Stránka 1 z 2

Win32:jeefo

Napsal: 06 črc 2010 00:03
od kubikula421
Ahoj rádcové na přitelkyni NB sem zanesl Win32:jeefo, pokouším s ním bojovat, ale už mi odstřelil téměř všechny programy, před chvíli sem se nemohl vůbec dostat ani do ovládacích panelů. Spustil jsem 2x ComboFix, poprvý mi nevyjel ani log, tak sem byl donucen ho spustit podruhý. Jelikož se mi nyní nějakým zázrakem povedlo spustit mozzilu, můžu sem dát alespoň ten log.

Vidím to na re-instal systému, jelikož nevím jestli komp ještě vůbec zapnu. Ale pokud ano, rád bych se re-instalu vyhnul.

Sem lama chtěl jsem nasypat NFS most-wanted. Jelikož mi avast detekoval crack jako malware, domníval jsem se že jde chybnou detekci a avasta jsem na malou chvíli deaktivoval. Win32:jeefo zřejmě byl v tom cracku :-(((





ComboFix 10-07-04.04 - Market 05.07.2010 19:25:14.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1713 [GMT 2:00]
Spuštěný z: c:\users\Market\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\users\Irena\AppData\Roaming\.#\MBX@11AC@1CC2990.###
c:\users\Irena\AppData\Roaming\.#\MBX@11AC@1CC29C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@11AC@1CC29F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1504@242990.###
c:\users\Irena\AppData\Roaming\.#\MBX@1504@2429C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1504@2429F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1640@712990.###
c:\users\Irena\AppData\Roaming\.#\MBX@1640@7129C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1640@7129F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1744@1772990.###
c:\users\Irena\AppData\Roaming\.#\MBX@1744@17729C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@1744@17729F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@BC0@1BA2990.###
c:\users\Irena\AppData\Roaming\.#\MBX@BC0@1BA29C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@BC0@1BA29F0.###
c:\users\Irena\AppData\Roaming\.#\MBX@F34@1D32990.###
c:\users\Irena\AppData\Roaming\.#\MBX@F34@1D329C0.###
c:\users\Irena\AppData\Roaming\.#\MBX@F34@1D329F0.###
c:\users\Kody\AppData\Roaming\.#\MBX@9C0@1C32990.###
c:\users\Kody\AppData\Roaming\.#\MBX@9C0@1C329C0.###
c:\users\Kody\AppData\Roaming\.#\MBX@9C0@1C329F0.###
c:\windows\system32\vbzlib1.dll
d:\dokumenty\cc_20100612_123628.reg

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PowerManager


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-05 do 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Market\AppData\Local\temp
2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Kody\AppData\Local\temp
2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Irena\AppData\Local\temp
2010-07-05 17:34 . 2010-07-05 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-05 16:29 . 2010-07-05 16:31 16986767 ----a-w- c:\windows\REGBK00.ZIP
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\VDLL.DLL
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\system32\runouce.exe
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\logo_1.exe
2010-07-05 16:21 . 2010-07-05 16:21 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-07-05 16:21 . 2010-07-05 16:21 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-07-05 16:21 . 2010-07-05 16:21 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-07-05 16:21 . 2010-07-05 16:21 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-07-05 16:21 . 2010-07-05 16:21 -------- d-----w- c:\programdata\MicroWorld
2010-07-05 14:49 . 2010-07-05 14:49 -------- d-----w- c:\users\Market\AppData\Roaming\Malwarebytes
2010-07-05 14:49 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 14:49 . 2010-07-05 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 14:49 . 2010-07-05 14:49 -------- d-----w- c:\programdata\Malwarebytes
2010-07-05 14:49 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-04 21:11 . 2010-07-04 21:11 -------- d-----w- c:\users\Market\AppData\Roaming\PTC
2010-07-04 20:24 . 2010-07-04 20:27 -------- d-----w- c:\program files\proeWildfire 2.0
2010-07-04 18:39 . 2010-07-04 18:39 -------- d-----w- c:\program files\EA GAMES
2010-07-04 18:39 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-07-04 09:38 . 2010-07-05 15:54 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-04 09:37 . 2010-07-04 09:38 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-04 09:36 . 2010-07-04 18:36 -------- d-----w- c:\users\Market\AppData\Roaming\DAEMON Tools Lite
2010-07-04 09:36 . 2010-07-04 09:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-07-02 06:57 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-23 16:21 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 16:21 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 16:21 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 16:21 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 16:21 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 08:12 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 08:12 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 17:34 . 2010-06-21 17:34 -------- d-----w- c:\program files\MSECache
2010-06-20 13:55 . 2010-06-20 13:55 53632 ----a-w- c:\users\Market\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 13:55 . 2010-06-20 13:55 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 13:55 . 2010-06-20 13:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 20:39 . 2010-06-19 20:39 -------- d-----w- c:\program files\DsNET Corp
2010-06-19 11:50 . 2010-06-19 11:50 -------- d-----w- C:\Wifi
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\CyberLink
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\SoftDMA
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Roaming\CyberLink
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\Acer Arcade Deluxe
2010-06-10 09:43 . 2010-06-10 09:43 537200 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB971.tmp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 17:18 . 2010-01-24 17:04 -------- d-----w- c:\users\Market\AppData\Roaming\Skype
2010-07-05 15:54 . 2008-09-03 03:03 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-07-05 15:54 . 2008-09-03 03:03 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-07-05 08:13 . 2009-02-09 17:35 -------- d-----w- c:\programdata\Google Updater
2010-06-28 20:57 . 2010-04-05 14:05 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-05 14:06 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-05 14:06 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-05 14:06 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-05 14:06 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-04-05 14:06 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-23 19:35 . 2009-12-25 13:27 -------- d-----w- c:\users\Market\AppData\Roaming\Media Player Classic
2010-06-23 19:25 . 2010-03-05 18:56 -------- d-----r- c:\program files\Skype
2010-06-19 20:55 . 2009-10-12 12:34 -------- d-----w- c:\users\Market\AppData\Roaming\ICQ
2010-06-12 10:56 . 2010-02-12 12:56 -------- d-----w- c:\program files\ICQ7.0
2010-06-12 10:23 . 2008-12-31 19:31 -------- d-----w- c:\program files\ESET
2010-06-12 10:22 . 2008-12-19 11:03 -------- d-----w- c:\program files\Google
2010-06-12 10:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 10:52 . 2010-03-13 09:14 -------- d-----w- c:\program files\CCleaner
2010-06-10 09:41 . 2008-12-31 20:34 70672 ----a-w- c:\users\Kody\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-30 08:28 . 2010-05-30 08:28 -------- d-----w- c:\program files\Common Files\Java
2010-05-30 08:27 . 2008-12-31 19:50 -------- d-----w- c:\program files\Java
2010-05-26 17:06 . 2010-06-11 10:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 10:51 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 08:32 256896 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-11 10:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 10:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-11 10:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-11 10:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 10:51 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 18:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 08:12 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 08:12 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 08:12 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 08:12 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-12 15:29 . 2010-05-30 08:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-12-14 21:04 . 2009-12-14 21:04 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 1012160]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]

c:\users\Market\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-05-29 15:44 182784 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 19:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-29 15:44 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-14 21:04 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-05-12 15:28 203264 ----a-w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,d2,3c,cc,e4,4f,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1663695290-2459496147-392905735-1000]
"EnableNotificationsRef"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-05 697328]
R2 gupdate1c98adef2a3685;Google Update Service (gupdate1c98adef2a3685);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 168432]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-19 20:55]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 17:44]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=1208&m=aspire_5535
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\users\Market\AppData\Roaming\Mozilla\Firefox\Profiles\2xhphgu0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NWEReboot - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 19:34
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(5212)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Celkový čas: 2010-07-05 19:37:42
ComboFix-quarantined-files.txt 2010-07-05 17:37

Před spuštěním: Volných bajtů: 14 698 450 944
Po spuštění: Volných bajtů: 15 658 573 824

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - C195852004944504AD5C31499314D1DF

Re: Win32:jeefo

Napsal: 06 črc 2010 00:24
od motji
Dobrý večer :) , nebo ráno? :D
Pěkně jste si to zavařil :( . Zkusíme s tím něco udělat, ale nic neslibuju :o .

:arrow: Restartujte do nouzového režimu s podporou sítě (po restartu mačkejte F8)

:arrow: Zkuste obnovu systému k datu, kdy jste crack nespustil
- Start - spustit
-do políčka zkopírujte

Kód: Vybrat vše

%SystemRoot%\System32\restore\rstrui.exe
-enter
-vyberte bod obnovení


:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem



:arrow: Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky


A přečtěte si prosím sz :)

Re: Win32:jeefo

Napsal: 06 črc 2010 09:31
od kubikula421
Ok zatím mám toto, teď ještě poslední krok. Z počítačem už to vypadá o dost líp. :)



ComboFix 10-07-05.02 - Market 06.07.2010 10:02:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1814 [GMT 2:00]
Spuštěný z: c:\users\Market\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Market\AppData\Roaming\Desktopicon
c:\users\Market\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Market\AppData\Roaming\Desktopicon\uninst.exe
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-06 do 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 08:11 . 2010-07-06 08:11 -------- d-----w- c:\users\Market\AppData\Local\temp
2010-07-06 08:11 . 2010-07-06 08:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-05 23:18 . 2010-07-05 23:18 -------- d-----w- C:\rsit(313)
2010-07-05 17:37 . 2010-07-06 07:31 -------- d-----w- c:\users\Market\AppData\Local\Temp(338)
2010-07-05 17:37 . 2010-07-05 17:37 -------- d-----w- c:\users\Irena\AppData\Local\Temp(325)
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\VDLL.DLL
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\system32\runouce.exe
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-07-05 16:23 . 2010-07-05 16:23 -------- d---a-w- c:\windows\logo_1.exe
2010-07-05 16:21 . 2010-07-05 16:21 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-07-05 16:21 . 2010-07-05 16:21 -------- d-----w- c:\programdata\MicroWorld
2010-07-05 14:49 . 2010-07-05 14:49 -------- d-----w- c:\users\Market\AppData\Roaming\Malwarebytes
2010-07-05 14:49 . 2010-07-05 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 14:49 . 2010-07-05 14:49 -------- d-----w- c:\programdata\Malwarebytes
2010-07-04 21:11 . 2010-07-04 21:11 -------- d-----w- c:\users\Market\AppData\Roaming\PTC
2010-07-04 20:24 . 2010-07-04 20:27 -------- d-----w- c:\program files\proeWildfire 2.0
2010-07-04 18:39 . 2010-07-04 18:39 -------- d-----w- c:\program files\EA GAMES
2010-07-04 09:36 . 2010-07-04 18:36 -------- d-----w- c:\users\Market\AppData\Roaming\DAEMON Tools Lite
2010-07-04 09:36 . 2010-07-04 09:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-07-02 06:57 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-23 16:21 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 16:21 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 16:21 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 16:21 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 16:21 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 08:12 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 08:12 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 17:34 . 2010-06-21 17:34 -------- d-----w- c:\program files\MSECache
2010-06-20 13:55 . 2010-06-20 13:55 53632 ----a-w- c:\users\Market\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 13:55 . 2010-06-20 13:55 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 13:55 . 2010-06-20 13:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 20:39 . 2010-06-19 20:39 -------- d-----w- c:\program files\DsNET Corp
2010-06-19 11:50 . 2010-06-19 11:50 -------- d-----w- C:\Wifi
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\CyberLink
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\SoftDMA
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Roaming\CyberLink
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\Acer Arcade Deluxe
2010-06-10 09:43 . 2010-06-10 09:43 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB971.tmp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 08:04 . 2008-09-03 03:03 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-07-06 08:04 . 2008-09-03 03:03 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-07-06 07:47 . 2009-02-09 17:35 -------- d-----w- c:\programdata\Google Updater
2010-07-06 07:21 . 2010-01-24 17:04 -------- d-----w- c:\users\Market\AppData\Roaming\Skype
2010-06-28 20:57 . 2010-04-05 14:05 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-05 14:06 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-05 14:06 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-05 14:06 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-05 14:06 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-04-05 14:06 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-23 19:35 . 2009-12-25 13:27 -------- d-----w- c:\users\Market\AppData\Roaming\Media Player Classic
2010-06-23 19:25 . 2010-03-05 18:56 -------- d-----r- c:\program files\Skype
2010-06-19 20:55 . 2009-10-12 12:34 -------- d-----w- c:\users\Market\AppData\Roaming\ICQ
2010-06-12 10:23 . 2008-12-31 19:31 -------- d-----w- c:\program files\ESET
2010-06-12 10:22 . 2008-12-19 11:03 -------- d-----w- c:\program files\Google
2010-06-12 10:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 09:41 . 2008-12-31 20:34 70672 ----a-w- c:\users\Kody\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-30 08:28 . 2010-05-30 08:28 -------- d-----w- c:\program files\Common Files\Java
2010-05-30 08:27 . 2008-12-31 19:50 -------- d-----w- c:\program files\Java
2010-05-26 17:06 . 2010-06-11 10:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 10:51 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 08:32 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-11 10:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 10:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-11 10:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-11 10:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 10:51 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 18:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 08:12 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 08:12 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 08:12 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 08:12 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-12 15:29 . 2010-05-30 08:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-12-14 21:04 . 2009-12-14 21:04 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"eRecoveryService"="" [BU]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"NWEReboot"="" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]

c:\users\Market\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-05-29 15:44 147456 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 19:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-29 15:44 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-14 21:04 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-05-12 15:28 167936 ----a-w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,d2,3c,cc,e4,4f,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1663695290-2459496147-392905735-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c98adef2a3685;Google Update Service (gupdate1c98adef2a3685);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-07-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-19 20:55]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 17:44]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=1208&m=aspire_5535
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\users\Market\AppData\Roaming\Mozilla\Firefox\Profiles\2xhphgu0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-eBay Icon - c:\users\Market\AppData\Roaming\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 10:11
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-07-06 10:14:00
ComboFix-quarantined-files.txt 2010-07-06 08:13
ComboFix2.txt 2010-07-05 17:37

Před spuštěním: Volných bajtů: 66 449 571 840
Po spuštění: Volných bajtů: 66 315 956 224

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - D0E163EB37C013151E9FD6F7CB2649B0

Re: Win32:jeefo

Napsal: 06 črc 2010 09:36
od motji
Tu obnovu jste dělal?
Ten rsit máte pojmenovaný i s tím číslem v závorce :o
C:\rsit(313)

Re: Win32:jeefo

Napsal: 06 črc 2010 09:46
od kubikula421
Ano dělal a složka RSITu je takto pojmenovaná, nepamatuju se, že bych to dělal ale já.

Re: Win32:jeefo

Napsal: 06 črc 2010 13:59
od kubikula421
OK, tak dole jen ten log z kašperáka. Tak trochu nechápu, kde se tam vzal ten BadJoke :( , jelikož k profilu Irena (počítač používá celá rodina) se nikdo nepřihlásil hodně dlouho. Ten Hidrag je doufám ten jeefo?

Dál by mě zajímalo, když smažu cache pomocí CCleaneru u všech prohlížeču, tak jí smažu zřejmě jen u profilu ke kterému jsem přihlášen že? Neexistuje nějaká utilitka, která by smazal cache u všech uživatelů?

Dál tak trochu nerozumím tý cestě co tu je C:\Documents and Settings\Irena\...., tady ve Vistách žádný Document and Settings není, kliknu-li na C: prostě zde není :?: (skryté soubory mám viditelné). Všechny dokumety uživatelů jsou ve složce C:\Users\....

Ten bordel na D:\ je proto, že jsem dělal duplikát dokumentů, jelikož jsem nevěděl zda budu muset dnes reinstalovat widle.

Jinak comp běží úplně normálně, jak když se nic nestalo, zatím jsem nenarazil na program, který by nefungoval :) , včera to bylo na format a dnes... zázrak, nechápu. Jo ještě něco, v noci po combofixu, před obnovou a předtím než jsem psal sem, jsem udělal test v MWAV, byl nastaven defalutně nikoliv jak je popsáno zde: http://www.viry.cz/forum/viewtopic.php?t=4097 a něco odstřelil, škoda, že nemám screen.


Autoscan: completed 7 minutes ago (events: 35, objects: 414430, time: 02:27:06)
6.7.2010 11:56:34 Task started
6.7.2010 12:02:22 Processing error E Read error
6.7.2010 12:12:10 Detected: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (2).exe
6.7.2010 12:12:10 Detected: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (1).exe
6.7.2010 12:12:10 Detected: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (3).exe
6.7.2010 12:12:40 Deleted: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (1).exe
6.7.2010 12:12:40 Deleted: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (2).exe
6.7.2010 12:12:40 Detected: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (4).exe
6.7.2010 12:12:41 Deleted: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (3).exe
6.7.2010 12:12:41 Detected: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party.exe
6.7.2010 12:12:41 Deleted: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (4).exe
6.7.2010 12:12:43 Deleted: Hoax.Win32.BadJoke.Agent.bt C:\Documents and Settings\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party.exe
6.7.2010 12:22:43 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Market\Desktop\NFS shit.rar/NFS shit/NFS-MW_SK.exe
6.7.2010 12:22:43 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Market\Desktop\NFS shit.rar/NFS shit/NFS-MW_SK.exe Write not supported
6.7.2010 12:22:43 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Market\Desktop\NFS shit.rar/NFS shit/nfsmw_cz.exe
6.7.2010 12:22:43 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Market\Desktop\NFS shit.rar/NFS shit/nfsmw_cz.exe Write not supported
6.7.2010 12:22:44 Detected: Virus.Win32.Hidrag.a C:\Documents and Settings\Market\Desktop\NFS shit.rar/NFS shit/speed.exe
6.7.2010 12:22:44 Untreated: Virus.Win32.Hidrag.a C:\Documents and Settings\Market\Desktop\NFS shit.rar/NFS shit/speed.exe Write not supported
6.7.2010 13:06:47 Detected: Virus.Win32.Hidrag.a C:\Users\Market\Desktop\NFS shit.rar/NFS shit/NFS-MW_SK.exe
6.7.2010 13:06:47 Untreated: Virus.Win32.Hidrag.a C:\Users\Market\Desktop\NFS shit.rar/NFS shit/NFS-MW_SK.exe Write not supported
6.7.2010 13:06:50 Detected: Virus.Win32.Hidrag.a C:\Users\Market\Desktop\NFS shit.rar/NFS shit/nfsmw_cz.exe
6.7.2010 13:06:50 Untreated: Virus.Win32.Hidrag.a C:\Users\Market\Desktop\NFS shit.rar/NFS shit/nfsmw_cz.exe Write not supported
6.7.2010 13:06:54 Detected: Virus.Win32.Hidrag.a C:\Users\Market\Desktop\NFS shit.rar/NFS shit/speed.exe
6.7.2010 13:06:54 Untreated: Virus.Win32.Hidrag.a C:\Users\Market\Desktop\NFS shit.rar/NFS shit/speed.exe Write not supported
6.7.2010 14:15:53 Detected: Hoax.Win32.BadJoke.Agent.bt D:\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (2).exe
6.7.2010 14:15:54 Detected: Hoax.Win32.BadJoke.Agent.bt D:\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (1).exe
6.7.2010 14:16:25 Detected: Hoax.Win32.BadJoke.Agent.bt D:\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (3).exe
6.7.2010 14:16:27 Deleted: Hoax.Win32.BadJoke.Agent.bt D:\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (2).exe
6.7.2010 14:16:27 Deleted: Hoax.Win32.BadJoke.Agent.bt D:\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (3).exe
6.7.2010 14:16:28 Deleted: Hoax.Win32.BadJoke.Agent.bt D:\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (1).exe
6.7.2010 14:16:28 Detected: Hoax.Win32.BadJoke.Agent.bt D:\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (4).exe
6.7.2010 14:16:28 Detected: Hoax.Win32.BadJoke.Agent.bt D:\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party.exe
6.7.2010 14:16:28 Deleted: Hoax.Win32.BadJoke.Agent.bt D:\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party (4).exe
6.7.2010 14:16:29 Deleted: Hoax.Win32.BadJoke.Agent.bt D:\Irena\AppData\Local\Opera\Opera\profile\cache4\temporary_download\party.exe
6.7.2010 14:23:40 Task completed

Re: Win32:jeefo

Napsal: 06 črc 2010 14:07
od motji
Já Vám odpovím později.
Ještě zkuste tento program, předtím CCleanerem vyčistěte tempy.. Musíte bohužel ve všech profilech zvlášt, dá se nastavit, aby se spouštěl po startu počítače .


:arrow: Smažte cache Opery/Firefoxu bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/

- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
- zatrhněte Select All a pak klikněte na Empty Selected

pozor - přijdete o všechna hesla uložená ve FF /Opere!

- Na záložce main zaškrtněte All users temp a potvrdte Empty selected



:arrow: Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-počítač se restartuje





:arrow: stahněte a udělejte sken
http://translate.google.cz/translate?hl ... s:official


:arrow: A můžete spustit i Mwaw

:arrow: Na závěr poprosím o nový log ze Rsitu

Re: Win32:jeefo

Napsal: 06 črc 2010 17:33
od kubikula421
Ok provedl jsem všechny kroky. Ten jeefo remover nic nenašel

MWAVem jsem otestoval, jen ten základ, protože celej disk by byl asi na celej den :( .

Z logu MWAV stojí za zmínku asi toto, ale pokud bude potřeba celý log, tak dodám.



06 VII 2010 17:15:57 - ***** Scanning Service Files *****
06 VII 2010 17:15:58 - ERROR!!! Invalid Entry %SystemRoot%\System32\appmgmts.dll in HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters. Action Taken: No Action Taken.

06 VII 2010 17:16:19 - ***** Scanning Registry and File system for Adware/Spyware *****
06 VII 2010 17:16:21 - Loading Spyware Signatures from new External Database [Name: C:\Users\Market\AppData\Local\Temp\spydb.avs, Size: 939324]...
06 VII 2010 17:16:21 - Indexed Spyware Databases Successfully Created...

06 VII 2010 17:16:21 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{3C78B8E2-6C4D-11D1-ADE2-0000F8754B99})! Action taken: No Action Taken.
06 VII 2010 17:16:21 - System found infected with CoreGuardAntivirus2009 Corrupted Adware/Spyware (HKEY_CLASSES_ROOT\clsid\{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: No Action Taken.
06 VII 2010 17:16:21 - Offending file found: C:\Windows\iun6002.exe
06 VII 2010 17:16:21 - System found infected with Spyware.NetScreenWatch Spyware/Adware (iun6002.exe)! Action taken: No Action Taken.

06 VII 2010 17:16:21 - Offending file found: C:\Windows\system32\acer.exe
06 VII 2010 17:16:21 - System found infected with combo Spyware/Adware (acer.exe)! Action taken: No Action Taken.

06 VII 2010 17:16:22 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
06 VII 2010 17:16:22 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: No Action Taken.

06 VII 2010 17:16:22 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
06 VII 2010 17:16:22 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: No Action Taken.

06 VII 2010 17:16:23 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
06 VII 2010 17:16:23 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: No Action Taken.

06 VII 2010 17:16:23 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved/{5E2121EE-0300-11D4-8D3B-444553540000}
06 VII 2010 17:16:23 - System found infected with Your Protection Spyware/Adware (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved/{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: No Action Taken.

6 VII 2010 17:18:13 - ***** Scanning All Drives *****
06 VII 2010 17:18:13 - Scanning C:\ Drive
06 VII 2010 17:19:14 - C:\Boot\BCD not Scanned. Possibly password protected...
06 VII 2010 17:19:14 - C:\Boot\BCD.LOG not Scanned. Possibly password protected...
06 VII 2010 17:19:16 - Scanning File C:\f2b5e8b198cddd1d1d2579\MRT.exe
06 VII 2010 17:19:16 - File C:\f2b5e8b198cddd1d1d2579\MRT.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.

06 VII 2010 17:19:16 - Scanning File C:\f2b5e8b198cddd1d1d2579\mrtstub.exe
06 VII 2010 17:19:16 - File C:\f2b5e8b198cddd1d1d2579\mrtstub.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.

06 VII 2010 17:19:24 - Scanning File C:\Program Files\Acer\Empowering Technology\eDataSecurity\nstdata.exe
06 VII 2010 17:19:24 - File C:\Program Files\Acer\Empowering Technology\eDataSecurity\nstdata.exe infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.


¨06 VII 2010 17:51:06 - ***** Scanning Memory Files *****

06 VII 2010 17:51:08 - ***** Scanning Registry Files *****
06 VII 2010 17:51:09 - ERROR!!! Invalid Entry {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} = epm-po.dll (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.

06 VII 2010 17:51:13 - ***** Scanning StartUp Folders *****
06 VII 2010 17:51:14 - Scanning File C:\Users\Market\Desktop\Kuba\Age Of Empires 2 & The Conquerors Expansion - Full Game\Age Of Empires 2 & The Conquerors Expansion - Full Game\STPENUX.DLL
06 VII 2010 17:51:14 - File C:\Users\Market\Desktop\Kuba\Age Of Empires 2 & The Conquerors Expansion - Full Game\Age Of Empires 2 & The Conquerors Expansion - Full Game\STPENUX.DLL infected by "NULL.Corrupted" Virus! Action Taken: No Action Taken.


06 VII 2010 17:51:14 - ***** Scanning Service Files *****
06 VII 2010 17:51:15 - ERROR!!! Invalid Entry %SystemRoot%\System32\appmgmts.dll in HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters. Action Taken: No Action Taken.

06 VII 2010 17:51:34 - ***** Scanning Registry and File system for Adware/Spyware *****
06 VII 2010 17:51:34 - Loading Spyware Signatures from new External Database [Name: C:\Users\Market\AppData\Local\Temp\spydb.avs, Size: 939324]...
06 VII 2010 17:51:34 - Indexed Spyware Databases Successfully Created...

06 VII 2010 17:51:34 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{3C78B8E2-6C4D-11D1-ADE2-0000F8754B99})! Action taken: No Action Taken.
06 VII 2010 17:51:34 - System found infected with CoreGuardAntivirus2009 Corrupted Adware/Spyware (HKEY_CLASSES_ROOT\clsid\{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: No Action Taken.
06 VII 2010 17:51:35 - Offending file found: C:\Windows\iun6002.exe
06 VII 2010 17:51:35 - System found infected with Spyware.NetScreenWatch Spyware/Adware (iun6002.exe)! Action taken: No Action Taken.

06 VII 2010 17:51:35 - Offending file found: C:\Windows\system32\acer.exe
06 VII 2010 17:51:35 - System found infected with combo Spyware/Adware (acer.exe)! Action taken: No Action Taken.

06 VII 2010 17:51:36 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
06 VII 2010 17:51:36 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: No Action Taken.

06 VII 2010 17:51:36 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
06 VII 2010 17:51:36 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: No Action Taken.

06 VII 2010 17:51:37 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
06 VII 2010 17:51:37 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: No Action Taken.

06 VII 2010 17:51:37 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved/{5E2121EE-0300-11D4-8D3B-444553540000}
06 VII 2010 17:51:37 - System found infected with Your Protection Spyware/Adware (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved/{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: No Action Taken.

06 VII 2010 17:51:38 - Scanning ARPCache RegKey...



06 VII 2010 17:51:38 - ***** Scanning System32 Folders *****

06 VII 2010 17:54:36 - C:\Users\Market\AppData\Local\Temp\JETB52B.tmp not Scanned. Possibly password protected...

06 VII 2010 17:54:39 - ***** Checking for specific ITW Viruses *****

06 VII 2010 17:54:39 - ***** Scanning complete. *****

06 VII 2010 17:54:39 - Total Objects Scanned: 64352
06 VII 2010 17:54:39 - Total Critical Objects: 6
06 VII 2010 17:54:39 - Total Disinfected Objects: 0
06 VII 2010 17:54:39 - Total Objects Renamed: 0
06 VII 2010 17:54:39 - Total Deleted Objects: 0
06 VII 2010 17:54:39 - Total Errors: 21
06 VII 2010 17:54:39 - Time Elapsed: 00:00:41
06 VII 2010 17:54:39 - Virus Database Date: 26 Apr 2010
06 VII 2010 17:54:39 - Virus Database Count: 5690871

06 VII 2010 17:54:39 - Scan Completed.

Re: Win32:jeefo

Napsal: 06 črc 2010 17:41
od kubikula421
A tady ten log z RSITu.


Logfile of random's system information tool 1.07 (written by random/random)
Run by Market at 2010-07-06 18:38:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 78 GB (69%) free of 114 GB
Total RAM: 2814 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:38:37, on 6.7.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\rsit\RSIT.exe
C:\Program Files\trend micro\Market.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5535
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98adef2a3685) (gupdate1c98adef2a3685) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7979 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-05-14 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-10 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.2.dll [2009-09-23 1075352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-14 142896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-05-21 6144000]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-05-14 526896]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-06-11 409600]
"eRecoveryService"= []
"ProductReg"=C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144]
"NWEReboot"= []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-09-11 809480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-19 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-05-29 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-05-29 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-05-12 167936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE [2010-01-15 255536]

C:\Users\Market\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=153
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-07-06 17:16:20 ----AD---- C:\Windows\rundll16.exe
2010-07-06 17:16:20 ----AD---- C:\Windows\logo1_.exe
2010-07-06 17:01:10 ----A---- C:\Windows\system32\msvcr80.dll
2010-07-06 17:01:09 ----A---- C:\Windows\system32\msvcp80.dll
2010-07-06 17:01:08 ----A---- C:\Windows\system32\eEmpty.exe
2010-07-06 11:51:54 ----D---- C:\ProgramData\Kaspersky Lab
2010-07-06 10:14:04 ----SHD---- C:\$RECYCLE.BIN
2010-07-06 10:14:02 ----D---- C:\Windows\temp
2010-07-06 10:00:20 ----A---- C:\Windows\PEV.exe
2010-07-06 10:00:20 ----A---- C:\Windows\MBR.exe
2010-07-06 10:00:13 ----D---- C:\Windows\ERDNT
2010-07-06 01:18:23 ----D---- C:\rsit
2010-07-05 18:23:49 ----AD---- C:\Windows\VDLL.DLL
2010-07-05 18:23:49 ----AD---- C:\Windows\system32\runouce.exe
2010-07-05 18:23:49 ----AD---- C:\Windows\RUNDL132.EXE
2010-07-05 18:23:49 ----AD---- C:\Windows\logo_1.exe
2010-07-05 18:21:08 ----D---- C:\Program Files\Common Files\MicroWorld
2010-07-05 18:21:05 ----D---- C:\ProgramData\MicroWorld
2010-07-05 16:51:41 ----A---- C:\mbam-error.txt
2010-07-05 16:49:48 ----D---- C:\Users\Market\AppData\Roaming\Malwarebytes
2010-07-05 16:49:42 ----D---- C:\ProgramData\Malwarebytes
2010-07-05 16:49:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-04 23:11:12 ----D---- C:\Users\Market\AppData\Roaming\PTC
2010-07-04 22:24:15 ----D---- C:\Program Files\proeWildfire 2.0
2010-07-04 22:18:57 ----A---- C:\ptcsetup.bak
2010-07-04 20:39:43 ----D---- C:\Program Files\EA GAMES
2010-07-04 11:36:32 ----D---- C:\Users\Market\AppData\Roaming\DAEMON Tools Lite
2010-07-04 11:36:29 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-06-23 18:21:17 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-23 18:21:17 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-23 18:21:17 ----A---- C:\Windows\system32\mscoree.dll
2010-06-23 18:21:16 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-23 18:21:16 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 10:12:16 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-23 10:12:15 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-21 19:34:22 ----D---- C:\Program Files\MSECache
2010-06-20 15:55:36 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-06-19 22:39:33 ----D---- C:\Program Files\DsNET Corp
2010-06-19 13:50:03 ----D---- C:\Wifi
2010-06-12 12:32:26 ----D---- C:\Windows\pss
2010-06-11 12:51:34 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-11 12:51:31 ----A---- C:\Windows\system32\atmlib.dll
2010-06-11 12:51:31 ----A---- C:\Windows\system32\atmfd.dll
2010-06-11 12:51:21 ----A---- C:\Windows\system32\mshtml.dll
2010-06-11 12:51:19 ----A---- C:\Windows\system32\ieframe.dll
2010-06-11 12:51:18 ----A---- C:\Windows\system32\iertutil.dll
2010-06-11 12:51:17 ----A---- C:\Windows\system32\wininet.dll
2010-06-11 12:51:17 ----A---- C:\Windows\system32\urlmon.dll
2010-06-11 12:51:16 ----A---- C:\Windows\system32\occache.dll
2010-06-11 12:51:16 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-11 12:51:16 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-11 12:51:15 ----A---- C:\Windows\system32\mstime.dll
2010-06-11 12:51:15 ----A---- C:\Windows\system32\ieui.dll
2010-06-11 12:51:14 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-11 12:51:14 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-11 12:51:14 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-11 12:51:14 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-11 12:51:14 ----A---- C:\Windows\system32\iepeers.dll
2010-06-11 12:51:10 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-11 12:51:09 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-11 12:51:09 ----A---- C:\Windows\system32\iesetup.dll
2010-06-11 12:51:09 ----A---- C:\Windows\system32\iernonce.dll

======List of files/folders modified in the last 1 months======

2010-07-06 18:38:33 ----D---- C:\Program Files\trend micro
2010-07-06 17:16:20 ----D---- C:\Windows
2010-07-06 17:01:10 ----D---- C:\Windows\System32
2010-07-06 16:45:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-06 16:45:13 ----D---- C:\Windows\inf
2010-07-06 16:41:43 ----D---- C:\Windows\Tasks
2010-07-06 16:35:06 ----SHD---- C:\System Volume Information
2010-07-06 15:46:07 ----D---- C:\Windows\system32\drivers
2010-07-06 11:51:54 ----D---- C:\ProgramData
2010-07-06 10:11:12 ----A---- C:\Windows\system.ini
2010-07-06 10:07:27 ----D---- C:\Windows\AppPatch
2010-07-06 10:07:26 ----D---- C:\Program Files\Common Files
2010-07-06 09:47:02 ----D---- C:\ProgramData\Google Updater
2010-07-06 09:39:14 ----D---- C:\Windows\system32\wbem
2010-07-06 09:38:39 ----D---- C:\Windows\system32\config
2010-07-06 09:37:36 ----HD---- C:\Windows\system32\GroupPolicy
2010-07-06 09:37:36 ----D---- C:\Windows\system32\Tasks
2010-07-06 09:37:36 ----D---- C:\Windows\system32\spool
2010-07-06 09:37:36 ----D---- C:\Windows\system32\OEM
2010-07-06 09:37:36 ----D---- C:\Windows\system32\Msdtc
2010-07-06 09:37:36 ----D---- C:\Windows\system32\cs-CZ
2010-07-06 09:37:36 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-06 09:37:36 ----D---- C:\Windows\system32\catroot2
2010-07-06 09:37:36 ----D---- C:\Windows\BUVC_AP
2010-07-06 09:37:17 ----D---- C:\Program Files\WinRAR
2010-07-06 09:37:17 ----D---- C:\Program Files\TruePDF
2010-07-06 09:37:17 ----D---- C:\Program Files\totalcmd
2010-07-06 09:37:17 ----D---- C:\Program Files\Seznam.cz
2010-07-06 09:37:17 ----D---- C:\Program Files\psconvert
2010-07-06 09:37:17 ----D---- C:\Program Files\O2 Mobilni internet
2010-07-06 09:37:17 ----D---- C:\Program Files\Mozilla Firefox
2010-07-06 09:37:17 ----D---- C:\Program Files\Microsoft Works
2010-07-06 09:37:16 ----D---- C:\Program Files\Microsoft Office Suite Activation Assistant
2010-07-06 09:37:16 ----D---- C:\Program Files\K-Lite Codec Pack
2010-07-06 09:37:15 ----D---- C:\Program Files\ICQ7.0
2010-07-06 09:37:15 ----D---- C:\Program Files\ICQ6Toolbar
2010-07-06 09:37:15 ----D---- C:\Program Files\ICQ6.5
2010-07-06 09:37:13 ----D---- C:\Program Files\Common Files\LightScribe
2010-07-06 09:37:13 ----D---- C:\Program Files\CDBurnerXP
2010-07-06 09:37:13 ----D---- C:\Program Files\CCleaner
2010-07-06 09:37:12 ----D---- C:\Program Files\Apple Software Update
2010-07-06 09:37:01 ----D---- C:\Windows\registration
2010-07-06 09:21:50 ----D---- C:\Users\Market\AppData\Roaming\Skype
2010-07-05 17:37:33 ----D---- C:\Boot
2010-07-05 16:49:42 ----D---- C:\Program Files
2010-07-04 20:39:16 ----RSD---- C:\Windows\assembly
2010-07-04 20:39:13 ----D---- C:\Windows\Microsoft.NET
2010-07-04 11:40:00 ----SHD---- C:\Windows\Installer
2010-06-28 22:57:12 ----A---- C:\Windows\system32\aswBoot.exe
2010-06-26 16:09:55 ----D---- C:\Windows\Prefetch
2010-06-23 21:35:22 ----D---- C:\Users\Market\AppData\Roaming\Media Player Classic
2010-06-23 21:35:21 ----D---- C:\Windows\Debug
2010-06-23 21:25:03 ----RD---- C:\Program Files\Skype
2010-06-23 18:24:09 ----D---- C:\Windows\ehome
2010-06-23 18:22:49 ----D---- C:\Windows\winsxs
2010-06-23 18:22:33 ----D---- C:\Windows\system32\catroot
2010-06-20 15:55:41 ----D---- C:\Users\Market\AppData\Roaming\Adobe
2010-06-20 15:55:41 ----D---- C:\ProgramData\Adobe
2010-06-20 15:55:37 ----D---- C:\Program Files\Adobe
2010-06-19 22:55:34 ----D---- C:\Users\Market\AppData\Roaming\ICQ
2010-06-19 14:12:56 ----SD---- C:\Users\Market\AppData\Roaming\Microsoft
2010-06-12 12:23:40 ----D---- C:\Program Files\ESET
2010-06-12 12:22:39 ----D---- C:\ProgramData\Google
2010-06-12 12:22:39 ----D---- C:\Program Files\Google
2010-06-12 12:09:37 ----D---- C:\Program Files\Windows Mail
2010-06-12 12:09:37 ----D---- C:\Program Files\Internet Explorer
2010-06-12 12:09:36 ----D---- C:\Windows\system32\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 46672]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-14 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-14 60464]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-29 8192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-08-15 921600]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-25 3844608]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-12-22 207360]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-05-21 2143136]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-03-12 61440]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-12-22 659968]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101760]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-06-25 692224]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-14 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-29 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S2 gupdate1c98adef2a3685;Google Update Service (gupdate1c98adef2a3685); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 183280]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Re: Win32:jeefo

Napsal: 06 črc 2010 17:48
od motji
Prosím Vás odinstalujte combofix a stahněte nový, udělejte sken.
Jak to vypadá s počítačem?

:arrow: Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


:arrow: Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Re: Win32:jeefo

Napsal: 06 črc 2010 18:14
od kubikula421
Nemůžu odinstalovat ComboFix, protože on sám někam zmizel. Naprosto nechápu celou dobu byl na ploše a najednou tu není :?: . Nějaká z předchozích operací ho musela odstranit. Budu pokračovat dalšími kroky.

Re: Win32:jeefo

Napsal: 06 črc 2010 19:05
od motji
Nevadí, dejte pouze T-cleaner

Re: Win32:jeefo

Napsal: 06 črc 2010 19:06
od kubikula421
Ještě před chvíli bych napsal, že se počítač chová úplně normálně, ale najednou mi přestal z ničehonic fungovat touchpad, po třech minutách se zase vzpamatoval nevím :o, nikdy se to nestalo. Co se týče systému, tak se mi zdá, že to běží v pohodě, neseká se to nic, programy, který mám na ploše taky taky jedou :). Uvidím ještě až pročistím registry nebo až začnu testovat další programy, něco to určitě schytat muselo.

Tady je ten log z ComboFixu, bohužel sem při tom zapomněl vypnout avasta, snad to nevadí.

Jak to vypadá?

PS: budu tu asi až zítra.

ComboFix 10-07-06.01 - Market 06.07.2010 19:25:46.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1619 [GMT 2:00]
Spuštěný z: c:\users\Market\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-06 do 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 09:51 . 2010-07-06 09:51 -------- d-----w- c:\programdata\Kaspersky Lab
2010-07-06 08:14 . 2010-07-06 17:38 -------- d-----w- c:\users\Market\AppData\Local\temp
2010-07-05 17:37 . 2010-07-06 07:31 -------- d-----w- c:\users\Market\AppData\Local\Temp(338)
2010-07-05 17:37 . 2010-07-05 17:37 -------- d-----w- c:\users\Irena\AppData\Local\Temp(325)
2010-07-05 14:49 . 2010-07-05 14:49 -------- d-----w- c:\users\Market\AppData\Roaming\Malwarebytes
2010-07-05 14:49 . 2010-07-05 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 14:49 . 2010-07-05 14:49 -------- d-----w- c:\programdata\Malwarebytes
2010-07-04 21:11 . 2010-07-04 21:11 -------- d-----w- c:\users\Market\AppData\Roaming\PTC
2010-07-04 20:24 . 2010-07-04 20:27 -------- d-----w- c:\program files\proeWildfire 2.0
2010-07-04 18:39 . 2010-07-04 18:39 -------- d-----w- c:\program files\EA GAMES
2010-07-04 09:36 . 2010-07-04 18:36 -------- d-----w- c:\users\Market\AppData\Roaming\DAEMON Tools Lite
2010-07-04 09:36 . 2010-07-04 09:36 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-07-02 06:57 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-23 16:21 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 16:21 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 16:21 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 16:21 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 16:21 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 08:12 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 08:12 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 17:34 . 2010-06-21 17:34 -------- d-----w- c:\program files\MSECache
2010-06-20 13:55 . 2010-06-20 13:55 53632 ----a-w- c:\users\Market\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 13:55 . 2010-06-20 13:55 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 13:55 . 2010-06-20 13:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 20:39 . 2010-06-19 20:39 -------- d-----w- c:\program files\DsNET Corp
2010-06-19 11:50 . 2010-06-19 11:50 -------- d-----w- C:\Wifi
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\CyberLink
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\SoftDMA
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Roaming\CyberLink
2010-06-10 10:44 . 2010-06-10 10:44 -------- d-----w- c:\users\Kody\AppData\Local\Acer Arcade Deluxe
2010-06-10 09:43 . 2010-06-10 09:43 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB971.tmp.exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\18098\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\18098\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\18098\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\18098\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 17:15 . 2009-10-29 14:06 -------- d-----w- c:\program files\trend micro
2010-07-06 14:45 . 2008-09-03 03:03 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-07-06 14:45 . 2008-09-03 03:03 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-07-06 14:41 . 2009-10-04 16:39 70672 ----a-w- c:\users\Market\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-06 13:49 . 2009-10-04 16:39 70672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-06 13:48 . 2008-12-19 11:05 8224 ----a-w- c:\users\Irena\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-06 07:47 . 2009-02-09 17:35 -------- d-----w- c:\programdata\Google Updater
2010-07-06 07:21 . 2010-01-24 17:04 -------- d-----w- c:\users\Market\AppData\Roaming\Skype
2010-06-28 20:57 . 2010-04-05 14:05 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-04-05 14:06 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-04-05 14:06 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-04-05 14:06 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-04-05 14:06 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-04-05 14:06 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-23 19:35 . 2009-12-25 13:27 -------- d-----w- c:\users\Market\AppData\Roaming\Media Player Classic
2010-06-23 19:25 . 2010-03-05 18:56 -------- d-----r- c:\program files\Skype
2010-06-19 20:55 . 2009-10-12 12:34 -------- d-----w- c:\users\Market\AppData\Roaming\ICQ
2010-06-12 10:23 . 2008-12-31 19:31 -------- d-----w- c:\program files\ESET
2010-06-12 10:22 . 2008-12-19 11:03 -------- d-----w- c:\program files\Google
2010-06-12 10:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 09:41 . 2008-12-31 20:34 70672 ----a-w- c:\users\Kody\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-30 08:28 . 2010-05-30 08:28 -------- d-----w- c:\program files\Common Files\Java
2010-05-30 08:27 . 2008-12-31 19:50 -------- d-----w- c:\program files\Java
2010-05-26 17:06 . 2010-06-11 10:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 10:51 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-03 08:32 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-11 10:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 10:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-11 10:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-11 10:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 10:51 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 18:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 08:12 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 08:12 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 08:12 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 08:12 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-12 15:29 . 2010-05-30 08:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-12-14 21:04 . 2009-12-14 21:04 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]

c:\users\Market\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2008-05-29 15:44 147456 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 19:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-29 15:44 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-14 21:04 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-05-12 15:28 167936 ----a-w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,d2,3c,cc,e4,4f,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1663695290-2459496147-392905735-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c98adef2a3685;Google Update Service (gupdate1c98adef2a3685);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-14 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S1 aswSP;aswSP; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-07-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-19 20:55]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 17:44]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 17:44]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=1208&m=aspire_5535
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\users\Market\AppData\Roaming\Mozilla\Firefox\Profiles\2xhphgu0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NWEReboot - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 19:37
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\TEMP\TMP0000002E45C7B01D313142A9 524288 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4724)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2010-07-06 19:42:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-06 17:42

Před spuštěním: Volných bajtů: 81 814 855 680
Po spuštění: Volných bajtů: 81 600 442 368

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - E23602858C051A5AEB4D12D899BA2002

Re: Win32:jeefo

Napsal: 06 črc 2010 19:07
od motji
Já tu budu tak až zítra, zatím vyzkoušejte ty programy a napište. VYpadá to dobře. :)

Re: Win32:jeefo

Napsal: 06 črc 2010 19:10
od kubikula421
Ten touchpad je fakt nějakej mrtvej už zase... :(