeste ale strelivo neni prazdne...budem pokracovat

[Seel]

Tak právě jsem vrátil počítač na restore point asi 10 dní starý a jede vpohodě.

Takže ještě jednou mockrát děkuji za pomoc

[vyosek]

Nemate zac, problem jste si vyresil defakto sam