VIRY.CZ

Vista mi začali vyhazovat okýnko s touto hláškou, zde je log

Logfile of random's system information tool 1.07 (written by random/random)
Run by Daniel at 2010-05-21 13:02:14
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 100 GB (34%) free of 295 GB
Total RAM: 3070 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:02:35, on 21.5.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Users\Daniel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY9WZKQ\RSIT[1].exe
C:\Program Files\trend micro\Daniel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5536
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5536
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5536
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8185 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{02A7AF3A-23DE-41DF-8E2E-7ADCAED16996}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-12-07 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-11 6957600]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-03-11 1833504]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2009-02-24 204800]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2009-04-03 698912]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2009-05-15 345384]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-05-06 2815192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-11-17 135168]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Steam"=c:\program files\steam\steam.exe [2010-05-08 1238352]
"Speech Recognition"=C:\Windows\Speech\Common\sapisvr.exe [2008-01-21 49664]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-12-07 21686568]

C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-05-21 13:02:15 ----D---- C:\Program Files\trend micro
2010-05-21 13:02:14 ----D---- C:\rsit
2010-05-17 05:15:55 ----D---- C:\Program Files\Windows Portable Devices
2010-05-17 03:09:05 ----A---- C:\Windows\system32\UIAnimation.dll
2010-05-17 03:09:03 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-05-17 03:09:03 ----A---- C:\Windows\system32\UIRibbon.dll
2010-05-17 03:07:56 ----A---- C:\Windows\system32\WMPhoto.dll
2010-05-17 03:07:54 ----A---- C:\Windows\system32\cdd.dll
2010-05-17 03:07:52 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-05-17 03:07:52 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-05-17 03:07:52 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-05-17 03:07:52 ----A---- C:\Windows\system32\d3d10warp.dll
2010-05-17 03:07:51 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-05-17 03:07:51 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-05-17 03:07:51 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-05-17 03:07:51 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-05-17 03:07:51 ----A---- C:\Windows\system32\dxdiagn.dll
2010-05-17 03:07:51 ----A---- C:\Windows\system32\dxdiag.exe
2010-05-17 03:07:51 ----A---- C:\Windows\system32\d2d1.dll
2010-05-17 03:07:50 ----A---- C:\Windows\system32\xpsservices.dll
2010-05-17 03:07:50 ----A---- C:\Windows\system32\XpsPrint.dll
2010-05-17 03:07:50 ----A---- C:\Windows\system32\OpcServices.dll
2010-05-17 03:07:50 ----A---- C:\Windows\system32\FntCache.dll
2010-05-17 03:07:49 ----A---- C:\Windows\system32\dxgi.dll
2010-05-17 03:07:49 ----A---- C:\Windows\system32\DWrite.dll
2010-05-17 03:07:49 ----A---- C:\Windows\system32\d3d11.dll
2010-05-17 03:07:49 ----A---- C:\Windows\system32\d3d10level9.dll
2010-05-17 03:07:49 ----A---- C:\Windows\system32\d3d10core.dll
2010-05-17 03:07:49 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-05-17 03:07:49 ----A---- C:\Windows\system32\d3d10_1.dll
2010-05-17 03:07:49 ----A---- C:\Windows\system32\d3d10.dll
2010-05-17 03:06:41 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-05-17 03:06:41 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-05-17 03:06:41 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-05-17 03:06:36 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-05-17 03:06:32 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-05-17 03:06:32 ----A---- C:\Windows\system32\wpdshext.dll
2010-05-17 03:06:32 ----A---- C:\Windows\system32\wpd_ci.dll
2010-05-17 03:06:32 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-05-17 03:06:31 ----A---- C:\Windows\system32\WPDSp.dll
2010-05-17 03:06:31 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-05-17 03:06:31 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-05-17 03:06:31 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-05-17 03:04:05 ----A---- C:\Windows\system32\oleaccrc.dll
2010-05-17 03:04:04 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-05-17 03:04:04 ----A---- C:\Windows\system32\oleacc.dll
2010-05-16 12:11:16 ----A---- C:\Windows\system32\inetcomm.dll
2010-05-16 12:05:42 ----A---- C:\Windows\system32\vbscript.dll
2010-05-16 12:05:37 ----A---- C:\Windows\system32\jscript.dll
2010-05-16 12:05:12 ----A---- C:\Windows\system32\mshtml.dll
2010-05-16 12:05:07 ----A---- C:\Windows\system32\ieframe.dll
2010-05-16 12:05:05 ----A---- C:\Windows\system32\iertutil.dll
2010-05-16 12:05:04 ----A---- C:\Windows\system32\urlmon.dll
2010-05-16 12:05:03 ----A---- C:\Windows\system32\wininet.dll
2010-05-16 12:05:02 ----A---- C:\Windows\system32\occache.dll
2010-05-16 12:05:02 ----A---- C:\Windows\system32\msfeeds.dll
2010-05-16 12:05:02 ----A---- C:\Windows\system32\iedkcs32.dll
2010-05-16 12:05:01 ----A---- C:\Windows\system32\mstime.dll
2010-05-16 12:05:00 ----A---- C:\Windows\system32\ieui.dll
2010-05-16 12:04:59 ----A---- C:\Windows\system32\ieUnatt.exe
2010-05-16 12:04:59 ----A---- C:\Windows\system32\iepeers.dll
2010-05-16 12:04:58 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-05-16 12:04:58 ----A---- C:\Windows\system32\jsproxy.dll
2010-05-16 12:04:58 ----A---- C:\Windows\system32\iesysprep.dll
2010-05-16 12:04:49 ----A---- C:\Windows\system32\msfeedssync.exe
2010-05-16 12:04:49 ----A---- C:\Windows\system32\iesetup.dll
2010-05-16 12:04:49 ----A---- C:\Windows\system32\iernonce.dll
2010-05-16 12:04:49 ----A---- C:\Windows\system32\ie4uinit.exe
2010-05-16 12:04:34 ----A---- C:\Windows\system32\gameux.dll
2010-05-16 12:04:31 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-05-16 12:04:29 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-05-16 11:53:37 ----D---- C:\Users\Daniel\AppData\Roaming\Bioshock
2010-05-12 19:31:14 ----D---- C:\Users\Daniel\AppData\Roaming\skypePM
2010-05-12 19:09:20 ----D---- C:\Users\Daniel\AppData\Roaming\Skype
2010-05-12 19:08:21 ----D---- C:\Program Files\Skype
2010-05-12 19:08:20 ----D---- C:\Program Files\Common Files\Skype
2010-05-12 19:08:09 ----D---- C:\ProgramData\Skype
2010-05-07 12:14:47 ----D---- C:\ProgramData\Isotx
2010-04-30 06:06:28 ----A---- C:\Windows\system32\XAudio2_6.dll
2010-04-30 06:06:28 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2010-04-30 06:06:27 ----A---- C:\Windows\system32\xactengine3_6.dll
2010-04-30 06:06:25 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2010-04-30 06:04:53 ----HD---- C:\Windows\msdownld.tmp
2010-04-30 06:04:51 ----D---- C:\Windows\system32\directx
2010-04-30 05:55:13 ----D---- C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-04-30 05:54:18 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-26 18:57:43 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-04-26 18:57:42 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-04-26 18:57:42 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-04-26 18:57:39 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-04-26 18:57:38 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-04-26 18:57:38 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-04-26 18:57:38 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-04-26 18:57:35 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-04-26 18:57:30 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-04-26 18:57:29 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-04-26 18:57:29 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-04-23 21:30:14 ----D---- C:\Program Files\Kuju Entertainment

======List of files/folders modified in the last 1 months======

2010-05-21 13:02:31 ----D---- C:\Windows\Temp
2010-05-21 13:02:15 ----RD---- C:\Program Files
2010-05-21 12:59:49 ----D---- C:\Windows\system32\Tasks
2010-05-21 12:58:09 ----D---- C:\Program Files\Steam
2010-05-21 12:58:05 ----D---- C:\ProgramData\McAfee
2010-05-21 12:58:05 ----D---- C:\Program Files\Common Files
2010-05-21 12:55:49 ----D---- C:\Windows\System32
2010-05-21 12:55:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-21 12:55:48 ----D---- C:\Windows\inf
2010-05-21 12:54:36 ----D---- C:\Windows\Tasks
2010-05-21 12:54:11 ----D---- C:\Windows\system32\drivers
2010-05-21 12:54:11 ----D---- C:\Windows\system32\catroot
2010-05-20 15:22:50 ----D---- C:\Program Files\Google
2010-05-20 15:19:42 ----D---- C:\Windows\winsxs
2010-05-20 15:19:41 ----D---- C:\Windows\system32\cs-CZ
2010-05-20 15:19:20 ----D---- C:\Program Files\Webteh
2010-05-20 15:17:18 ----SHD---- C:\System Volume Information
2010-05-20 15:14:24 ----D---- C:\Windows\system32\catroot2
2010-05-20 15:08:17 ----D---- C:\Windows\Prefetch
2010-05-18 16:47:52 ----D---- C:\Program Files\GameSpy Arcade
2010-05-18 16:46:05 ----D---- C:\ProgramData\Google
2010-05-18 16:46:04 ----SHD---- C:\Windows\Installer
2010-05-18 16:16:21 ----SD---- C:\Users\Daniel\AppData\Roaming\Microsoft
2010-05-18 16:12:11 ----D---- C:\Program Files\Common Files\Steam
2010-05-17 05:19:30 ----D---- C:\Windows
2010-05-17 05:16:10 ----D---- C:\Program Files\Windows Mail
2010-05-17 05:16:10 ----D---- C:\Program Files\Internet Explorer
2010-05-17 05:15:53 ----D---- C:\Windows\system32\wbem
2010-05-17 05:15:38 ----D---- C:\Windows\system32\pt-BR
2010-05-17 05:15:38 ----D---- C:\Windows\system32\bg-BG
2010-05-17 05:15:37 ----D---- C:\Windows\system32\pt-PT
2010-05-17 05:15:37 ----D---- C:\Windows\system32\pl-PL
2010-05-17 05:15:37 ----D---- C:\Windows\system32\it-IT
2010-05-17 05:15:37 ----D---- C:\Windows\system32\he-IL
2010-05-17 05:15:36 ----D---- C:\Windows\system32\uk-UA
2010-05-17 05:15:36 ----D---- C:\Windows\system32\ko-KR
2010-05-17 05:15:36 ----D---- C:\Windows\system32\hu-HU
2010-05-17 05:15:35 ----D---- C:\Windows\system32\zh-HK
2010-05-17 05:15:35 ----D---- C:\Windows\system32\sl-SI
2010-05-17 05:15:35 ----D---- C:\Windows\system32\hr-HR
2010-05-17 05:15:34 ----D---- C:\Windows\system32\nl-NL
2010-05-17 05:15:34 ----D---- C:\Windows\system32\fr-FR
2010-05-17 05:15:34 ----D---- C:\Windows\system32\fi-FI
2010-05-17 05:15:34 ----D---- C:\Windows\system32\el-GR
2010-05-17 05:15:33 ----D---- C:\Windows\system32\tr-TR
2010-05-17 05:15:33 ----D---- C:\Windows\system32\th-TH
2010-05-17 05:15:33 ----D---- C:\Windows\system32\sr-Latn-CS
2010-05-17 05:15:32 ----D---- C:\Windows\system32\sv-SE
2010-05-17 05:15:32 ----D---- C:\Windows\system32\lv-LV
2010-05-17 05:15:32 ----D---- C:\Windows\system32\es-ES
2010-05-17 05:15:31 ----D---- C:\Windows\system32\zh-TW
2010-05-17 05:15:31 ----D---- C:\Windows\system32\sk-SK
2010-05-17 05:15:31 ----D---- C:\Windows\system32\lt-LT
2010-05-17 05:15:30 ----D---- C:\Windows\system32\et-EE
2010-05-17 05:15:30 ----D---- C:\Windows\system32\de-DE
2010-05-17 05:15:28 ----D---- C:\Windows\system32\zh-CN
2010-05-17 05:15:28 ----D---- C:\Windows\system32\ja-JP
2010-05-17 05:15:27 ----D---- C:\Windows\system32\ru-RU
2010-05-17 05:15:27 ----D---- C:\Windows\system32\ro-RO
2010-05-17 05:15:27 ----D---- C:\Windows\system32\ar-SA
2010-05-17 05:15:26 ----D---- C:\Windows\system32\nb-NO
2010-05-17 05:15:26 ----D---- C:\Windows\system32\en-US
2010-05-17 05:15:26 ----D---- C:\Windows\system32\da-DK
2010-05-17 05:15:18 ----D---- C:\Windows\system32\migration
2010-05-17 05:14:58 ----RSD---- C:\Windows\Fonts
2010-05-17 05:13:43 ----D---- C:\Windows\AppPatch
2010-05-15 23:22:05 ----RSD---- C:\Windows\assembly
2010-05-15 23:19:27 ----D---- C:\Windows\Microsoft.NET
2010-05-12 19:31:14 ----HD---- C:\ProgramData
2010-05-06 22:59:36 ----A---- C:\Windows\system32\aswBoot.exe
2010-04-30 20:55:17 ----AD---- C:\ProgramData\Temp
2010-04-30 20:51:06 ----A---- C:\Windows\system32\mrt.exe
2010-04-23 21:33:44 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-23 20:56:46 ----D---- C:\Program Files\LucasArts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-05-06 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-05-06 164048]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-05-06 46672]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-05-06 19024]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2009-01-16 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2009-01-16 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2009-02-23 195120]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-30 952832]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-03-19 4386304]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-09-30 223232]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-10-16 980992]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-10-16 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-11 2338720]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-26 15360]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-02-21 153952]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-10-16 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-04-10 84256]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-03-25 106784]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-03-25 17056]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-03-19 733184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-04-13 578848]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-04-03 723488]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-15 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-05-06 40384]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-05-16 395048]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Hezké odpoledne

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

diky, tady to je:

ComboFix 10-05-20.A1 - Daniel 21.05.2010 15:16:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1910 [GMT 2:00]
Spuštěný z: c:\users\Daniel\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Daniel\AppData\Roaming\.#
c:\windows\Temp\log.txt

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-21 do 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-21 13:29 . 2010-05-21 13:30 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2010-05-21 13:29 . 2010-05-21 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-21 11:51 . 2010-05-21 13:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-21 11:51 . 2010-05-21 13:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-21 11:24 . 2010-05-21 11:24 -------- d-----w- c:\program files\Conduit
2010-05-21 11:24 . 2010-05-21 11:24 -------- d-----w- c:\program files\BS_Player
2010-05-21 11:24 . 2010-05-21 11:29 -------- d-----w- c:\users\Daniel\AppData\Roaming\BSplayer
2010-05-21 11:24 . 2010-05-21 11:24 -------- d-----w- c:\users\Daniel\AppData\Roaming\BSplayer Pro
2010-05-21 11:18 . 2010-05-21 11:18 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-05-21 11:18 . 2010-05-21 11:18 -------- d-----w- c:\windows\system32\languages
2010-05-21 11:10 . 2010-05-12 09:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 11:02 . 2010-05-21 11:02 -------- d-----w- c:\program files\trend micro
2010-05-21 11:02 . 2010-05-21 11:02 -------- d-----w- C:\rsit
2010-05-17 03:15 . 2010-05-17 03:15 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-17 01:09 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 01:09 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 01:09 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 01:06 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-05-17 01:06 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-05-17 01:06 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 01:06 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-05-17 01:06 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-05-17 01:06 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-05-17 01:06 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-05-17 01:06 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-05-17 01:06 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-05-17 01:06 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-05-17 01:06 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-05-17 01:06 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-05-17 01:04 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 01:04 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 01:04 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-16 10:11 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-16 10:05 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-16 10:05 . 2010-02-23 06:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 10:04 . 2010-02-23 04:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 10:04 . 2010-02-23 06:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 10:04 . 2010-02-23 06:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-16 10:04 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-16 10:04 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-16 10:04 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-16 09:53 . 2010-05-16 12:35 -------- d-----w- c:\users\Daniel\AppData\Roaming\Bioshock
2010-05-12 17:31 . 2010-05-21 10:46 -------- d-----w- c:\users\Daniel\AppData\Roaming\skypePM
2010-05-12 17:09 . 2010-05-21 13:26 -------- d-----w- c:\users\Daniel\AppData\Roaming\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\program files\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\program files\Common Files\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\programdata\Skype
2010-05-12 17:05 . 2010-05-12 17:07 22595368 ----a-w- c:\users\Public\SkypeSetup.exe
2010-05-07 10:14 . 2010-05-07 10:14 -------- d-----w- c:\programdata\Isotx
2010-04-30 04:06 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-30 04:06 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-30 04:06 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-30 04:06 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-30 04:04 . 2010-04-30 04:05 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-30 03:55 . 2010-04-30 03:55 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-04-30 03:54 . 2010-04-30 03:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-26 21:04 . 2010-04-26 21:06 -------- d-----w- c:\users\Daniel\Massive Assault Network 2
2010-04-26 16:57 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-04-26 16:57 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-04-26 16:57 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-04-26 16:57 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-04-26 16:57 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-04-26 16:57 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-04-26 16:57 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-04-23 19:30 . 2010-04-23 19:30 -------- d-----w- c:\program files\Kuju Entertainment
2010-04-21 18:09 . 2010-04-21 18:09 -------- d-----w- c:\program files\Ubi Soft
2010-04-21 18:09 . 2010-04-21 18:13 -------- d-----w- c:\windows\UbiSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 13:04 . 2010-04-20 22:15 -------- d-----w- c:\program files\Steam
2010-05-21 13:03 . 2010-02-10 18:44 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-21 11:33 . 2009-03-05 20:21 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-05-21 11:33 . 2009-03-05 20:21 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-05-21 11:24 . 2010-03-08 14:43 -------- d-----w- c:\program files\Webteh
2010-05-21 11:17 . 2010-03-28 13:35 737280 ----a-w- c:\windows\iun6002.exe
2010-05-21 10:58 . 2009-03-05 12:37 -------- d-----w- c:\programdata\McAfee
2010-05-20 13:22 . 2010-02-05 18:19 -------- d-----w- c:\program files\Google
2010-05-18 14:47 . 2010-04-20 18:32 -------- d-----w- c:\program files\GameSpy Arcade
2010-05-18 14:12 . 2010-04-20 22:15 -------- d-----w- c:\program files\Common Files\Steam
2010-05-17 03:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-17 03:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 03:13 . 2010-05-17 03:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-12 17:31 . 2010-05-12 17:31 32 ----a-w- c:\programdata\ezsid.dat
2010-05-09 20:05 . 2010-02-10 14:57 680 ----a-w- c:\users\Daniel\AppData\Local\d3d9caps.dat
2010-05-06 20:59 . 2010-02-09 15:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-02-09 15:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-02-09 15:34 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-02-09 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-02-09 15:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-02-09 15:34 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-23 19:33 . 2009-02-21 00:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-23 18:56 . 2010-04-20 19:18 -------- d-----w- c:\program files\LucasArts
2010-04-20 22:40 . 2010-04-20 22:40 -------- d-----w- c:\programdata\InstallShield
2010-04-20 22:26 . 2010-04-20 22:26 -------- d-----w- c:\program files\The Creative Assembly
2010-04-20 22:26 . 2009-03-05 13:43 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-20 19:28 . 2010-04-20 19:28 -------- d-----w- c:\users\Daniel\AppData\Roaming\Petroglyph
2010-04-20 19:18 . 2010-04-20 19:18 -------- d-----w- c:\users\Daniel\AppData\Roaming\Xfire
2010-04-20 19:18 . 2010-04-20 19:17 -------- d-s---w- c:\program files\Xfire
2010-04-20 18:37 . 2010-04-20 18:37 -------- d-----w- c:\program files\Codemasters
2010-04-18 10:23 . 2010-04-18 10:23 -------- d-----w- c:\programdata\MumboJumbo
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-16 14:22 . 2010-04-16 14:22 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-16 14:22 . 2010-04-16 14:22 -------- d-----w- c:\program files\DVDVideoSoft
2010-04-16 13:53 . 2010-04-16 13:53 -------- d-----w- c:\program files\XviD
2010-04-16 13:53 . 2010-04-16 13:53 -------- d-----w- c:\program files\Apex
2010-04-14 16:47 . 2010-02-09 15:33 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-28 13:44 . 2010-02-05 19:33 -------- d-----w- c:\users\Daniel\AppData\Roaming\CyberLink
2010-03-22 18:54 . 2010-03-22 18:54 10134 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{5CB6A112-DA36-486B-9B1C-6341CB95DE37}\ARPPRODUCTICON.exe
2010-03-22 12:52 . 2010-05-21 11:25 697690 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
2010-03-14 19:25 . 2010-02-05 18:20 76432 ----a-w- c:\users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 15:51 . 2010-03-13 15:51 1 ----a-w- c:\users\Daniel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-24 18:25 . 2010-02-24 18:25 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-24 18:23 . 2010-02-24 18:23 8854 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\Uninstall_GameShadow_B239090474BD48AAB2CC6612F8D46379.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\ARPPRODUCTICON.exe
2010-02-23 15:01 . 2010-05-21 11:25 1185871 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\FFDShow\unins000.exe
2010-02-23 14:00 . 2010-05-21 11:25 42288 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
2010-02-23 11:10 . 2010-04-14 12:51 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 12:51 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 12:51 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 23:06 . 2010-03-12 02:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 02:01 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 02:01 411648 ----a-w- c:\windows\system32\drivers\http.sys
.

------- Sigcheck -------

[-] 2008-01-21 . B50F1A6F285D9D09B5FD57B5AF220BEB . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll

[-] 2008-01-21 . 169C3341A66485195898C73E337764FC . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\BS_Player\tbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\steam\steam.exe" [2010-05-08 1238352]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-24 204800]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-1-5 3469448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):47,28,51,5f,99,dd,ca,01

R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-04-03 723488]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-30 223232]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:11]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:11]

2010-05-21 c:\windows\Tasks\User_Feed_Synchronization-{657B01BD-5DE2-44F8-AEEF-49F3573F2628}.job
- c:\windows\system32\msfeedssync.exe [2010-05-16 04:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0210&m=aspire_5536
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 15:30
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-574327362-3969190619-1937496751-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,d7,3c,0a,e5,41,7f,59,b0,5a,89,83,8d,ac,3c,26,d1,8f,8a,9f,ed,f0,00,
e2,a5,cb,c3,f2,d0,85,66,1d,7d,33,d4,44,73,dd,50,0b,1a,8a,10,83,1d,89,23,6c,\
"??"=hex:dd,99,0c,75,e0,d9,b3,83,e9,61,6d,9e,fe,35,fe,09

[HKEY_USERS\S-1-5-21-574327362-3969190619-1937496751-1000\Software\SecuROM\License information*]
"datasecu"=hex:4e,c2,7c,67,58,65,aa,c8,0f,31,df,9f,48,cd,e8,20,7f,17,4a,a0,69,
da,77,b8,d4,f7,6a,b4,85,ab,8c,0a,7a,4b,a3,6f,70,f9,15,93,cf,52,b3,8e,cc,fb,\
"rkeysecu"=hex:1e,8e,a7,4e,f9,c3,ef,fc,96,3a,e4,52,31,cb,4c,0f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-05-21 15:33:55
ComboFix-quarantined-files.txt 2010-05-21 13:33

Před spuštěním: Volných bajtů: 105 766 596 608
Po spuštění: Volných bajtů: 105 034 829 824

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 39D40DF4552FC589D222AB3797EC9D73

Dejte soubor otestovat na http://www.virustotal.com

c:\windows\System32\browser.dll
c:\windows\System32\upnphost.dll

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače

Jak to vypadá s počítačem?

na virustotal to nic nenašlo

počítač je ok, až na to, že právě aplikace používající soubor browser.dll při spuštění hodí error a vyskočí okno Host process... a explorer to celý rozhodí,konkrétně např. spodní lišta windows, nabídka start atd. má to rozhozenou grafiku a obrazovka se jakoby každou chvílku překresluje

zkusíme ten soubor vyměnit, jestli to pomůže. Nebude chyba spíš v grafice?

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

- uložte ho na plochu a spustte.
- do okénka zkopírujte

Kód: Vybrat vše

:filefind
browser.dll

- klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:45 on 22/05/2010 by Daniel (Administrator - Elevation successful)

========== filefind ==========

Searching for "browser.dll"
C:\Windows\System32\browser.dll --a--- 81920 bytes [02:24 21/01/2008] [02:24 21/01/2008] B50F1A6F285D9D09B5FD57B5AF220BEB
C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.0.6001.18000_none_78e926b99dfe756d\browser.dll --a--- 81920 bytes [02:24 21/01/2008] [02:24 21/01/2008] B50F1A6F285D9D09B5FD57B5AF220BEB

-=End Of File=-

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Restore::
c:\windows\System32\browser.dll

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

tak bohužel nic se nestalo, nevygenerovalo to ani žádný log file

tady je záznam z chybující aplikace, třeba to pomůže

Název protokolu:Application
Zdroj: Application Error
Datum: 22.5.2010 17:39:12
ID události: 1000
Kategorie: (100)
Úroveň: Chyba
Klíčová slova: Klasické nastavení
Uživatel: Není k dispozici
Počítač: Daniel-PC
Popis:
Chybující aplikace svchost.exe_Browser, verze 6.0.6001.18000, časové razítko 0x47918b89, chybující modul browser.dll, verze 6.0.6001.18000, časové razítko 0x4791a668, kód výjimky 0xc0000005, posun chyby 0x00001d4b, ID procesu 0x10a4, čas spuštění aplikace 0x01caf9c4605f6050.
Kód XML události:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-05-22T15:39:12.000Z" />
<EventRecordID>7762</EventRecordID>
<Channel>Application</Channel>
<Computer>Daniel-PC</Computer>
<Security />
</System>
<EventData>
<Data>svchost.exe_Browser</Data>
<Data>6.0.6001.18000</Data>
<Data>47918b89</Data>
<Data>browser.dll</Data>
<Data>6.0.6001.18000</Data>
<Data>4791a668</Data>
<Data>c0000005</Data>
<Data>00001d4b</Data>
<Data>10a4</Data>
<Data>01caf9c4605f6050</Data>
</EventData>
</Event>

Combofix se vůbec nezapl?

combofix se spustil, naběhl první řádek, že to může trvat 10min. a déle a po 45 minutách nečinnosti jsem ho vypla, neděle se vůbec nic. Posledně to trvalo asi 15 minut a vygeneroval se log

Spustte ho v nouzovém režimu a nechte ho, i kdyby to trvalo 2 hodiny...pokud pak nebude pracovat, vypněte ho.

ok jdu na to

ComboFix 10-05-20.A1 - Daniel 23.05.2010 9:15.2.2 - x86 MINIMAL
Microsoftģ Windows Vistaô Home Premium 6.0.6002.2.1250.420.1029.18.3070.2547 [GMT 2:00]
Spuötžnż z: c:\users\Daniel\Desktop\ComboFix.exe
Pouěitť ovlŠdacŪ pÝepŪnaŤe :: c:\users\Daniel\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvoÝenť od 2010-04-23 do 2010-05-23 )))))))))))))))))))))))))))))))
.

2010-05-23 07:26 . 2010-05-23 07:27 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2010-05-23 07:26 . 2010-05-23 07:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-23 07:26 . 2010-05-23 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-21 20:25 . 2010-05-23 07:12 -------- d-----w- c:\program files\Spyware Terminator
2010-05-21 19:17 . 2010-05-21 19:17 -------- d-----w- c:\users\Daniel\AppData\Roaming\IObit
2010-05-21 19:17 . 2010-05-21 19:17 -------- d-----w- c:\program files\IObit
2010-05-21 19:06 . 2010-05-21 19:06 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-21 16:57 . 2010-05-21 16:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-21 16:25 . 2010-05-21 16:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-05-21 13:11 . 2010-05-21 13:11 -------- d-----w- c:\users\Daniel\AppData\Local\WindowsUpdate
2010-05-21 11:51 . 2010-05-21 13:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-21 11:51 . 2010-05-21 13:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-21 11:24 . 2010-05-21 11:29 -------- d-----w- c:\users\Daniel\AppData\Roaming\BSplayer
2010-05-21 11:24 . 2010-05-21 11:24 -------- d-----w- c:\users\Daniel\AppData\Roaming\BSplayer Pro
2010-05-21 11:18 . 2010-05-21 11:18 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-05-21 11:18 . 2010-05-21 11:18 -------- d-----w- c:\windows\system32\languages
2010-05-21 11:10 . 2010-05-12 09:21 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 11:02 . 2010-05-21 11:02 -------- d-----w- c:\program files\trend micro
2010-05-21 11:02 . 2010-05-21 11:02 -------- d-----w- C:\rsit
2010-05-17 03:15 . 2010-05-17 03:15 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-17 01:09 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-17 01:09 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-17 01:09 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-17 01:06 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-05-17 01:06 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-05-17 01:06 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-05-17 01:06 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-05-17 01:06 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-05-17 01:06 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-05-17 01:06 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-05-17 01:06 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-05-17 01:06 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-05-17 01:06 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-05-17 01:06 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-05-17 01:06 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-05-17 01:04 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-17 01:04 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-17 01:04 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-16 10:11 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-16 10:05 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-16 10:05 . 2010-02-23 06:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-16 10:04 . 2010-02-23 04:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-16 10:04 . 2010-02-23 06:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-16 10:04 . 2010-02-23 06:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-16 10:04 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-16 10:04 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-16 10:04 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-16 09:53 . 2010-05-16 12:35 -------- d-----w- c:\users\Daniel\AppData\Roaming\Bioshock
2010-05-12 17:31 . 2010-05-23 06:18 -------- d-----w- c:\users\Daniel\AppData\Roaming\skypePM
2010-05-12 17:09 . 2010-05-23 06:20 -------- d-----w- c:\users\Daniel\AppData\Roaming\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\program files\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\program files\Common Files\Skype
2010-05-12 17:08 . 2010-05-12 17:08 -------- d-----w- c:\programdata\Skype
2010-05-12 17:05 . 2010-05-12 17:07 22595368 ----a-w- c:\users\Public\SkypeSetup.exe
2010-05-07 10:14 . 2010-05-07 10:14 -------- d-----w- c:\programdata\Isotx
2010-04-30 04:06 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-30 04:06 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-30 04:06 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-30 04:06 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-30 04:04 . 2010-04-30 04:05 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-30 03:55 . 2010-04-30 03:55 -------- d-----w- c:\windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2010-04-30 03:54 . 2010-04-30 03:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-26 21:04 . 2010-04-26 21:06 -------- d-----w- c:\users\Daniel\Massive Assault Network 2
2010-04-26 16:57 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-04-26 16:57 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-04-26 16:57 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-04-26 16:57 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-04-26 16:57 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-04-26 16:57 . 2008-07-31 08:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-04-26 16:57 . 2008-07-31 08:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-04-26 16:57 . 2008-07-31 08:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-04-23 19:30 . 2010-04-23 19:30 -------- d-----w- c:\program files\Kuju Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M vżpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 06:56 . 2010-02-10 18:44 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-22 13:10 . 2010-04-20 22:15 -------- d-----w- c:\program files\Steam
2010-05-21 18:36 . 2010-03-20 15:33 -------- d-----w- c:\users\Daniel\AppData\Roaming\Uniblue
2010-05-21 18:36 . 2010-03-20 15:33 -------- d-----w- c:\program files\Uniblue
2010-05-21 18:36 . 2010-03-20 15:35 -------- dc-h--w- c:\programdata\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
2010-05-21 16:58 . 2009-03-05 13:29 -------- d-----w- c:\program files\Microsoft
2010-05-21 16:54 . 2010-02-05 18:20 76432 ----a-w- c:\users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 16:35 . 2009-03-05 13:07 -------- d-----w- c:\programdata\Microsoft Help
2010-05-21 16:33 . 2009-03-05 13:09 -------- d-----w- c:\program files\Microsoft Works
2010-05-21 11:33 . 2009-03-05 20:21 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-05-21 11:33 . 2009-03-05 20:21 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-05-21 11:24 . 2010-03-08 14:43 -------- d-----w- c:\program files\Webteh
2010-05-21 11:17 . 2010-03-28 13:35 737280 ----a-w- c:\windows\iun6002.exe
2010-05-21 10:58 . 2009-03-05 12:37 -------- d-----w- c:\programdata\McAfee
2010-05-20 13:22 . 2010-02-05 18:19 -------- d-----w- c:\program files\Google
2010-05-18 14:47 . 2010-04-20 18:32 -------- d-----w- c:\program files\GameSpy Arcade
2010-05-18 14:12 . 2010-04-20 22:15 -------- d-----w- c:\program files\Common Files\Steam
2010-05-17 03:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-17 03:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-17 03:13 . 2010-05-17 03:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-12 17:31 . 2010-05-12 17:31 32 ----a-w- c:\programdata\ezsid.dat
2010-05-09 20:05 . 2010-02-10 14:57 680 ----a-w- c:\users\Daniel\AppData\Local\d3d9caps.dat
2010-05-06 20:59 . 2010-02-09 15:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-02-09 15:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-02-09 15:34 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-02-09 15:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-02-09 15:34 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-02-09 15:34 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-23 19:33 . 2009-02-21 00:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-23 18:56 . 2010-04-20 19:18 -------- d-----w- c:\program files\LucasArts
2010-04-21 18:09 . 2010-04-21 18:09 -------- d-----w- c:\program files\Ubi Soft
2010-04-20 22:40 . 2010-04-20 22:40 -------- d-----w- c:\programdata\InstallShield
2010-04-20 22:26 . 2010-04-20 22:26 -------- d-----w- c:\program files\The Creative Assembly
2010-04-20 22:26 . 2009-03-05 13:43 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-20 19:28 . 2010-04-20 19:28 -------- d-----w- c:\users\Daniel\AppData\Roaming\Petroglyph
2010-04-20 19:18 . 2010-04-20 19:18 -------- d-----w- c:\users\Daniel\AppData\Roaming\Xfire
2010-04-20 19:18 . 2010-04-20 19:17 -------- d-s---w- c:\program files\Xfire
2010-04-20 18:37 . 2010-04-20 18:37 -------- d-----w- c:\program files\Codemasters
2010-04-18 10:23 . 2010-04-18 10:23 -------- d-----w- c:\programdata\MumboJumbo
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-16 19:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-16 14:22 . 2010-04-16 14:22 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-16 14:22 . 2010-04-16 14:22 -------- d-----w- c:\program files\DVDVideoSoft
2010-04-16 13:53 . 2010-04-16 13:53 -------- d-----w- c:\program files\XviD
2010-04-16 13:53 . 2010-04-16 13:53 -------- d-----w- c:\program files\Apex
2010-04-14 16:47 . 2010-02-09 15:33 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-28 13:44 . 2010-02-05 19:33 -------- d-----w- c:\users\Daniel\AppData\Roaming\CyberLink
2010-03-22 18:54 . 2010-03-22 18:54 10134 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{5CB6A112-DA36-486B-9B1C-6341CB95DE37}\ARPPRODUCTICON.exe
2010-03-22 12:52 . 2010-05-21 11:25 697690 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
2010-03-13 15:51 . 2010-03-13 15:51 1 ----a-w- c:\users\Daniel\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-24 18:25 . 2010-02-24 18:25 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-24 18:23 . 2010-02-24 18:23 8854 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\Uninstall_GameShadow_B239090474BD48AAB2CC6612F8D46379.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-02-24 18:23 . 2010-02-24 18:23 45056 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{B2390904-74BD-48AA-B2CC-6612F8D46379}\ARPPRODUCTICON.exe
2010-02-23 15:01 . 2010-05-21 11:25 1185871 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\FFDShow\unins000.exe
2010-02-23 14:00 . 2010-05-21 11:25 42288 ----a-w- c:\users\Daniel\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
2010-02-23 11:10 . 2010-04-14 12:51 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 12:51 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 12:51 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

[-] 2008-01-21 . B50F1A6F285D9D09B5FD57B5AF220BEB . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll

[-] 2008-01-21 . 169C3341A66485195898C73E337764FC . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll
.
(((((((((((((((((((((((((((((((((( SpouötžcŪ body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*PoznŠmka* prŠzdnť zŠznamy a legitimnŪ vżchozŪ ķdaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Steam"="c:\program files\steam\steam.exe" [2010-05-08 1238352]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"BrowserChoice"="c:\windows\System32\browserchoice.exe" [2010-02-12 293376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-11 6957600]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-11 1833504]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-02-24 204800]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):47,28,51,5f,99,dd,ca,01

R1 aswSP;aswSP; [x]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-04-03 723488]
R2 gupdate;Sluěba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-30 223232]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]

--- OstatnŪ sluěby/ovladaŤe v pamžti ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresŠÝe 'NaplŠnovanť ķlohy'

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:11]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 11:11]

2010-05-21 c:\windows\Tasks\User_Feed_Synchronization-{657B01BD-5DE2-44F8-AEEF-49F3573F2628}.job
- c:\windows\system32\msfeedssync.exe [2010-05-16 04:54]
.
.
------- DoplÚkovż sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0210&m=aspire_5536
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Odeslat obrŠzek do zaÝŪzenŪ &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat strŠnku do zaÝŪzenŪ &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentŠÝe Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - NEPLATN… POLOéKY ODSTRANŐN… Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 09:27
Windows 6.0.6002 Service Pack 2 NTFS

skenovŠnŪ skrytżch procesý ...

skenovŠnŪ skrytżch poloěek 'Po spuötžnŪ' ...

skenovŠnŪ skrytżch souborý ...

sken byl ķspeönž dokonŤen
skrytť soubory: 0

**************************************************************************
.
--------------------- ZAMKNUT… KLÕ»E V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-574327362-3969190619-1937496751-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,d7,3c,0a,e5,41,7f,59,b0,5a,89,83,8d,ac,3c,26,d1,8f,8a,9f,ed,f0,00,
e2,a5,cb,c3,f2,d0,85,66,1d,7d,33,d4,44,73,dd,50,0b,1a,8a,10,83,1d,89,23,6c,\
"??"=hex:dd,99,0c,75,e0,d9,b3,83,e9,61,6d,9e,fe,35,fe,09

[HKEY_USERS\S-1-5-21-574327362-3969190619-1937496751-1000\Software\SecuROM\License information*]
"datasecu"=hex:4e,c2,7c,67,58,65,aa,c8,0f,31,df,9f,48,cd,e8,20,7f,17,4a,a0,69,
da,77,b8,d4,f7,6a,b4,85,ab,8c,0a,7a,4b,a3,6f,70,f9,15,93,cf,52,b3,8e,cc,fb,\
"rkeysecu"=hex:1e,8e,a7,4e,f9,c3,ef,fc,96,3a,e4,52,31,cb,4c,0f

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navŠzanť na bžěŪcŪ procesy ---------------------

- - - - - - - > 'Explorer.exe'(1156)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
Celkovż Ťas: 2010-05-23 09:28:43
ComboFix-quarantined-files.txt 2010-05-23 07:28
ComboFix2.txt 2010-05-21 13:33

PÝed spuötžnŪm: Volnżch bajtý: 117†038†522†368
Po spuötžnŪ: Volnżch bajtý: 117†034†815†488

- - End Of File - - 5F35B0D57512EC71A823F7FD23D79D6A

Spusťte combofix se skriptem ještě jednou

VIRY.CZ

Prosím o pomoc - program Host process for windows

Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows

Re: Prosím o pomoc - program Host process for windows