VIRY.CZ

Dobry den, prosim o kontrolu logu, cely netbook je posekany a zpomalený.


Logfile of random's system information tool 1.08 (written by random/random)
Run by Vojta at 2010-10-02 18:14:43
Microsoft Windows 7 Home Premium
System drive C: has 38 GB (19%) free of 205 GB
Total RAM: 2047 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:15:19, on 2.10.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Vojta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vojta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vojta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vojta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vojta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vojta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vojta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Vojta\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vojta\Downloads\RSIT.exe
C:\Program Files\trend micro\Vojta.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Prevést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Prevést cíl vazby do existujícího PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Prevést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridat do stávajícího PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 10267 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1839975588-80871129-3701757641-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1839975588-80871129-3701757641-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-06-19 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDA57003-0068-4ed2-9D32-4D1EC707D94D}]
Microsoft Web Test Recorder 10.0 Helper - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19 61360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-06-24 782568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-06-19 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-06-19 349640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-04-09 2029640]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-11-19 83240]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-07-24 8522272]
"HotkeyMon"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe []
"HotkeyService"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-05-14 644696]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-11-19 1594664]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2010-06-19 38840]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-06-19 640440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"AdobeBridge"= []
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2010-08-29 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Vojta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2010-03-26 1234216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-09-27 328056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Vojta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader.lnk]
C:\PROGRA~1\JDOWNL~1\JDOWNL~1.EXE [2010-07-14 214528]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
VPN Client.lnk - C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-10-02 18:14:44 ----D---- C:\Program Files\trend micro
2010-10-02 18:14:43 ----D---- C:\rsit
2010-09-29 18:44:58 ----D---- C:\Program Files\Common Files\Deterministic Networks
2010-09-29 18:44:50 ----D---- C:\Program Files\Cisco Systems
2010-09-29 13:49:34 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2010-09-29 13:49:33 ----A---- C:\Windows\system32\drivers\ks.sys
2010-09-29 03:19:40 ----A---- C:\Windows\system32\tzres.dll
2010-09-24 04:11:25 ----D---- C:\ProgramData\vsosdk
2010-09-23 21:18:04 ----D---- C:\Users\Vojta\AppData\Roaming\Vso
2010-09-23 21:16:34 ----A---- C:\Windows\system32\sipr3260.dll
2010-09-23 21:16:34 ----A---- C:\Windows\system32\Pncrt.dll
2010-09-23 21:16:34 ----A---- C:\Windows\system32\drv43260.dll
2010-09-23 21:16:34 ----A---- C:\Windows\system32\drv33260.dll
2010-09-23 21:16:34 ----A---- C:\Windows\system32\drv23260.dll
2010-09-23 21:16:34 ----A---- C:\Windows\system32\cook3260.dll
2010-09-23 21:16:33 ----A---- C:\Windows\system32\wvc1dmod.dll
2010-09-23 21:16:33 ----A---- C:\Windows\system32\vp7vfw.dll
2010-09-23 21:16:24 ----D---- C:\Program Files\VSO
2010-09-19 21:41:11 ----D---- C:\Program Files\Team17
2010-09-19 10:22:46 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2010-09-16 23:08:35 ----D---- C:\Windows\system32\1029
2010-09-16 22:26:39 ----D---- C:\ProgramData\PreEmptive Solutions
2010-09-16 22:14:29 ----D---- C:\Program Files\Microsoft ASP.NET
2010-09-16 22:14:20 ----D---- C:\Program Files\IIS
2010-09-16 21:51:59 ----D---- C:\Windows\symbols
2010-09-16 21:51:28 ----D---- C:\Program Files\Microsoft F#
2010-09-16 21:51:28 ----D---- C:\Program Files\HTML Help Workshop
2010-09-16 21:51:27 ----D---- C:\Program Files\Microsoft SDKs
2010-09-16 21:51:26 ----D---- C:\Program Files\Common Files\Merge Modules
2010-09-15 21:20:21 ----A---- C:\Windows\system32\iertutil.dll
2010-09-15 18:24:08 ----A---- C:\Windows\system32\spoolsv.exe
2010-09-14 22:58:16 ----A---- C:\Windows\system32\AdobePDF.dll
2010-09-14 22:28:45 ----D---- C:\ProgramData\FLEXnet
2010-09-14 22:23:20 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-09-14 15:52:22 ----D---- C:\Users\Vojta\AppData\Roaming\Mozilla
2010-09-14 15:51:55 ----D---- C:\Program Files\Mozilla Firefox
2010-09-08 23:31:01 ----D---- C:\Program Files\Synaptics
2010-09-08 23:29:05 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll
2010-09-08 23:29:02 ----A---- C:\Windows\system32\SynTPCo4.dll
2010-09-08 23:29:02 ----A---- C:\Windows\system32\SynTPAPI.dll
2010-09-08 23:29:02 ----A---- C:\Windows\system32\drivers\SynTP.sys
2010-09-08 23:28:59 ----A---- C:\Windows\system32\SynCtrl.dll
2010-09-08 23:28:59 ----A---- C:\Windows\system32\SynCOM.dll
2010-09-07 23:56:11 ----D---- C:\Program Files\Portal

======List of files/folders modified in the last 1 months======

2010-10-02 18:15:04 ----D---- C:\Windows\Temp
2010-10-02 18:14:44 ----RD---- C:\Program Files
2010-10-02 18:13:17 ----D---- C:\Users\Vojta\AppData\Roaming\Skype
2010-10-02 18:10:09 ----D---- C:\Users\Vojta\AppData\Roaming\skypePM
2010-10-02 14:58:22 ----D---- C:\Windows\system32\config
2010-10-02 14:27:16 ----D---- C:\Windows\System32
2010-10-02 14:27:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-10-02 14:20:50 ----D---- C:\Users\Vojta\AppData\Roaming\ICQ
2010-10-02 09:34:46 ----SHD---- C:\System Volume Information
2010-09-30 23:28:59 ----D---- C:\Windows\Minidump
2010-09-30 23:28:55 ----D---- C:\Windows
2010-09-29 18:48:33 ----SHD---- C:\Windows\Installer
2010-09-29 18:48:30 ----HD---- C:\Config.Msi
2010-09-29 18:46:29 ----D---- C:\Windows\system32\drivers
2010-09-29 18:46:28 ----D---- C:\Windows\inf
2010-09-29 18:46:27 ----D---- C:\Windows\system32\catroot
2010-09-29 18:46:26 ----D---- C:\Windows\system32\DriverStore
2010-09-29 18:44:58 ----D---- C:\Program Files\Common Files
2010-09-29 17:54:37 ----D---- C:\Windows\winsxs
2010-09-29 17:53:33 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-29 17:52:30 ----D---- C:\Windows\system32\cs-CZ
2010-09-29 17:51:07 ----D---- C:\Windows\Prefetch
2010-09-29 13:49:13 ----D---- C:\Program Files\Internet Explorer
2010-09-29 13:47:51 ----D---- C:\Users\Vojta\AppData\Roaming\uTorrent
2010-09-29 13:20:19 ----D---- C:\Program Files\JDownloader
2010-09-29 12:37:33 ----D---- C:\Program Files\PowerArchiver
2010-09-29 03:19:23 ----D---- C:\Windows\system32\catroot2
2010-09-27 01:51:19 ----A---- C:\Windows\NeroDigital.ini
2010-09-26 00:32:38 ----D---- C:\Windows\debug
2010-09-24 04:11:25 ----HD---- C:\ProgramData
2010-09-22 23:04:16 ----D---- C:\Users\Vojta\AppData\Roaming\vlc
2010-09-21 21:39:48 ----D---- C:\Windows\Microsoft.NET
2010-09-21 21:36:56 ----RSD---- C:\Windows\assembly
2010-09-21 13:09:01 ----D---- C:\Windows\system32\NDF
2010-09-19 21:38:29 ----D---- C:\Program Files\Opera
2010-09-19 13:32:21 ----D---- C:\Users\Vojta\AppData\Roaming\Nero
2010-09-19 12:54:49 ----D---- C:\Program Files\Common Files\Nero
2010-09-19 12:53:48 ----D---- C:\Program Files\Nero
2010-09-19 12:35:11 ----D---- C:\ProgramData\Nero
2010-09-16 23:08:52 ----D---- C:\Program Files\Microsoft Visual Studio 10.0
2010-09-16 22:58:46 ----D---- C:\Temp
2010-09-16 22:22:25 ----D---- C:\Program Files\MSBuild
2010-09-16 22:12:16 ----SD---- C:\Users\Vojta\AppData\Roaming\Microsoft
2010-09-16 22:12:16 ----SD---- C:\ProgramData\Microsoft
2010-09-16 22:00:19 ----D---- C:\Program Files\Common Files\microsoft shared
2010-09-16 21:52:22 ----D---- C:\Windows\system32\1033
2010-09-16 21:43:21 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2010-09-15 21:26:52 ----D---- C:\ProgramData\Microsoft Help
2010-09-15 21:20:44 ----A---- C:\Windows\system32\MRT.exe
2010-09-14 22:31:05 ----D---- C:\Users\Vojta\AppData\Roaming\Adobe
2010-09-14 22:23:27 ----D---- C:\Program Files\Common Files\Adobe
2010-09-14 22:23:26 ----D---- C:\ProgramData\Adobe
2010-09-14 22:09:35 ----RSD---- C:\Windows\Fonts
2010-09-14 22:08:53 ----D---- C:\Program Files\Adobe
2010-09-14 19:51:05 ----SHD---- C:\$Recycle.Bin
2010-09-08 23:17:34 ----D---- C:\Windows\Logs
2010-09-08 22:33:44 ----D---- C:\ProgramData\NVIDIA
2010-09-08 22:33:28 ----D---- C:\Program Files\EeePC
2010-09-08 19:18:56 ----D---- C:\Program Files\Sony
2010-09-08 19:14:52 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-07-25 691696]
R1 AsUpIO;AsUpIO; C:\Windows\system32\drivers\AsUpIO.sys [2010-07-24 11448]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2010-03-23 308859]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 EkaProt6;Ekahau User Protocol Driver for NDIS 6; C:\Windows\system32\DRIVERS\ekaprot6.sys [2009-04-07 15360]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-04-09 133000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2008-11-16 131984]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-04-09 33096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-07-24 3026592]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2010-07-24 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-14 50688]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-06-22 105576]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-11-19 230448]
S1 archlp;archlp; C:\Windows\system32\drivers\archlp.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 a5z13j70;a5z13j70; C:\Windows\system32\drivers\a5z13j70.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-14 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VSPerfDrv100;Performance Tools Driver 10.0; \??\C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsusService;Asus Launcher Service; C:\Windows\System32\AsusService.exe [2009-08-18 219136]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2010-03-23 1528616]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200; C:\Program Files\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-04-09 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-09-14 651720]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

Nic nebezpečného nevidím. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4735

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3.10.2010 12:40:43
mbam-log-2010-10-03 (12-40-43).txt

Typ skenu: Úplný sken (C:\|E:\|)
Skenované objekty: 316368
Uplynulý čas: 2 hodina(y), 4 minuta(y), 9 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Users\Public\Documents\ZALOHA\ConvertXToDVD_4.1.2.336_Final\Keygen.exe (Trojan.Agent.CK) -> No action taken.
C:\Users\Public\Documents\ZALOHA\MSO2010Activation252BConversionKit1.3\Office 2010 Activation and Conversion Kit 1.3\Resources\KMSKG\Keygen.exe (RiskWare.Tool.CK) -> No action taken.

OK. Co nalezl MBAM smažte a ještě poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

ComboFix 10-10-02.02 - Vojta 03.10.2010 19:29:54.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2047.1394 [GMT 2:00]
Spuštěný z: c:\users\Vojta\Downloads\ComboFix.exe
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Vojta\AppData\Roaming\chrtmp
c:\users\Vojta\videos\K-Lite_Codec_Pack_620_Mega.exe
c:\windows\system32\spool\prtprocs\w32x86\CNMPP94.DLL

c:\windows\system32\userinit.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-03 08:21 . 2010-10-03 08:21 -------- d-----w- c:\users\Vojta\AppData\Roaming\Malwarebytes
2010-10-03 08:21 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 08:21 . 2010-10-03 08:21 -------- d-----w- c:\programdata\Malwarebytes
2010-10-03 08:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 08:20 . 2010-10-03 08:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 16:32 . 2010-10-02 16:32 -------- d-----w- c:\users\Vojta\AppData\Roaming\IObit
2010-10-02 16:32 . 2010-10-02 16:32 -------- d-----w- c:\program files\IObit
2010-10-02 16:14 . 2010-10-02 16:15 -------- d-----w- c:\program files\trend micro
2010-10-02 16:14 . 2010-10-02 16:15 -------- d-----w- C:\rsit
2010-09-29 16:44 . 2010-09-29 16:44 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2010-09-29 16:44 . 2010-09-29 16:44 -------- d-----w- c:\program files\Cisco Systems
2010-09-29 11:49 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-29 11:49 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 01:19 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-24 02:11 . 2010-09-24 02:11 -------- d-----w- c:\programdata\vsosdk
2010-09-23 19:18 . 2010-09-24 07:20 -------- d-----w- c:\users\Vojta\AppData\Roaming\Vso
2010-09-23 19:16 . 2010-02-09 14:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-09-23 19:16 . 2010-02-09 14:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-09-23 19:16 . 2010-02-09 14:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-09-23 19:16 . 2010-02-09 14:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-09-23 19:16 . 2010-02-09 14:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-09-23 19:16 . 2010-02-09 14:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-09-23 19:16 . 2010-02-09 14:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-09-23 19:16 . 2010-09-23 19:16 -------- d-----w- c:\program files\VSO
2010-09-19 19:41 . 2010-09-19 19:41 -------- d-----w- c:\program files\Team17
2010-09-19 08:22 . 2009-08-19 21:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-09-19 08:15 . 2010-09-19 08:15 -------- d-----w- c:\users\Vojta\AppData\Local\assembly
2010-09-17 06:20 . 2010-09-17 06:20 -------- d-----w- c:\users\Vojta\AppData\Local\PreEmptive Solutions
2010-09-16 21:16 . 2010-09-16 21:16 2448192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1029\ResourceCache.dll
2010-09-16 21:08 . 2010-09-16 21:08 -------- d-----w- c:\windows\system32\1029
2010-09-16 20:58 . 2010-09-16 20:58 -------- d-----w- c:\temp\Visual Studio 2010 Professional Language Pack (x86) - (Czech)
2010-09-16 20:26 . 2010-09-16 20:26 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-09-16 20:14 . 2010-09-16 20:14 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-09-16 20:14 . 2010-09-16 20:14 -------- d-----w- c:\program files\IIS
2010-09-16 20:12 . 2010-09-16 21:17 2476736 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-09-16 19:51 . 2010-09-16 19:51 -------- d-----w- c:\windows\symbols
2010-09-16 19:51 . 2010-09-16 19:59 -------- d-----w- c:\program files\Microsoft F#
2010-09-16 19:51 . 2010-09-16 19:54 -------- d-----w- c:\program files\HTML Help Workshop
2010-09-16 19:51 . 2010-09-16 20:31 -------- d-----w- c:\program files\Microsoft SDKs
2010-09-16 19:51 . 2010-09-16 19:58 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-09-16 19:27 . 2010-09-16 19:27 -------- d-----w- c:\temp\Visual Studio 2010 Ultimate (x86) - DVD (English)
2010-09-15 16:24 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 20:58 . 2009-08-19 21:50 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-09-14 20:28 . 2010-09-14 20:28 -------- d-----w- c:\programdata\FLEXnet
2010-09-14 20:23 . 2010-09-14 20:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-14 13:52 . 2010-09-14 13:52 0 ----a-w- c:\windows\nsreg.dat
2010-09-14 13:52 . 2010-09-14 13:52 -------- d-----w- c:\users\Vojta\AppData\Local\Mozilla
2010-09-08 21:31 . 2010-09-08 21:31 -------- d-----w- c:\program files\Synaptics
2010-09-08 21:29 . 2009-08-07 07:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-09-08 21:29 . 2009-11-19 19:45 230448 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-09-08 21:29 . 2009-11-19 19:44 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-09-08 21:29 . 2009-11-19 19:44 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-09-08 21:28 . 2009-11-19 19:44 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2010-09-08 21:28 . 2009-11-19 19:44 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-09-07 21:56 . 2010-09-09 11:34 -------- d-----w- c:\program files\Portal

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 17:51 . 2010-07-24 12:53 -------- d-----w- c:\users\Vojta\AppData\Roaming\Skype
2010-10-03 17:50 . 2010-08-29 21:55 -------- d-----w- c:\users\Vojta\AppData\Roaming\ICQ
2010-10-03 17:24 . 2009-07-14 08:44 3707132 ----a-w- c:\windows\system32\perfh005.dat
2010-10-03 17:24 . 2009-07-14 08:44 1199318 ----a-w- c:\windows\system32\perfc005.dat
2010-10-03 14:06 . 2010-07-24 12:54 -------- d-----w- c:\users\Vojta\AppData\Roaming\skypePM
2010-10-03 00:23 . 2010-07-24 10:04 -------- d-----w- c:\program files\JDownloader
2010-09-29 15:53 . 2010-08-23 18:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 11:47 . 2010-07-25 09:29 -------- d-----w- c:\users\Vojta\AppData\Roaming\uTorrent
2010-09-29 10:37 . 2010-07-24 20:55 -------- d-----w- c:\program files\PowerArchiver
2010-09-22 21:04 . 2010-07-25 08:00 -------- d-----w- c:\users\Vojta\AppData\Roaming\vlc
2010-09-19 19:38 . 2010-07-26 17:22 -------- d-----w- c:\program files\Opera
2010-09-19 11:32 . 2010-08-18 11:03 -------- d-----w- c:\users\Vojta\AppData\Roaming\Nero
2010-09-19 10:54 . 2010-08-18 10:50 -------- d-----w- c:\program files\Common Files\Nero
2010-09-19 10:53 . 2010-08-18 10:50 -------- d-----w- c:\program files\Nero
2010-09-19 10:35 . 2010-08-18 10:51 -------- d-----w- c:\programdata\Nero
2010-09-16 21:08 . 2010-08-23 18:31 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-09-16 20:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-09-16 19:43 . 2010-08-23 18:47 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-09-15 19:26 . 2010-07-24 10:25 -------- d-----w- c:\programdata\Microsoft Help
2010-09-14 21:04 . 2010-07-23 20:00 110760 ----a-w- c:\users\Vojta\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-14 20:23 . 2010-07-26 13:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-08 20:33 . 2010-07-23 19:39 -------- d-----w- c:\programdata\NVIDIA
2010-09-08 20:33 . 2010-07-24 08:47 -------- d-----w- c:\program files\EeePC
2010-09-08 17:18 . 2010-09-01 22:08 -------- d-----w- c:\program files\Sony
2010-09-08 17:14 . 2010-07-24 08:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-08 00:19 . 2010-09-08 00:19 75 ----a-w- c:\programdata\nvUnsupRes.dat
2010-09-01 22:09 . 2010-09-01 22:07 -------- d-----w- c:\users\Vojta\AppData\Roaming\Sony
2010-09-01 22:09 . 2010-09-01 22:09 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-09-01 22:08 . 2010-09-01 22:08 10134 ----a-r- c:\users\Vojta\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-09-01 22:08 . 2010-09-01 22:08 -------- d-----w- c:\programdata\Sony Corporation
2010-09-01 22:07 . 2010-09-01 22:07 -------- d-----w- c:\program files\Sony Media Go Install
2010-09-01 08:32 . 2010-09-01 08:32 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-31 18:31 . 2010-08-31 18:31 -------- d-----w- c:\programdata\CanonIJPLM
2010-08-31 18:31 . 2010-08-31 18:22 -------- d-----w- c:\program files\Canon
2010-08-31 18:29 . 2010-08-31 18:29 -------- d-----w- c:\programdata\InstallShield
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\users\Vojta\AppData\Roaming\ScanSoft
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\programdata\ScanSoft
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-08-31 18:28 . 2010-07-24 08:24 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\program files\ScanSoft
2010-08-31 18:26 . 2010-08-31 18:26 -------- d-----w- c:\program files\Common Files\CANON
2010-08-31 18:23 . 2010-08-31 18:23 -------- d--h--w- c:\program files\CanonBJ
2010-08-31 17:03 . 2010-07-23 19:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-31 17:00 . 2010-08-31 17:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-31 16:33 . 2010-08-31 16:33 -------- d-----w- c:\program files\2K Games
2010-08-30 12:11 . 2010-07-25 09:29 -------- d-----w- c:\program files\uTorrent
2010-08-29 21:59 . 2010-08-29 21:54 -------- d-----w- c:\program files\ICQ7.2
2010-08-24 19:45 . 2010-08-24 19:45 -------- d-----w- c:\users\Vojta\AppData\Roaming\Apple Computer
2010-08-24 19:43 . 2010-08-24 19:42 -------- d-----w- c:\program files\QuickTime
2010-08-24 19:42 . 2010-08-24 19:42 -------- d-----w- c:\programdata\Apple Computer
2010-08-24 19:41 . 2010-08-24 19:41 -------- d-----w- c:\program files\Common Files\Apple
2010-08-24 19:40 . 2010-08-24 19:40 -------- d-----w- c:\program files\Apple Software Update
2010-08-24 19:40 . 2010-08-24 19:40 -------- d-----w- c:\programdata\Apple
2010-08-23 19:05 . 2010-07-26 13:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-23 19:05 . 2010-08-23 19:48 53632 ----a-w- c:\users\Vojta\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-23 19:05 . 2010-07-26 13:17 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-23 18:53 . 2010-08-23 18:40 -------- d-----w- c:\program files\Microsoft SQL Server
2010-08-23 18:45 . 2010-07-24 10:37 -------- d-----w- c:\program files\Microsoft.NET
2010-08-23 18:35 . 2010-08-23 18:35 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-08-23 18:31 . 2010-08-23 18:31 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-08-22 02:23 . 2010-08-22 02:23 -------- d-----w- c:\users\Vojta\AppData\Roaming\dvdcss
2010-08-22 02:08 . 2010-08-22 02:08 -------- d-----w- c:\program files\NeoSmart Technologies
2010-08-17 10:16 . 2010-07-25 07:38 -------- d-----w- c:\users\Vojta\AppData\Roaming\ArcSoft
2010-08-16 19:57 . 2010-08-16 19:57 -------- d-----w- c:\program files\CCleaner
2010-08-16 04:14 . 2010-07-25 07:22 -------- d-----w- c:\users\Vojta\AppData\Roaming\BSplayer
2010-08-09 06:04 . 2010-08-09 06:04 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 06:04 . 2010-07-24 10:05 -------- d-----w- c:\program files\Java
2010-08-07 16:01 . 2010-08-07 16:01 -------- d-----w- c:\program files\Ekahau
2010-08-06 21:39 . 2010-08-06 21:19 -------- d-----w- c:\program files\IDOS
2010-08-06 21:19 . 2010-08-06 21:19 -------- d-----w- c:\users\Vojta\AppData\Roaming\IDOS
2010-08-06 21:18 . 2010-08-06 21:19 709288 ----a-w- c:\users\Vojta\AppData\Roaming\IDOS\unins000.exe
2010-08-06 20:18 . 2010-08-06 20:12 -------- d-----w- c:\program files\Google
2010-07-29 06:30 . 2010-08-12 19:54 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 19:54 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-25 21:03 . 2010-07-25 21:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-24 12:54 . 2010-07-24 12:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-24 08:56 . 2009-07-20 15:29 13880 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2010-07-24 08:53 . 2010-07-24 08:54 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys
2010-07-24 08:13 . 2010-07-24 08:25 3026592 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-07-24 08:13 . 2010-07-24 08:25 1733152 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-07-24 08:13 . 2010-07-24 08:25 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-07-24 08:13 . 2010-07-24 08:25 371232 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-07-17 03:00 . 2010-07-24 10:06 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 19:35 . 2010-07-24 10:58 266714 ----a-w- c:\windows\KMSAct.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-06-24 00:17 782568 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-29 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-24 8522272]
"HotkeyMon"="AsusSender.exe" [2010-03-02 29184]
"HotkeyService"="AsusSender.exe" [2010-03-02 29184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-9-29 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKLM\~\startupfolder\C:^Users^Vojta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader.lnk]
path=c:\users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk
backup=c:\windows\pss\JDownloader.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-23 20:00 136176 ----atw- c:\users\Vojta\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 08:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-27 17:03 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-25 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-07-24 11448]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [2009-04-07 15360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-10-03 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-10-02 13:10]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 20:12]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 20:12]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839975588-80871129-3701757641-1000Core.job
- c:\users\Vojta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 20:00]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839975588-80871129-3701757641-1000UA.job
- c:\users\Vojta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 20:00]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Prevést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\rrec810i.default\
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Vojta\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-10-03 19:59:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-03 17:59

Před spuštěním: Volných bajtů: 38 075 834 368
Po spuštění: Volných bajtů: 37 860 249 600

- - End Of File - - 6F2C950DD337E6F53B343670B98FD4CA

Stáhněte přiložený soubor a rozbalte jej do c:\users\Vojta\Downloads. ComboFix Přesunte na plochu. Otevřte poznámkový blok a zkopírujte do něj:

FCopy::
c:\users\Vojta\downloads\userinit.exe | c:\windows\system32\userinit.exe

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pustte. CF se spustí a vykoná příkaz ze skriptu.

ComboFix 10-10-02.02 - Vojta 03.10.2010 21:14:54.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2047.963 [GMT 2:00]
Spuštěný z: c:\users\Vojta\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vojta\Desktop\CFScript.txt
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-03 19:33 . 2010-10-03 19:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-03 19:33 . 2010-10-03 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-03 17:46 . 2010-10-03 19:33 -------- d-----w- c:\users\Vojta\AppData\Local\temp
2010-10-03 08:21 . 2010-10-03 08:21 -------- d-----w- c:\users\Vojta\AppData\Roaming\Malwarebytes
2010-10-03 08:21 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 08:21 . 2010-10-03 08:21 -------- d-----w- c:\programdata\Malwarebytes
2010-10-03 08:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 08:20 . 2010-10-03 08:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 16:32 . 2010-10-02 16:32 -------- d-----w- c:\users\Vojta\AppData\Roaming\IObit
2010-10-02 16:32 . 2010-10-02 16:32 -------- d-----w- c:\program files\IObit
2010-10-02 16:14 . 2010-10-02 16:15 -------- d-----w- c:\program files\trend micro
2010-10-02 16:14 . 2010-10-02 16:15 -------- d-----w- C:\rsit
2010-09-29 16:44 . 2010-09-29 16:44 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2010-09-29 16:44 . 2010-09-29 16:44 -------- d-----w- c:\program files\Cisco Systems
2010-09-29 11:49 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-29 11:49 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 01:19 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-24 02:11 . 2010-09-24 02:11 -------- d-----w- c:\programdata\vsosdk
2010-09-23 19:18 . 2010-09-24 07:20 -------- d-----w- c:\users\Vojta\AppData\Roaming\Vso
2010-09-23 19:16 . 2010-02-09 14:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-09-23 19:16 . 2010-02-09 14:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-09-23 19:16 . 2010-02-09 14:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-09-23 19:16 . 2010-02-09 14:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-09-23 19:16 . 2010-02-09 14:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-09-23 19:16 . 2010-02-09 14:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-09-23 19:16 . 2010-02-09 14:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-09-23 19:16 . 2010-09-23 19:16 -------- d-----w- c:\program files\VSO
2010-09-19 19:41 . 2010-09-19 19:41 -------- d-----w- c:\program files\Team17
2010-09-19 08:22 . 2009-08-19 21:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-09-19 08:15 . 2010-09-19 08:15 -------- d-----w- c:\users\Vojta\AppData\Local\assembly
2010-09-17 06:20 . 2010-09-17 06:20 -------- d-----w- c:\users\Vojta\AppData\Local\PreEmptive Solutions
2010-09-16 21:16 . 2010-09-16 21:16 2448192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1029\ResourceCache.dll
2010-09-16 21:08 . 2010-09-16 21:08 -------- d-----w- c:\windows\system32\1029
2010-09-16 20:58 . 2010-09-16 20:58 -------- d-----w- c:\temp\Visual Studio 2010 Professional Language Pack (x86) - (Czech)
2010-09-16 20:26 . 2010-09-16 20:26 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-09-16 20:14 . 2010-09-16 20:14 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-09-16 20:14 . 2010-09-16 20:14 -------- d-----w- c:\program files\IIS
2010-09-16 20:12 . 2010-09-16 21:17 2476736 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-09-16 19:51 . 2010-09-16 19:51 -------- d-----w- c:\windows\symbols
2010-09-16 19:51 . 2010-09-16 19:59 -------- d-----w- c:\program files\Microsoft F#
2010-09-16 19:51 . 2010-09-16 19:54 -------- d-----w- c:\program files\HTML Help Workshop
2010-09-16 19:51 . 2010-09-16 20:31 -------- d-----w- c:\program files\Microsoft SDKs
2010-09-16 19:51 . 2010-09-16 19:58 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-09-16 19:27 . 2010-09-16 19:27 -------- d-----w- c:\temp\Visual Studio 2010 Ultimate (x86) - DVD (English)
2010-09-15 16:24 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 20:58 . 2009-08-19 21:50 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-09-14 20:28 . 2010-09-14 20:28 -------- d-----w- c:\programdata\FLEXnet
2010-09-14 20:23 . 2010-09-14 20:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-14 13:52 . 2010-09-14 13:52 0 ----a-w- c:\windows\nsreg.dat
2010-09-14 13:52 . 2010-09-14 13:52 -------- d-----w- c:\users\Vojta\AppData\Local\Mozilla
2010-09-08 21:31 . 2010-09-08 21:31 -------- d-----w- c:\program files\Synaptics
2010-09-08 21:29 . 2009-08-07 07:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-09-08 21:29 . 2009-11-19 19:45 230448 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-09-08 21:29 . 2009-11-19 19:44 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-09-08 21:29 . 2009-11-19 19:44 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-09-08 21:28 . 2009-11-19 19:44 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2010-09-08 21:28 . 2009-11-19 19:44 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-09-07 21:56 . 2010-09-09 11:34 -------- d-----w- c:\program files\Portal

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 19:34 . 2010-07-24 12:53 -------- d-----w- c:\users\Vojta\AppData\Roaming\Skype
2010-10-03 19:03 . 2009-07-14 08:44 3744962 ----a-w- c:\windows\system32\perfh005.dat
2010-10-03 19:03 . 2009-07-14 08:44 1212506 ----a-w- c:\windows\system32\perfc005.dat
2010-10-03 17:50 . 2010-08-29 21:55 -------- d-----w- c:\users\Vojta\AppData\Roaming\ICQ
2010-10-03 14:06 . 2010-07-24 12:54 -------- d-----w- c:\users\Vojta\AppData\Roaming\skypePM
2010-10-03 00:23 . 2010-07-24 10:04 -------- d-----w- c:\program files\JDownloader
2010-09-29 15:53 . 2010-08-23 18:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 11:47 . 2010-07-25 09:29 -------- d-----w- c:\users\Vojta\AppData\Roaming\uTorrent
2010-09-29 10:37 . 2010-07-24 20:55 -------- d-----w- c:\program files\PowerArchiver
2010-09-22 21:04 . 2010-07-25 08:00 -------- d-----w- c:\users\Vojta\AppData\Roaming\vlc
2010-09-19 19:38 . 2010-07-26 17:22 -------- d-----w- c:\program files\Opera
2010-09-19 11:32 . 2010-08-18 11:03 -------- d-----w- c:\users\Vojta\AppData\Roaming\Nero
2010-09-19 10:54 . 2010-08-18 10:50 -------- d-----w- c:\program files\Common Files\Nero
2010-09-19 10:53 . 2010-08-18 10:50 -------- d-----w- c:\program files\Nero
2010-09-19 10:35 . 2010-08-18 10:51 -------- d-----w- c:\programdata\Nero
2010-09-16 21:08 . 2010-08-23 18:31 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-09-16 20:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-09-16 19:43 . 2010-08-23 18:47 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-09-15 19:26 . 2010-07-24 10:25 -------- d-----w- c:\programdata\Microsoft Help
2010-09-14 21:04 . 2010-07-23 20:00 110760 ----a-w- c:\users\Vojta\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-14 20:23 . 2010-07-26 13:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-08 20:33 . 2010-07-23 19:39 -------- d-----w- c:\programdata\NVIDIA
2010-09-08 20:33 . 2010-07-24 08:47 -------- d-----w- c:\program files\EeePC
2010-09-08 17:18 . 2010-09-01 22:08 -------- d-----w- c:\program files\Sony
2010-09-08 17:14 . 2010-07-24 08:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-08 00:19 . 2010-09-08 00:19 75 ----a-w- c:\programdata\nvUnsupRes.dat
2010-09-01 22:09 . 2010-09-01 22:07 -------- d-----w- c:\users\Vojta\AppData\Roaming\Sony
2010-09-01 22:09 . 2010-09-01 22:09 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-09-01 22:08 . 2010-09-01 22:08 10134 ----a-r- c:\users\Vojta\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-09-01 22:08 . 2010-09-01 22:08 -------- d-----w- c:\programdata\Sony Corporation
2010-09-01 22:07 . 2010-09-01 22:07 -------- d-----w- c:\program files\Sony Media Go Install
2010-09-01 08:32 . 2010-09-01 08:32 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-31 18:31 . 2010-08-31 18:31 -------- d-----w- c:\programdata\CanonIJPLM
2010-08-31 18:31 . 2010-08-31 18:22 -------- d-----w- c:\program files\Canon
2010-08-31 18:29 . 2010-08-31 18:29 -------- d-----w- c:\programdata\InstallShield
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\users\Vojta\AppData\Roaming\ScanSoft
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\programdata\ScanSoft
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-08-31 18:28 . 2010-07-24 08:24 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\program files\ScanSoft
2010-08-31 18:26 . 2010-08-31 18:26 -------- d-----w- c:\program files\Common Files\CANON
2010-08-31 18:23 . 2010-08-31 18:23 -------- d--h--w- c:\program files\CanonBJ
2010-08-31 17:03 . 2010-07-23 19:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-31 17:00 . 2010-08-31 17:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-31 16:33 . 2010-08-31 16:33 -------- d-----w- c:\program files\2K Games
2010-08-30 12:11 . 2010-07-25 09:29 -------- d-----w- c:\program files\uTorrent
2010-08-29 21:59 . 2010-08-29 21:54 -------- d-----w- c:\program files\ICQ7.2
2010-08-24 19:45 . 2010-08-24 19:45 -------- d-----w- c:\users\Vojta\AppData\Roaming\Apple Computer
2010-08-24 19:43 . 2010-08-24 19:42 -------- d-----w- c:\program files\QuickTime
2010-08-24 19:42 . 2010-08-24 19:42 -------- d-----w- c:\programdata\Apple Computer
2010-08-24 19:41 . 2010-08-24 19:41 -------- d-----w- c:\program files\Common Files\Apple
2010-08-24 19:40 . 2010-08-24 19:40 -------- d-----w- c:\program files\Apple Software Update
2010-08-24 19:40 . 2010-08-24 19:40 -------- d-----w- c:\programdata\Apple
2010-08-23 19:05 . 2010-07-26 13:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-23 19:05 . 2010-08-23 19:48 53632 ----a-w- c:\users\Vojta\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-23 19:05 . 2010-07-26 13:17 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-23 18:53 . 2010-08-23 18:40 -------- d-----w- c:\program files\Microsoft SQL Server
2010-08-23 18:45 . 2010-07-24 10:37 -------- d-----w- c:\program files\Microsoft.NET
2010-08-23 18:35 . 2010-08-23 18:35 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-08-23 18:31 . 2010-08-23 18:31 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-08-22 02:23 . 2010-08-22 02:23 -------- d-----w- c:\users\Vojta\AppData\Roaming\dvdcss
2010-08-22 02:08 . 2010-08-22 02:08 -------- d-----w- c:\program files\NeoSmart Technologies
2010-08-17 10:16 . 2010-07-25 07:38 -------- d-----w- c:\users\Vojta\AppData\Roaming\ArcSoft
2010-08-16 19:57 . 2010-08-16 19:57 -------- d-----w- c:\program files\CCleaner
2010-08-16 04:14 . 2010-07-25 07:22 -------- d-----w- c:\users\Vojta\AppData\Roaming\BSplayer
2010-08-09 06:04 . 2010-08-09 06:04 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 06:04 . 2010-07-24 10:05 -------- d-----w- c:\program files\Java
2010-08-07 16:01 . 2010-08-07 16:01 -------- d-----w- c:\program files\Ekahau
2010-08-06 21:39 . 2010-08-06 21:19 -------- d-----w- c:\program files\IDOS
2010-08-06 21:19 . 2010-08-06 21:19 -------- d-----w- c:\users\Vojta\AppData\Roaming\IDOS
2010-08-06 21:18 . 2010-08-06 21:19 709288 ----a-w- c:\users\Vojta\AppData\Roaming\IDOS\unins000.exe
2010-08-06 20:18 . 2010-08-06 20:12 -------- d-----w- c:\program files\Google
2010-07-29 06:30 . 2010-08-12 19:54 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 19:54 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-25 21:03 . 2010-07-25 21:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-24 12:54 . 2010-07-24 12:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-24 08:56 . 2009-07-20 15:29 13880 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2010-07-24 08:53 . 2010-07-24 08:54 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys
2010-07-24 08:13 . 2010-07-24 08:25 3026592 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-07-24 08:13 . 2010-07-24 08:25 1733152 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-07-24 08:13 . 2010-07-24 08:25 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-07-24 08:13 . 2010-07-24 08:25 371232 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-07-17 03:00 . 2010-07-24 10:06 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 19:35 . 2010-07-24 10:58 266714 ----a-w- c:\windows\KMSAct.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-06-24 00:17 782568 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-29 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-24 8522272]
"HotkeyMon"="AsusSender.exe" [2010-03-02 29184]
"HotkeyService"="AsusSender.exe" [2010-03-02 29184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-9-29 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKLM\~\startupfolder\C:^Users^Vojta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader.lnk]
path=c:\users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk
backup=c:\windows\pss\JDownloader.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-23 20:00 136176 ----atw- c:\users\Vojta\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 08:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-27 17:03 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-25 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-07-24 11448]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [2009-04-07 15360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-10-03 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-10-02 13:10]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 20:12]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 20:12]

2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839975588-80871129-3701757641-1000Core.job
- c:\users\Vojta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 20:00]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839975588-80871129-3701757641-1000UA.job
- c:\users\Vojta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 20:00]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Prevést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\rrec810i.default\
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Vojta\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-10-03 21:41:33
ComboFix-quarantined-files.txt 2010-10-03 19:41
ComboFix2.txt 2010-10-03 17:59

Před spuštěním: Volných bajtů: 37 953 212 416
Po spuštění: Volných bajtů: 37 899 444 224

- - End Of File - - 5BF61EACA3C55CF1BAE42EB3667845F7

Tento soubor: c:\windows\KMSAct.exe otestujte online na www.virustotal.com . Výsledek oznamte.

Antivirus Version Last update Result
AhnLab-V3 2010.10.03.01 2010.10.03 Trojan/Win32.ADH
AntiVir 7.10.12.112 2010.10.03 SPR/Tool.Keygen.BG
Antiy-AVL 2.0.3.7 2010.10.03 -
Authentium 5.2.0.5 2010.10.03 W32/HackTool.DOI
Avast 4.8.1351.0 2010.10.03 -
Avast5 5.0.594.0 2010.10.03 Win32:PUP-gen
AVG 9.0.0.851 2010.10.03 Crack.CO
BitDefender 7.2 2010.10.03 Dropped:Application.Keygen.BI
CAT-QuickHeal 11.00 2010.10.01 HackTool.Keygen (Not a Virus)
ClamAV 0.96.2.0-git 2010.10.03 -
Comodo 6276 2010.10.03 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.10.03 -
Emsisoft 5.0.0.50 2010.10.03 Riskware.Keygen.Windows7!IK
eSafe 7.0.17.0 2010.10.03 Win32.SPRTool.Keygen
eTrust-Vet 36.1.7889 2010.10.02 Win32/ASuspect.HHEUH
F-Prot 4.6.2.117 2010.10.03 W32/HackTool.DOI
F-Secure 9.0.15370.0 2010.10.03 Application.Keygen.BI
Fortinet 4.1.143.0 2010.10.03 W32/Dx.TBE!tr
GData 21 2010.10.03 Dropped:Application.Keygen.BI
Ikarus T3.1.1.90.0 2010.10.03 not-a-virus.Keygen.Windows7
Jiangmin 13.0.900 2010.10.03 -
K7AntiVirus 9.63.2662 2010.10.02 Hacktool
Kaspersky 7.0.0.125 2010.10.03 -
McAfee 5.400.0.1158 2010.10.03 Generic.dx!tbe
McAfee-GW-Edition 2010.1C 2010.10.03 Generic.dx!tbe
Microsoft 1.6201 2010.10.03 HackTool:Win32/Keygen
NOD32 5500 2010.10.03 -
Norman 6.06.07 2010.10.03 Suspicious_Gen2.BFPYV
nProtect 2010-10-03.01 2010.10.03 Dropped:Application.Keygen.BI
Panda 10.0.2.7 2010.10.03 Trj/CI.A
PCTools 7.0.3.5 2010.10.02 Trojan.ADH
Prevx 3.0 2010.10.03 Medium Risk Malware
Rising 22.67.02.07 2010.09.30 -
Sophos 4.58.0 2010.10.03 Troj/Keygen-DX
Sunbelt 6973 2010.10.03 HackTool.Win32.Keygen
SUPERAntiSpyware 4.40.0.1006 2010.10.03 -
Symantec 20101.2.0.161 2010.10.03 Trojan.ADH
TheHacker 6.7.0.1.047 2010.10.03 -
TrendMicro 9.120.0.1004 2010.10.03 CRCK_KEYGEN
TrendMicro-HouseCall 9.120.0.1004 2010.10.03 CRCK_KEYGEN
VBA32 3.12.14.1 2010.10.01 -
ViRobot 2010.8.31.4017 2010.10.03 -
VirusBuster 12.66.12.0 2010.10.03 HackTool.Keygen.CJ
MD5: b04accbeb00ae7ec424c45a9277be90f
SHA1: d5ff036afc9b85db62da58ed25c0c061a2108099
SHA256: dfb48902b8e6950f7dcbfc0d4327ceeb22d7e32c4b11bde4f82196fbec3e6e49
File size: 266714 bytes
Scan date: 2010-10-03 21:06:02 (UTC)

Znovu spustte CF se skriptem:

Collect::
c:\windows\KMSAct.exe

ComboFix 10-10-02.02 - Vojta 04.10.2010 18:05:56.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2047.1044 [GMT 2:00]
Spuštěný z: c:\users\Vojta\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vojta\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý


file zipped: c:\windows\KMSAct.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Možné infikované stránky -----

hxxp://download.windowsupdate.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-04 do 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-04 16:30 . 2010-10-04 16:31 -------- d-----w- c:\users\Vojta\AppData\Local\temp
2010-10-04 16:30 . 2010-10-04 16:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-04 16:30 . 2010-10-04 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-03 08:21 . 2010-10-03 08:21 -------- d-----w- c:\users\Vojta\AppData\Roaming\Malwarebytes
2010-10-03 08:21 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 08:21 . 2010-10-03 08:21 -------- d-----w- c:\programdata\Malwarebytes
2010-10-03 08:20 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 08:20 . 2010-10-03 08:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 16:32 . 2010-10-02 16:32 -------- d-----w- c:\users\Vojta\AppData\Roaming\IObit
2010-10-02 16:32 . 2010-10-02 16:32 -------- d-----w- c:\program files\IObit
2010-10-02 16:14 . 2010-10-02 16:15 -------- d-----w- c:\program files\trend micro
2010-10-02 16:14 . 2010-10-02 16:15 -------- d-----w- C:\rsit
2010-09-29 16:44 . 2010-09-29 16:44 -------- d-----w- c:\program files\Common Files\Deterministic Networks
2010-09-29 16:44 . 2010-09-29 16:44 -------- d-----w- c:\program files\Cisco Systems
2010-09-29 11:49 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-29 11:49 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 01:19 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-24 02:11 . 2010-09-24 02:11 -------- d-----w- c:\programdata\vsosdk
2010-09-23 19:18 . 2010-09-24 07:20 -------- d-----w- c:\users\Vojta\AppData\Roaming\Vso
2010-09-23 19:16 . 2010-02-09 14:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-09-23 19:16 . 2010-02-09 14:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-09-23 19:16 . 2010-02-09 14:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-09-23 19:16 . 2010-02-09 14:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-09-23 19:16 . 2010-02-09 14:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-09-23 19:16 . 2010-02-09 14:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-09-23 19:16 . 2010-02-09 14:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-09-23 19:16 . 2010-09-23 19:16 -------- d-----w- c:\program files\VSO
2010-09-19 19:41 . 2010-09-19 19:41 -------- d-----w- c:\program files\Team17
2010-09-19 08:22 . 2009-08-19 21:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-09-19 08:15 . 2010-09-19 08:15 -------- d-----w- c:\users\Vojta\AppData\Local\assembly
2010-09-17 06:20 . 2010-09-17 06:20 -------- d-----w- c:\users\Vojta\AppData\Local\PreEmptive Solutions
2010-09-16 21:16 . 2010-09-16 21:16 2448192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1029\ResourceCache.dll
2010-09-16 21:08 . 2010-09-16 21:08 -------- d-----w- c:\windows\system32\1029
2010-09-16 20:58 . 2010-09-16 20:58 -------- d-----w- c:\temp\Visual Studio 2010 Professional Language Pack (x86) - (Czech)
2010-09-16 20:26 . 2010-09-16 20:26 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-09-16 20:14 . 2010-09-16 20:14 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-09-16 20:14 . 2010-09-16 20:14 -------- d-----w- c:\program files\IIS
2010-09-16 20:12 . 2010-09-16 21:17 2476736 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-09-16 19:51 . 2010-09-16 19:51 -------- d-----w- c:\windows\symbols
2010-09-16 19:51 . 2010-09-16 19:59 -------- d-----w- c:\program files\Microsoft F#
2010-09-16 19:51 . 2010-09-16 19:54 -------- d-----w- c:\program files\HTML Help Workshop
2010-09-16 19:51 . 2010-09-16 20:31 -------- d-----w- c:\program files\Microsoft SDKs
2010-09-16 19:51 . 2010-09-16 19:58 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-09-16 19:27 . 2010-09-16 19:27 -------- d-----w- c:\temp\Visual Studio 2010 Ultimate (x86) - DVD (English)
2010-09-15 16:24 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 20:58 . 2009-08-19 21:50 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-09-14 20:28 . 2010-09-14 20:28 -------- d-----w- c:\programdata\FLEXnet
2010-09-14 20:23 . 2010-09-14 20:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-09-14 13:52 . 2010-09-14 13:52 0 ----a-w- c:\windows\nsreg.dat
2010-09-14 13:52 . 2010-09-14 13:52 -------- d-----w- c:\users\Vojta\AppData\Local\Mozilla
2010-09-08 21:31 . 2010-09-08 21:31 -------- d-----w- c:\program files\Synaptics
2010-09-08 21:29 . 2009-08-07 07:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-09-08 21:29 . 2009-11-19 19:45 230448 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-09-08 21:29 . 2009-11-19 19:44 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-09-08 21:29 . 2009-11-19 19:44 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-09-08 21:28 . 2009-11-19 19:44 206120 ----a-w- c:\windows\system32\SynCtrl.dll
2010-09-08 21:28 . 2009-11-19 19:44 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-09-07 21:56 . 2010-09-09 11:34 -------- d-----w- c:\program files\Portal

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 16:19 . 2010-07-25 08:00 -------- d-----w- c:\users\Vojta\AppData\Roaming\vlc
2010-10-04 16:13 . 2009-07-14 08:44 3833232 ----a-w- c:\windows\system32\perfh005.dat
2010-10-04 16:13 . 2009-07-14 08:44 1243278 ----a-w- c:\windows\system32\perfc005.dat
2010-10-04 16:05 . 2010-07-24 10:58 266714 ----a-w- c:\windows\KMSAct.exe
2010-10-04 16:04 . 2010-07-24 12:53 -------- d-----w- c:\users\Vojta\AppData\Roaming\Skype
2010-10-04 16:04 . 2010-08-29 21:55 -------- d-----w- c:\users\Vojta\AppData\Roaming\ICQ
2010-10-04 15:44 . 2010-07-24 12:54 -------- d-----w- c:\users\Vojta\AppData\Roaming\skypePM
2010-10-04 10:45 . 2010-07-24 20:55 -------- d-----w- c:\program files\PowerArchiver
2010-10-03 20:19 . 2010-08-06 20:12 -------- d-----w- c:\program files\Google
2010-10-03 00:23 . 2010-07-24 10:04 -------- d-----w- c:\program files\JDownloader
2010-09-29 15:53 . 2010-08-23 18:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 11:47 . 2010-07-25 09:29 -------- d-----w- c:\users\Vojta\AppData\Roaming\uTorrent
2010-09-19 19:38 . 2010-07-26 17:22 -------- d-----w- c:\program files\Opera
2010-09-19 11:32 . 2010-08-18 11:03 -------- d-----w- c:\users\Vojta\AppData\Roaming\Nero
2010-09-19 10:54 . 2010-08-18 10:50 -------- d-----w- c:\program files\Common Files\Nero
2010-09-19 10:53 . 2010-08-18 10:50 -------- d-----w- c:\program files\Nero
2010-09-19 10:35 . 2010-08-18 10:51 -------- d-----w- c:\programdata\Nero
2010-09-16 21:08 . 2010-08-23 18:31 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-09-16 20:22 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-09-16 19:43 . 2010-08-23 18:47 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-09-15 19:26 . 2010-07-24 10:25 -------- d-----w- c:\programdata\Microsoft Help
2010-09-14 21:04 . 2010-07-23 20:00 110760 ----a-w- c:\users\Vojta\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-14 20:23 . 2010-07-26 13:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-08 20:33 . 2010-07-23 19:39 -------- d-----w- c:\programdata\NVIDIA
2010-09-08 20:33 . 2010-07-24 08:47 -------- d-----w- c:\program files\EeePC
2010-09-08 17:18 . 2010-09-01 22:08 -------- d-----w- c:\program files\Sony
2010-09-08 17:14 . 2010-07-24 08:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-08 00:19 . 2010-09-08 00:19 75 ----a-w- c:\programdata\nvUnsupRes.dat
2010-09-01 22:09 . 2010-09-01 22:07 -------- d-----w- c:\users\Vojta\AppData\Roaming\Sony
2010-09-01 22:09 . 2010-09-01 22:09 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-09-01 22:08 . 2010-09-01 22:08 10134 ----a-r- c:\users\Vojta\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-09-01 22:08 . 2010-09-01 22:08 -------- d-----w- c:\programdata\Sony Corporation
2010-09-01 22:07 . 2010-09-01 22:07 -------- d-----w- c:\program files\Sony Media Go Install
2010-09-01 08:32 . 2010-09-01 08:32 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-31 18:31 . 2010-08-31 18:31 -------- d-----w- c:\programdata\CanonIJPLM
2010-08-31 18:31 . 2010-08-31 18:22 -------- d-----w- c:\program files\Canon
2010-08-31 18:29 . 2010-08-31 18:29 -------- d-----w- c:\programdata\InstallShield
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\users\Vojta\AppData\Roaming\ScanSoft
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\programdata\ScanSoft
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-08-31 18:28 . 2010-07-24 08:24 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-31 18:28 . 2010-08-31 18:28 -------- d-----w- c:\program files\ScanSoft
2010-08-31 18:26 . 2010-08-31 18:26 -------- d-----w- c:\program files\Common Files\CANON
2010-08-31 18:23 . 2010-08-31 18:23 -------- d--h--w- c:\program files\CanonBJ
2010-08-31 17:03 . 2010-07-23 19:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-31 17:00 . 2010-08-31 17:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-31 16:33 . 2010-08-31 16:33 -------- d-----w- c:\program files\2K Games
2010-08-30 12:11 . 2010-07-25 09:29 -------- d-----w- c:\program files\uTorrent
2010-08-29 21:59 . 2010-08-29 21:54 -------- d-----w- c:\program files\ICQ7.2
2010-08-24 19:45 . 2010-08-24 19:45 -------- d-----w- c:\users\Vojta\AppData\Roaming\Apple Computer
2010-08-24 19:43 . 2010-08-24 19:42 -------- d-----w- c:\program files\QuickTime
2010-08-24 19:42 . 2010-08-24 19:42 -------- d-----w- c:\programdata\Apple Computer
2010-08-24 19:41 . 2010-08-24 19:41 -------- d-----w- c:\program files\Common Files\Apple
2010-08-24 19:40 . 2010-08-24 19:40 -------- d-----w- c:\program files\Apple Software Update
2010-08-24 19:40 . 2010-08-24 19:40 -------- d-----w- c:\programdata\Apple
2010-08-23 19:05 . 2010-07-26 13:17 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-23 19:05 . 2010-08-23 19:48 53632 ----a-w- c:\users\Vojta\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-23 19:05 . 2010-07-26 13:17 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-23 18:53 . 2010-08-23 18:40 -------- d-----w- c:\program files\Microsoft SQL Server
2010-08-23 18:45 . 2010-07-24 10:37 -------- d-----w- c:\program files\Microsoft.NET
2010-08-23 18:35 . 2010-08-23 18:35 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-08-23 18:31 . 2010-08-23 18:31 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-08-22 02:23 . 2010-08-22 02:23 -------- d-----w- c:\users\Vojta\AppData\Roaming\dvdcss
2010-08-22 02:08 . 2010-08-22 02:08 -------- d-----w- c:\program files\NeoSmart Technologies
2010-08-17 10:16 . 2010-07-25 07:38 -------- d-----w- c:\users\Vojta\AppData\Roaming\ArcSoft
2010-08-16 19:57 . 2010-08-16 19:57 -------- d-----w- c:\program files\CCleaner
2010-08-16 04:14 . 2010-07-25 07:22 -------- d-----w- c:\users\Vojta\AppData\Roaming\BSplayer
2010-08-09 06:04 . 2010-08-09 06:04 -------- d-----w- c:\program files\Common Files\Java
2010-08-09 06:04 . 2010-07-24 10:05 -------- d-----w- c:\program files\Java
2010-08-07 16:01 . 2010-08-07 16:01 -------- d-----w- c:\program files\Ekahau
2010-08-06 21:39 . 2010-08-06 21:19 -------- d-----w- c:\program files\IDOS
2010-08-06 21:19 . 2010-08-06 21:19 -------- d-----w- c:\users\Vojta\AppData\Roaming\IDOS
2010-08-06 21:18 . 2010-08-06 21:19 709288 ----a-w- c:\users\Vojta\AppData\Roaming\IDOS\unins000.exe
2010-07-29 06:30 . 2010-08-12 19:54 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 19:54 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-25 21:03 . 2010-07-25 21:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-24 12:54 . 2010-07-24 12:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-24 08:56 . 2009-07-20 15:29 13880 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2010-07-24 08:53 . 2010-07-24 08:54 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys
2010-07-24 08:13 . 2010-07-24 08:25 3026592 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-07-24 08:13 . 2010-07-24 08:25 1733152 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-07-24 08:13 . 2010-07-24 08:25 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-07-24 08:13 . 2010-07-24 08:25 371232 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-07-17 03:00 . 2010-07-24 10:06 423656 ----a-w- c:\windows\system32\deployJava1.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-06-24 00:17 782568 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-29 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-24 8522272]
"HotkeyMon"="AsusSender.exe" [2010-03-02 29184]
"HotkeyService"="AsusSender.exe" [2010-03-02 29184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-9-29 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKLM\~\startupfolder\C:^Users^Vojta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader.lnk]
path=c:\users\Vojta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk
backup=c:\windows\pss\JDownloader.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 20:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-23 20:00 136176 ----atw- c:\users\Vojta\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 08:52 1234216 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-09-27 17:03 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe

R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [x]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-08 48128]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-23 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-25 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-07-24 11448]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [2009-04-07 15360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-06-21 105576]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2010-10-04 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-10-02 13:10]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 20:12]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 20:12]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839975588-80871129-3701757641-1000Core.job
- c:\users\Vojta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 20:00]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1839975588-80871129-3701757641-1000UA.job
- c:\users\Vojta\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 20:00]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Prevést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Vojta\AppData\Roaming\Mozilla\Firefox\Profiles\rrec810i.default\
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Vojta\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\Wat\npWatWeb.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-10-04 18:39:56
ComboFix-quarantined-files.txt 2010-10-04 16:39
ComboFix2.txt 2010-10-03 19:41
ComboFix3.txt 2010-10-03 17:59

Před spuštěním: Volných bajtů: 38 524 059 648
Po spuštění: Volných bajtů: 39 225 917 440

- - End Of File - - 44999E0AE18BD93060564E2B4DA3FF29
Nahr nˇ probŘhlo ŁspŘçnŘ

Log již vypadá čistý. Nastala nějaká změna?

Ano , děkuji za váš čas a ochotu.

Ted mužu naplno pracovat jako dřív a hura na programování.

Nemáte zač!