VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

prosím kontrolu

https://forum.viry.cz:443/viewtopic.php?t=103137

Stránka 1 z 1

prosím kontrolu

Napsal: 27 črc 2010 18:51
od TheKicoman
Logfile of random's system information tool 1.08 (written by random/random)
Run by Koci at 2010-07-22 17:47:03
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 41 GB (18%) free of 228 GB
Total RAM: 3066 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:47:37, on 22.7.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Koci\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\WeFi\WeFi.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Koci\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9RXDISW\RSIT[1].exe
C:\Program Files\trend micro\Koci.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000318.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: 20Dollars2Surf.lnk = C:\Program Files\20Dollars2Surf\20dollars2surf.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.co ... 1.71.0.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.53.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WeFi Engine Service (WefiEngSvc) - WeFi - C:\Program Files\WeFi\WefiEngSvc.exe

--
End of file - 10186 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\WefiStartup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-21 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-05-26 1385864]
{4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - Copernic Desktop Search - Home Toolbar - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000318.dll [2010-03-05 2307352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-19 6793760]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-02-19 1833504]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-05 1410344]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-06-25 1069576]
"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2009-04-11 249600]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [2009-06-23 440864]
"EgisTecLiveUpdate"=C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [2009-05-13 199464]
"mwlDaemon"=C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [2009-05-15 345384]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-10 2065760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Copernic Desktop Search - Home"=C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2010-06-15 1611264]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-07-17 133368]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
20Dollars2Surf.lnk - C:\Program Files\20Dollars2Surf\20dollars2surf.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-21 22:00:53 ----D---- C:\Program Files\jv16 PowerTools 2009
2010-07-17 19:45:43 ----D---- C:\Program Files\ICQ7.2
2010-07-16 18:36:52 ----D---- C:\Users\Koci\AppData\Roaming\AVG9
2010-07-15 15:45:37 ----D---- C:\Users\Koci\AppData\Roaming\ESTsoft
2010-07-15 15:45:33 ----D---- C:\ProgramData\ESTsoft
2010-07-15 15:45:28 ----D---- C:\Program Files\ESTsoft
2010-07-15 15:40:43 ----D---- C:\Program Files\7-Zip
2010-07-15 15:23:49 ----D---- C:\Program Files\QS
2010-07-15 15:23:47 ----D---- C:\Users\Koci\AppData\Roaming\TeamViewer
2010-07-13 09:51:45 ----D---- C:\Program Files\Copernic Desktop Search - Home
2010-07-13 09:51:32 ----D---- C:\Users\Koci\AppData\Roaming\Copernic
2010-07-13 09:08:47 ----D---- C:\Program Files\20Dollars2Surf
2010-07-12 21:42:35 ----D---- C:\Program Files\rajce
2010-07-12 15:45:41 ----D---- C:\Users\Koci\AppData\Roaming\ManyCam
2010-07-12 15:45:38 ----D---- C:\Program Files\ManyCam
2010-07-12 15:45:32 ----D---- C:\Program Files\Ask.com
2010-07-11 14:42:33 ----D---- C:\Program Files\GIMP-2.0
2010-07-11 10:21:12 ----A---- C:\Windows\system32\drivers\utmznde3.sys
2010-07-11 10:20:58 ----D---- C:\ProgramData\Kaspersky Lab
2010-07-10 21:19:40 ----HD---- C:\$AVG
2010-07-10 20:54:32 ----A---- C:\Windows\system32\avgrsstx.dll
2010-07-10 20:43:19 ----A---- C:\Windows\system32\drivers\avgrkx86.sys
2010-07-10 20:43:18 ----A---- C:\Windows\system32\drivers\avgtdix.sys
2010-07-10 20:43:13 ----A---- C:\Windows\system32\drivers\avgldx86.sys
2010-07-10 20:43:11 ----D---- C:\Windows\system32\drivers\Avg
2010-07-10 20:43:11 ----A---- C:\Windows\system32\drivers\avgmfx86.sys
2010-07-10 20:42:13 ----D---- C:\Program Files\AVG
2010-07-10 20:42:13 ----A---- C:\Windows\system32\drivers\avgfwd6x.sys
2010-07-10 20:42:12 ----D---- C:\ProgramData\avg9
2010-07-08 19:02:19 ----A---- C:\Windows\Video Player Uninstall Log.txt
2010-07-07 22:08:05 ----D---- C:\Users\Koci\AppData\Roaming\Bump Technologies, Inc
2010-07-07 22:07:38 ----D---- C:\Program Files\BumpTop
2010-07-05 20:58:31 ----D---- C:\Users\Koci\AppData\Roaming\FarmingSimulator2008
2010-07-05 20:54:38 ----D---- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2010-07-05 18:11:05 ----D---- C:\Users\Koci\AppData\Roaming\atitray
2010-07-05 18:10:51 ----D---- C:\Program Files\Ray Adams
2010-07-05 14:11:49 ----D---- C:\Program Files\AIMP2
2010-07-05 12:41:16 ----D---- C:\ProgramData\WeFi
2010-07-05 12:40:48 ----D---- C:\Program Files\WeFi
2010-07-04 14:04:02 ----D---- C:\Program Files\City Interactive
2010-07-02 11:42:15 ----D---- C:\Users\Koci\AppData\Roaming\Uniblue
2010-07-02 11:42:11 ----D---- C:\Program Files\Uniblue

======List of files/folders modified in the last 1 months======

2010-07-22 17:47:38 ----D---- C:\Windows\Temp
2010-07-22 17:47:07 ----D---- C:\Program Files\trend micro
2010-07-22 17:44:40 ----D---- C:\Program Files\Steam
2010-07-22 16:45:01 ----D---- C:\Users\Koci\AppData\Roaming\ICQ
2010-07-22 16:38:41 ----D---- C:\Windows\System32
2010-07-22 16:38:41 ----D---- C:\Windows\inf
2010-07-22 16:38:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-21 22:07:14 ----D---- C:\Users\Koci\AppData\Roaming\FileZilla
2010-07-21 22:05:16 ----D---- C:\Program Files\Common Files
2010-07-21 22:05:16 ----D---- C:\Program Files\BitSpirit
2010-07-21 22:03:26 ----D---- C:\Windows
2010-07-21 22:00:53 ----RD---- C:\Program Files
2010-07-21 21:29:41 ----D---- C:\Program Files\Common Files\Steam
2010-07-21 21:21:17 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-07-21 16:18:43 ----SHD---- C:\System Volume Information
2010-07-17 19:45:59 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-15 21:25:56 ----D---- C:\Windows\system32\catroot2
2010-07-15 15:45:33 ----HD---- C:\ProgramData
2010-07-15 15:12:03 ----D---- C:\Windows\system32\drivers
2010-07-15 15:12:01 ----D---- C:\Windows\system32\drivers\UMDF
2010-07-15 08:13:51 ----D---- C:\Windows\winsxs
2010-07-15 08:07:05 ----D---- C:\Windows\system32\catroot
2010-07-15 08:07:02 ----D---- C:\Program Files\Windows Mail
2010-07-15 08:04:35 ----D---- C:\Windows\Debug
2010-07-12 15:45:35 ----SHD---- C:\Windows\Installer
2010-07-12 15:45:35 ----D---- C:\Windows\system32\Tasks
2010-07-11 13:44:07 ----D---- C:\Program Files\Mozilla Firefox
2010-07-11 11:33:32 ----D---- C:\Users\Koci\AppData\Roaming\Mumble
2010-07-10 21:20:14 ----D---- C:\Program Files\Game_Maker8
2010-07-10 20:40:15 ----SD---- C:\Users\Koci\AppData\Roaming\Microsoft
2010-07-10 16:38:28 ----RSD---- C:\Windows\assembly
2010-07-10 16:37:38 ----D---- C:\Windows\Microsoft.NET
2010-07-10 09:52:30 ----D---- C:\Windows\ehome
2010-07-08 12:55:54 ----D---- C:\Users\Koci\AppData\Roaming\XnView
2010-07-07 22:08:04 ----HD---- C:\Windows\msdownld.tmp
2010-07-07 22:07:48 ----D---- C:\Windows\system32\directx
2010-07-05 20:53:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-07-05 20:19:28 ----D---- C:\Windows\Prefetch
2010-07-05 14:14:18 ----D---- C:\Program Files\Sprite Explorer
2010-07-05 14:14:06 ----D---- C:\Users\Koci\AppData\Roaming\Zoner
2010-07-05 14:13:29 ----D---- C:\Program Files\Winamp
2010-07-05 12:40:59 ----D---- C:\Windows\Tasks
2010-07-02 21:39:05 ----A---- C:\Windows\system32\mrt.exe
2010-06-23 21:55:09 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AvgRkx86;avgrkx86.sys; C:\Windows\System32\Drivers\avgrkx86.sys [2010-07-10 52872]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-02-12 329752]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-19 691696]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2008-09-08 18336]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2010-07-10 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-10 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-07-10 29584]
R1 AvgTdiX;AVG Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-10 243024]
R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-03-30 1124864]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-06-03 4934144]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2009-03-26 21000]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-19 2323680]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2009-03-26 15360]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-11-12 154272]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-05 204976]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 adf83tok;adf83tok; C:\Windows\system32\drivers\adf83tok.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-04-10 84256]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-03-25 106784]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-03-25 17056]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-12-02 62976]
S3 utmznde3;AVZ Kernel Driver; \??\C:\Windows\system32\Drivers\utmznde3.sys [2010-07-11 7168]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-06-03 176128]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-10 308136]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-07-10 2331032]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-04-13 578848]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MWLService;MyWinLocker Service; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-15 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-05-13 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-07-21 219128]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-21 407336]
R3 WefiEngSvc;WeFi Engine Service; C:\Program Files\WeFi\WefiEngSvc.exe [2010-05-25 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Re: prosím kontrolu

Napsal: 28 črc 2010 07:44
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: prosím kontrolu

Napsal: 28 črc 2010 21:21
od TheKicoman
ComboFix 10-07-27.05 - Koci 28.07.2010 20:06:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.2227 [GMT 2:00]
Spuštěný z: c:\users\Koci\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Koci\AppData\Local\Microsoft\Windows\Temporary Internet Files\TestBrowser.html
c:\users\Koci\AppData\Roaming\.#
c:\users\Koci\AppData\Roaming\.#\MBX@16B8@3C2990.###
c:\users\Koci\AppData\Roaming\.#\MBX@16B8@3C29C0.###
c:\users\Koci\AppData\Roaming\.#\MBX@16B8@3C29F0.###
c:\users\Koci\Documents\cc_20100705_141819.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-28 18:15 . 2010-07-28 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-27 09:11 . 2010-07-27 19:08 -------- d-----w- c:\users\Koci\AppData\Roaming\gtk-2.0
2010-07-27 09:11 . 2010-07-27 09:11 -------- d-----w- c:\users\Koci\.thumbnails
2010-07-24 18:51 . 2010-07-24 18:58 -------- d-----w- c:\users\Koci\AppData\Local\Browser Guard 2010
2010-07-24 16:34 . 2010-07-27 11:05 -------- d-----w- c:\program files\Alcohol Soft
2010-07-23 07:26 . 2010-07-27 14:09 -------- d-----w- c:\program files\TeamViewer
2010-07-21 20:01 . 2010-07-21 20:01 23 --sha-w- c:\windows\system32\edacded0.dat
2010-07-21 20:00 . 2010-07-21 20:00 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-07-21 14:18 . 2010-07-21 14:18 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-21 14:18 . 2010-07-21 14:18 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-21 14:18 . 2010-07-21 14:18 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 14:18 . 2010-07-21 14:18 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-21 14:18 . 2010-07-21 14:18 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-17 17:45 . 2010-07-17 17:46 -------- d-----w- c:\program files\ICQ7.2
2010-07-16 16:36 . 2010-07-16 16:36 -------- d-----w- c:\users\Koci\AppData\Roaming\AVG9
2010-07-15 13:45 . 2010-07-15 13:45 -------- d-----w- c:\users\Koci\AppData\Roaming\ESTsoft
2010-07-15 13:45 . 2010-07-15 13:45 -------- d-----w- c:\programdata\ESTsoft
2010-07-15 13:45 . 2010-07-15 13:45 -------- d-----w- c:\program files\ESTsoft
2010-07-15 13:40 . 2010-07-15 13:40 -------- d-----w- c:\program files\7-Zip
2010-07-15 13:23 . 2010-07-15 13:23 -------- d-----w- c:\program files\QS
2010-07-15 13:23 . 2010-07-15 14:11 -------- d-----w- c:\users\Koci\AppData\Roaming\TeamViewer
2010-07-13 07:51 . 2010-07-27 08:48 -------- d-----w- c:\users\Koci\AppData\Roaming\Copernic
2010-07-13 07:51 . 2010-07-13 07:51 -------- d-----w- c:\users\Koci\AppData\Local\Copernic
2010-07-13 07:08 . 2010-07-13 07:08 -------- d-----w- c:\program files\20Dollars2Surf
2010-07-12 19:42 . 2010-07-12 19:42 -------- d-----w- c:\program files\rajce
2010-07-12 13:46 . 2010-07-22 14:33 -------- d-----w- c:\users\Koci\AppData\Local\ManyCam
2010-07-12 13:45 . 2010-07-12 13:46 -------- d-----w- c:\users\Koci\AppData\Roaming\ManyCam
2010-07-12 13:45 . 2010-07-12 13:45 -------- d-----w- c:\program files\ManyCam
2010-07-12 13:45 . 2010-07-12 13:45 -------- d-----w- c:\program files\Ask.com
2010-07-11 12:42 . 2010-07-27 19:11 -------- d-----w- c:\users\Koci\.gimp-2.6
2010-07-11 12:42 . 2010-07-11 12:42 -------- d-----w- c:\program files\GIMP-2.0
2010-07-11 08:21 . 2010-07-11 08:21 7168 ----a-w- c:\windows\system32\drivers\utmznde3.sys
2010-07-11 08:20 . 2010-07-11 08:21 -------- d-----w- c:\programdata\Kaspersky Lab
2010-07-10 19:19 . 2010-07-10 19:19 -------- d-----w- C:\$AVG
2010-07-10 19:17 . 2010-07-10 19:17 -------- d-----w- c:\users\Koci\AppData\Local\LearnPulse
2010-07-10 18:42 . 2010-07-10 18:42 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-07-10 18:42 . 2010-07-10 18:42 -------- d-----w- c:\program files\AVG
2010-07-10 18:42 . 2010-07-10 18:42 -------- d-----w- c:\programdata\avg9
2010-07-07 20:08 . 2010-07-07 20:08 -------- d-----w- c:\users\Koci\AppData\Local\Bump Technologies, Inc
2010-07-07 20:08 . 2010-07-07 20:08 -------- d-----w- c:\users\Koci\AppData\Roaming\Bump Technologies, Inc
2010-07-07 20:07 . 2010-07-09 07:41 -------- d-----w- c:\program files\BumpTop
2010-07-05 18:58 . 2010-07-05 19:13 -------- d-----w- c:\users\Koci\AppData\Roaming\FarmingSimulator2008
2010-07-05 18:54 . 2010-07-05 18:54 -------- d-----w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2010-07-05 16:11 . 2010-07-05 16:11 -------- d-----w- c:\users\Koci\AppData\Roaming\atitray
2010-07-05 16:10 . 2010-07-05 16:10 -------- d-----w- c:\program files\Ray Adams
2010-07-05 12:11 . 2010-07-05 12:12 -------- d-----w- c:\program files\AIMP2
2010-07-05 10:41 . 2010-07-28 18:09 -------- d-----w- c:\programdata\WeFi
2010-07-05 10:40 . 2010-07-05 10:41 -------- d-----w- c:\program files\WeFi
2010-07-04 12:04 . 2010-07-04 12:04 -------- d-----w- c:\program files\City Interactive
2010-07-02 09:42 . 2010-07-02 09:42 -------- d-----w- c:\users\Koci\AppData\Roaming\Uniblue
2010-07-02 09:42 . 2010-07-02 09:42 -------- d-----w- c:\program files\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 18:09 . 2009-03-12 17:55 642116 ----a-w- c:\windows\system32\perfh005.dat
2010-07-28 18:09 . 2009-03-12 17:55 135790 ----a-w- c:\windows\system32\perfc005.dat
2010-07-28 18:00 . 2010-02-18 22:46 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-28 18:00 . 2010-03-23 15:09 -------- d-----w- c:\users\Koci\AppData\Roaming\ICQ
2010-07-27 19:06 . 2010-06-11 13:06 -------- d-----w- c:\users\Koci\AppData\Roaming\FileZilla
2010-07-27 17:06 . 2010-02-18 16:16 -------- d-----w- c:\program files\Steam
2010-07-25 11:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-07-24 18:50 . 2010-03-29 14:32 -------- d-----w- c:\program files\trend micro
2010-07-24 16:30 . 2010-02-19 15:07 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-22 17:23 . 2010-03-29 15:04 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-22 17:15 . 2010-03-29 15:04 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-21 20:05 . 2010-05-03 16:19 -------- d-----w- c:\program files\BitSpirit
2010-07-21 19:29 . 2010-02-18 16:16 -------- d-----w- c:\program files\Common Files\Steam
2010-07-17 17:45 . 2009-02-11 20:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-16 10:37 . 2010-03-04 15:51 1 ----a-w- c:\users\Koci\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-15 13:12 . 2010-07-15 13:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-15 06:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-11 09:33 . 2010-02-24 18:38 -------- d-----w- c:\users\Koci\AppData\Roaming\Mumble
2010-07-11 09:33 . 2010-06-02 15:41 22696 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\borderlands.dll
2010-07-11 09:33 . 2010-05-14 19:57 24744 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\wow.dll
2010-07-10 19:20 . 2010-03-27 20:09 -------- d-----w- c:\program files\Game_Maker8
2010-07-10 18:54 . 2010-07-10 18:54 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-10 18:54 . 2010-07-10 18:54 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-07-10 18:54 . 2010-07-10 18:54 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-10 18:54 . 2010-07-10 18:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-10 18:54 . 2010-07-10 18:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-10 18:54 . 2010-07-10 18:43 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-10 18:53 . 2010-07-10 18:43 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-10 18:52 . 2010-07-10 18:52 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-10 18:52 . 2010-07-10 18:52 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-07-10 18:52 . 2010-07-10 18:52 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-10 18:52 . 2010-07-10 18:52 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-10 18:43 . 2010-07-10 18:43 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-07-08 10:55 . 2010-02-28 19:18 -------- d-----w- c:\users\Koci\AppData\Roaming\XnView
2010-07-05 18:53 . 2010-04-17 19:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-05 12:14 . 2010-04-11 14:46 -------- d-----w- c:\program files\Sprite Explorer
2010-07-05 12:14 . 2010-05-10 18:09 -------- d-----w- c:\users\Koci\AppData\Roaming\Zoner
2010-07-05 12:13 . 2010-04-01 07:04 -------- d-----w- c:\program files\Winamp
2010-06-16 16:36 . 2010-06-16 16:36 -------- d-----w- c:\users\Koci\AppData\Roaming\FastStone
2010-06-16 16:28 . 2010-03-28 16:02 -------- d-----w- c:\program files\EA GAMES
2010-06-15 19:28 . 2010-06-15 19:28 -------- d-----w- c:\users\Koci\AppData\Roaming\Malwarebytes
2010-06-15 19:28 . 2010-06-15 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 19:28 . 2010-06-15 19:28 -------- d-----w- c:\programdata\Malwarebytes
2010-06-14 18:28 . 2010-06-14 18:28 -------- d-----w- c:\program files\Sunbelt Software
2010-06-11 13:06 . 2010-06-11 13:06 -------- d-----w- c:\program files\FileZilla FTP Client
2010-06-06 18:23 . 2010-03-20 20:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 17:46 . 2010-02-18 23:08 7160 ----a-w- c:\users\Koci\AppData\Local\d3d9caps.dat
2010-06-02 15:41 . 2010-05-14 19:57 21672 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\cs.dll
2010-06-02 15:41 . 2010-02-24 18:38 25256 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\tf2.dll
2010-06-02 15:41 . 2010-02-24 18:38 21672 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\lotro.dll
2010-06-02 15:41 . 2010-02-24 18:38 25256 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\dods.dll
2010-06-02 15:41 . 2010-05-14 19:57 21160 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\bfbc2.dll
2010-05-30 19:12 . 2010-05-30 19:12 -------- d-----w- c:\program files\Opera
2010-05-26 17:06 . 2010-06-12 07:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-12 07:11 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2010-02-21 07:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 19:05 . 2010-05-14 19:57 21160 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\codmw2.dll
2010-05-18 19:05 . 2010-02-24 18:38 25256 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\gmod.dll
2010-05-18 19:05 . 2010-02-24 18:38 21672 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\l4d2.dll
2010-05-18 19:05 . 2010-02-24 18:38 25256 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\insurgency.dll
2010-05-18 19:05 . 2010-02-24 18:38 25256 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\aoc.dll
2010-05-18 19:05 . 2010-02-24 18:38 21160 ----a-w- c:\users\Koci\AppData\Roaming\Mumble\Plugins\arma2.dll
2010-05-16 09:21 . 2010-02-24 14:57 402 ----a-w- c:\users\Koci\AppData\Roaming\wklnhst.dat
2010-05-15 06:01 . 2010-05-15 06:01 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-15 06:01 . 2010-05-15 06:01 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-05-15 06:01 . 2010-05-15 06:01 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-15 06:01 . 2010-05-15 06:01 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-15 06:01 . 2010-05-15 06:01 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-05-15 06:01 . 2010-05-15 06:01 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-15 06:00 . 2010-05-15 06:00 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-15 06:00 . 2010-05-15 06:00 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-15 06:00 . 2010-05-15 06:01 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-15 06:00 . 2010-05-15 06:01 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-13 11:04 . 2010-03-29 15:04 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-10 17:48 . 2010-03-29 15:04 22328 ----a-w- c:\users\Koci\AppData\Roaming\PnkBstrK.sys
2010-05-10 17:48 . 2010-03-29 15:04 22328 ----a-w- c:\users\Koci\AppData\Roaming\PnkBstrK.sys
2010-05-10 17:48 . 2010-05-10 17:48 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2010-05-09 08:22 . 2010-05-09 08:22 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-05-04 05:59 . 2010-06-12 07:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-12 07:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-12 07:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-12 07:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-03 16:24 . 2010-05-03 16:24 97 ----a-w- C:\FLV.EXE
2010-05-01 14:13 . 2010-06-12 07:10 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 16:07 . 2010-04-30 16:07 64192 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1AD4A42-BA52-47BC-89DF-3F68F24C017F}]
2010-07-02 12:36 185680 ----a-w- c:\program files\trend micro\Browser Guard 2010\TMAMS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{C8137A8D-415D-450C-A1B1-D0C519D45296}"= "c:\program files\Trend Micro\Browser Guard 2010\tmeig.dll" [2010-07-02 148816]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{c8137a8d-415d-450c-a1b1-d0c519d45296}]
[HKEY_CLASSES_ROOT\TMIEG_BHO.TMBGBAR.1]
[HKEY_CLASSES_ROOT\TypeLib\{A37E8B2F-C153-43A7-B163-18A20187976C}]
[HKEY_CLASSES_ROOT\TMIEG_BHO.TMBGBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-07-17 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-10 2065760]
"Trend Micro Browser Guard v2.0 Beta"="c:\program files\Trend Micro\Browser Guard 2010\BGUI.EXE" [2010-07-02 1213776]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
20Dollars2Surf.lnk - c:\program files\20Dollars2Surf\20dollars2surf.exe [2010-7-13 89088]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fd,c4,63,41,97,c7,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 utmznde3;AVZ Kernel Driver;c:\windows\system32\Drivers\utmznde3.sys [2010-07-11 7168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-24 697328]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-07-10 52872]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2008-09-08 18336]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-10 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-10 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-10 243024]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-03 176128]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-10 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-07-10 2331032]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 WefiEngSvc;WeFi Engine Service;c:\program files\WeFi\WefiEngSvc.exe [2010-05-25 137560]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 13:22]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 13:22]

2010-07-28 c:\windows\Tasks\WefiStartup.job
- c:\program files\WeFi\WefiStartup.exe [2010-05-25 12:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0210&m=aspire_5738
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\ICQ7.2\ICQ.exe
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/update ... 0.53.0.cab
FF - ProfilePath - c:\users\Koci\AppData\Roaming\Mozilla\Firefox\Profiles\oymqnpu9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Koci\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 20:16
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3191246025-262572945-1122269031-1000\Software\SecuROM\License information*]
"datasecu"=hex:a0,5b,e9,5b,0e,ba,86,e0,c7,02,b5,33,c7,75,ff,66,b8,a8,58,ff,17,
5a,aa,db,90,7d,ac,a7,bd,f0,2e,93,13,16,22,bc,3f,0a,45,92,d7,fd,06,96,fd,f9,\
"rkeysecu"=hex:d1,06,a0,14,1f,37,f5,9d,2f,4f,18,2b,d7,95,ca,cf

[HKEY_USERS\S-1-5-21-3191246025-262572945-1122269031-1000\ăś*g´\g(*gHţ*gHţ*gHţ*gHţ*gHţ*gHţ*gHţ*gl\gŮŞ*g\g«*g8Ż*gˆ­*gB®*găŻ*gʲ*g±*géł*g‚ż3)6{Ҳ*ŔO˜>`•ż3)6{Ҳ*ŔO˜>`jو’ńÔ¦_*@–2Qĺ]
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3191246025-262572945-1122269031-1000\ăś*g´\g(*gHţ*gHţ*gHţ*gHţ*gHţ*gHţ*gHţ*gl\gŮŞ*g\g«*g8Ż*gˆ­*gB®*găŻ*gʲ*g±*géł*g‚ż3)6{Ҳ*ŔO˜>`•ż3)6{Ҳ*ŔO˜>`jو’ńÔ¦_*@–2Qĺ\Dont Show]
"Dblclick To Manual"=dword:00000001
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2010-07-28 20:18:05
ComboFix-quarantined-files.txt 2010-07-28 18:18

Před spuštěním: Volných bajtů: 43 971 395 584
Po spuštění: Volných bajtů: 44 763 774 976

- - End Of File - - 437A8D6AEB7D3C1A4D4F758AEEC39CAA

Re: prosím kontrolu

Napsal: 28 črc 2010 21:37
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz