explorer.exe cpu

[jarek26]

dobry den,
chcel by som pomoct v spravce uloh mi explorer.exe taha na 50% cpu,dal som si ho pre istotu scanovat cez virustotal ale nie je tam nic 0%.doteraz som to nemal,co moze byt za chybu,ja pouzivam mozillu ako prehliadac.
Dakujem

[Rudy]

Nejprve PC vyčistěte CCleanerm: http://www.viry.cz/forum/viewtopic.php?f=46&t=7478 . Pokud se stav nezmění, dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=105895 .

[jarek26]

posilam log z rsit

Logfile of random's system information tool 1.09 (written by random/random)
Run by okaynetbook at 2011-09-29 11:49:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (21%) free of 74 GB
Total RAM: 1015 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:40, on 29.9.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\NlsSrv32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\RTHDCPL.EXE
D:\programy\Microsoft Office 2007 CZ full\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\IDM.5.19.2\IDMan.exe
C:\Program Files\IDM.5.19.2\IEMonitor.exe
C:\Documents and Settings\okaynetbook\Plocha\RSIT.exe
C:\Program Files\trend micro\okaynetbook.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = DOOOSHA
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\IDM.5.19.2\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\programy\Microsoft Office 2007 CZ full\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: (no name) - {C9F97205-62A3-41F2-9F2C-D99392F882EB} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "D:\programy\Microsoft Office 2007 CZ full\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Zástupce - sndvol32.lnk = C:\WINDOWS\system32\sndvol32.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\IDM.5.19.2\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\IDM.5.19.2\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\IDM.5.19.2\IEGetAll.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\programy\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\programy\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\programy\Microsoft Office 2007 CZ full\Office12\GrooveSystemServices.dll
O18 - Protocol: x-cnote - {8D32BA61-D15B-11D4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - D:\programy\AWKasa\bin\mysqld-nt.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NlsSrv32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 11278 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\okaynetbook\Data aplikací\Mozilla\Firefox\Profiles\6jpdurms.default

prefs.js - "browser.startup.homepage" - "www.google.com"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, jqs@sun.com:1.0, mozilla_cc@internetdownloadmanager.com:6.9.7, translator@zoli.bod:2.1.0.1, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin]
"Description"=Fun Web Products Plugin
"Path"=C:\Program Files\FunWebProducts\Installr\2.bin\NPFunWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
FlashGet3.xpi

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\okaynetbook\Data aplikací\Mozilla\Firefox\Profiles\6jpdurms.default\extensions\
translator@zoli.bod
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files\IDM.5.19.2\IDMIECC.dll [2011-09-15 210352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\programy\Microsoft Office 2007 CZ full\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-29 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-08-12 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9F97205-62A3-41F2-9F2C-D99392F882EB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-08-29 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-08-09 20055144]
"GrooveMonitor"=D:\programy\Microsoft Office 2007 CZ full\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"=C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [2009-07-27 397312]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-06-02 1957888]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-06-19 39408]

C:\Documents and Settings\okaynetbook\Nabídka Start\Programy\Po spuštění
Zástupce - sndvol32.lnk - C:\WINDOWS\system32\sndvol32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\programy\Microsoft Office 2007 CZ full\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMBalloonTip"=0
"NoDriveAutoRun"=67108863
"NoInstrumentation"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"D:\programy\Microsoft Office 2007 CZ full\Office12\GROOVE.EXE"="D:\programy\Microsoft Office 2007 CZ full\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\Games\left_4_dead\left 4 dead\hl2.exe"="D:\Games\left_4_dead\left 4 dead\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\Iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.siren"=sirenacm.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.WMV3"=wmv9vcm.dll
"VIDC.DIVX"=divx.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"vidc.VP62"=vp6vfw.dll
"vidc.XVID"=xvidvfw.dll
"vidc.mjpg"=pvmjpg30.dll
"vidc.MPG4"=MPG4c32.dll
"vidc.MP42"=MPG4c32.dll
"vidc.MP43"=MPG4c32.dll
"msacm.divxa32"=msaud32_divx.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-09-29 11:49:20 ----D---- C:\rsit
2011-09-22 20:46:37 ----D---- C:\Program Files\upnito.sk manager
2011-09-17 00:15:47 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\AutoHideIP
2011-09-17 00:15:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\AutoHideIP
2011-09-15 23:07:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2616676$
2011-09-15 22:57:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2011-09-15 17:12:49 ----A---- C:\WINDOWS\system32\drivers\idmtdi.sys
2011-09-10 18:02:57 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\Sahmon Games
2011-09-10 17:14:15 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\Meridian93
2011-09-10 16:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2492386$
2011-09-10 16:43:21 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2011-09-10 16:43:20 ----D---- C:\WINDOWS\system32\winrm
2011-09-10 16:43:20 ----D---- C:\WINDOWS\system32\GroupPolicy
2011-09-10 16:43:07 ----HDC---- C:\WINDOWS\$968930Uinstall_KB968930$
2011-09-10 16:43:05 ----D---- C:\WINDOWS\$NtUninstallKB968930$
2011-09-10 16:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2011-09-10 16:07:14 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2011-09-10 09:00:50 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\Real
2011-09-08 21:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2607712$
2011-09-03 19:38:26 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\WendigoStudios
2011-09-02 23:22:56 ----D---- C:\Program Files\MindDabble_4pEI
2011-09-02 23:18:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\IrisGuard
2011-09-02 23:15:26 ----A---- C:\WINDOWS\system32\pbsdkwiz.dll
2011-09-02 23:15:26 ----A---- C:\WINDOWS\system32\pbbase.dll
2011-09-02 23:15:26 ----A---- C:\WINDOWS\system32\pb.dll
2011-09-02 23:11:58 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\GetRightToGo
2011-08-30 16:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2570791$

======List of files/folders modified in the last 1 month======

2011-09-29 11:49:40 ----D---- C:\Program Files\trend micro
2011-09-29 11:42:17 ----D---- C:\WINDOWS\Debug
2011-09-29 11:42:17 ----AD---- C:\WINDOWS
2011-09-29 11:33:32 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\DMCache
2011-09-29 11:26:51 ----D---- C:\WINDOWS\temp
2011-09-29 11:25:20 ----D---- C:\WINDOWS\Prefetch
2011-09-29 11:22:51 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\IDM
2011-09-29 11:20:49 ----SD---- C:\WINDOWS\Tasks
2011-09-29 11:16:26 ----D---- C:\WINDOWS\system32\CatRoot2
2011-09-29 00:20:55 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-09-29 00:06:49 ----HD---- C:\WINDOWS\inf
2011-09-29 00:06:49 ----D---- C:\WINDOWS\system32\drivers
2011-09-29 00:06:44 ----D---- C:\Program Files\IDM.5.19.2
2011-09-29 00:03:53 ----D---- C:\WINDOWS\Microsoft.NET
2011-09-29 00:03:09 ----SHD---- C:\WINDOWS\Installer
2011-09-28 23:50:43 ----D---- C:\Program Files\Mozilla Firefox
2011-09-28 08:40:08 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\SEDE
2011-09-25 11:06:15 ----A---- C:\WINDOWS\NeroDigital.ini
2011-09-23 18:10:02 ----AD---- C:\WINDOWS\system32
2011-09-23 15:26:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-09-22 20:46:37 ----RD---- C:\Program Files
2011-09-16 21:43:14 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\ICQ
2011-09-16 20:31:08 ----D---- C:\Program Files\ICQ7.2
2011-09-16 20:29:45 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\Skype
2011-09-16 10:38:02 ----A---- C:\WINDOWS\system32\MRT.exe
2011-09-15 23:07:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2011-09-15 23:07:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-09-15 22:57:23 ----HD---- C:\WINDOWS\$hf_mig$
2011-09-15 19:17:01 ----RD---- C:\Program Files\Skype
2011-09-15 19:16:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-09-15 19:16:48 ----D---- C:\Program Files\Common Files
2011-09-15 17:13:14 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\skypePM
2011-09-15 16:37:51 ----D---- C:\WINDOWS\system32\Adobe
2011-09-15 16:37:29 ----D---- C:\WINDOWS\system32\Macromed
2011-09-11 17:21:47 ----D---- C:\WINDOWS\AppPatch
2011-09-10 18:26:20 ----HD---- C:\Program Files\InstallShield Installation Information
2011-09-10 17:56:48 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\YoudaGames
2011-09-10 16:56:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2011-09-10 16:50:21 ----D---- C:\WINDOWS\Logs
2011-09-10 16:49:55 ----D---- C:\WINDOWS\security
2011-09-10 16:49:36 ----D---- C:\Program Files\CCleaner
2011-09-10 16:46:14 ----RSD---- C:\WINDOWS\assembly
2011-09-10 16:44:46 ----D---- C:\Program Files\Internet Explorer
2011-09-10 16:44:36 ----D---- C:\WINDOWS\ie8updates
2011-09-10 16:43:33 ----D---- C:\WINDOWS\system32\config
2011-09-10 16:43:31 ----D---- C:\WINDOWS\Help
2011-09-10 16:43:20 ----D---- C:\WINDOWS\system32\wbem
2011-09-10 12:45:41 ----A---- C:\WINDOWS\win.ini
2011-09-09 14:44:43 ----D---- C:\Documents and Settings\okaynetbook\Data aplikací\Media Player Classic
2011-09-09 11:12:04 ----A---- C:\WINDOWS\system32\crypt32.dll
2011-09-03 09:24:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-09-02 22:40:01 ----HD---- C:\Documents and Settings\okaynetbook\Data aplikací\User Recycle Bin.{645FF040-5081-101B-9F08-00AA002F954E}

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\WINDOWS\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2011-05-20 461592]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R1 IDMTDI;IDMTDI; C:\WINDOWS\system32\DRIVERS\idmtdi.sys [2011-07-06 101616]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKsl0ae0e092;MpKsl0ae0e092; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D61E125B-703B-4773-8D14-478BA4ABB4FB}\MpKsl0ae0e092.sys []
R1 MpKslc0006d70;MpKslc0006d70; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D61E125B-703B-4773-8D14-478BA4ABB4FB}\MpKslc0006d70.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-03-02 21361]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-08-16 6427240]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2010-04-22 61040]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2009-03-13 1759616]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-04-09 208816]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S1 MpKsl3035e4d2;MpKsl3035e4d2; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2DC07DD7-5D5D-44B4-8265-8099EE8D422E}\MpKsl3035e4d2.sys []
S1 MpKsl45925265;MpKsl45925265; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B78BFFF6-3F5A-4A9E-92C9-75BF44751E68}\MpKsl45925265.sys []
S1 MpKsl89fe49ca;MpKsl89fe49ca; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6398E580-7350-4D20-91A2-EBEA19ADE162}\MpKsl89fe49ca.sys []
S1 MpKsl92706dd6;MpKsl92706dd6; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{ED732446-F921-4509-AD0E-FBE0131D4AD8}\MpKsl92706dd6.sys []
S1 MpKsl9c8abaa8;MpKsl9c8abaa8; \??\C:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C1041DC6-62E4-45E0-BFEC-C9FFAEA72133}\MpKsl9c8abaa8.sys []
S1 MpKslc6cef8fd;MpKslc6cef8fd; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9853E6DE-6988-4F2E-8AFE-9A18AEB43742}\MpKslc6cef8fd.sys []
S1 MpKslf6aff973;MpKslf6aff973; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9853E6DE-6988-4F2E-8AFE-9A18AEB43742}\MpKslf6aff973.sys []
S3 2hotspot controller;2hotspot Miniport; C:\WINDOWS\system32\DRIVERS\acontrol.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Documents and Settings\okaynetbook\Plocha\MediaCoder\SysInfo.sys []
S3 dc3d;MS Hardware Device Detection Driver; C:\WINDOWS\system32\DRIVERS\dc3d.sys [2010-07-21 44432]
S3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys []
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NANMp50;NANMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\NANMp50.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2010-07-21 21520]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2010-07-21 40848]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2011-04-15 2240064]
S3 RTLWUSB;AirLive WL1600USB; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2010-04-06 323328]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SndTAudio;SndTAudio; C:\WINDOWS\system32\drivers\SndTAudio.sys [2010-09-11 23608]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2007-07-03 86824]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-02-18 41984]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 uvclf;uvclf; C:\WINDOWS\system32\DRIVERS\uvclf.sys [2008-11-19 39040]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 widseasd;Widsea Secret Disk Service; \??\C:\Documents and Settings\okaynetbook\Dokumenty\Downloads\Music\TS-Disk1.63\TS-Disk1.63\widseasd.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-06-21 53248]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\WINDOWS\system32\NlsSrv32.exe [2009-06-07 61440]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-15 136176]
S2 MySQL;MySQL; D:\programy\AWKasa\bin\mysqld-nt.exe MySQL []
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-15 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-06-19 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\programy\Microsoft Office 2007 CZ full\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 STSService;STSService; C:\Program Files\SoundTaxi Media Suite\STSService.exe []
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
dakujem

[Rudy]

Poprosím o log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[jarek26]

posielam log combofix,uz je to v poriadku?
dakujem

ComboFix 11-09-29.06 - okaynetbook 29.09.2011 20:13:13.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.487 [GMT 2:00]
Spuštěný z: c:\documents and settings\okaynetbook\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
SP: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7094}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\okaynetbook\WINDOWS
c:\documents and settings\okaynetbook\WINDOWS\win.ini
c:\program files\un_Internet Download Manager_16575.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-28 do 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 09:49 . 2011-09-29 09:49 -------- d-----w- C:\rsit
2011-09-29 09:15 . 2011-09-29 09:15 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D61E125B-703B-4773-8D14-478BA4ABB4FB}\MpKsl0ae0e092.sys
2011-09-28 21:50 . 2011-09-03 06:40 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-28 21:50 . 2011-09-03 06:40 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-09-28 21:50 . 2011-09-03 06:40 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-09-28 21:50 . 2011-09-03 06:40 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-09-28 21:50 . 2011-09-03 06:40 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-09-28 21:50 . 2011-09-03 06:40 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-09-28 21:50 . 2011-09-02 23:25 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-28 21:50 . 2011-09-02 23:25 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-09-28 17:44 . 2011-09-28 17:44 28752 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D61E125B-703B-4773-8D14-478BA4ABB4FB}\MpKslc0006d70.sys
2011-09-28 17:43 . 2011-09-29 09:15 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D61E125B-703B-4773-8D14-478BA4ABB4FB}\offreg.dll
2011-09-28 17:43 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D61E125B-703B-4773-8D14-478BA4ABB4FB}\mpengine.dll
2011-09-22 18:46 . 2011-09-22 18:46 -------- d-----w- c:\program files\upnito.sk manager
2011-09-16 22:15 . 2011-09-16 22:15 -------- d-----w- c:\documents and settings\okaynetbook\Data aplikací\AutoHideIP
2011-09-16 22:15 . 2011-09-16 22:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AutoHideIP
2011-09-15 15:12 . 2011-07-06 15:14 101616 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-09-10 16:20 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-09-10 16:20 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-09-10 16:20 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-09-10 16:20 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-09-10 16:20 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-09-10 16:20 . 2011-09-10 16:20 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-09-10 16:20 . 2011-09-10 16:20 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-09-10 16:02 . 2011-09-10 16:02 -------- d-----w- c:\documents and settings\okaynetbook\Data aplikací\Sahmon Games
2011-09-10 15:14 . 2011-09-10 15:14 -------- d-----w- c:\documents and settings\okaynetbook\Data aplikací\Meridian93
2011-09-10 14:43 . 2011-09-10 14:43 -------- d-----w- c:\windows\system32\winrm
2011-09-10 14:43 . 2011-09-10 14:43 -------- d-----w- c:\windows\system32\GroupPolicy
2011-09-10 14:43 . 2011-09-10 14:43 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-09-10 14:07 . 2011-09-10 14:07 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-09-10 12:29 . 2002-08-05 08:46 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2011-09-10 12:29 . 2002-08-02 01:10 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2011-09-10 12:29 . 2002-08-02 00:20 634880 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2011-09-10 12:29 . 2002-08-02 00:20 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2011-09-10 12:29 . 2002-08-02 00:20 151552 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2011-09-10 12:29 . 2011-09-10 12:29 159876 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2011-09-10 12:29 . 2011-09-10 12:29 270468 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2011-09-09 09:35 . 2011-09-09 09:35 -------- d-----w- c:\documents and settings\okaynetbook\Local Settings\Data aplikací\MPlayer
2011-09-03 17:38 . 2011-09-03 17:38 -------- d-----w- c:\documents and settings\okaynetbook\Data aplikací\WendigoStudios
2011-09-02 21:22 . 2011-09-02 21:22 -------- d-----w- c:\program files\MindDabble_4pEI
2011-09-02 21:18 . 2011-09-02 21:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IrisGuard
2011-09-02 21:16 . 2011-09-02 21:19 -------- d-----w- c:\documents and settings\okaynetbook\Local Settings\Data aplikací\Neurotechnology
2011-09-02 21:15 . 2003-08-25 16:11 313016 ----a-w- c:\windows\system32\pbbase.dll
2011-09-02 21:15 . 2002-05-09 10:35 335872 ----a-w- c:\windows\system32\pb.dll
2011-09-02 21:15 . 2001-09-14 10:35 188416 ----a-w- c:\windows\system32\pbsdkwiz.dll
2011-09-02 21:15 . 2004-10-01 21:18 118784 ----a-w- c:\windows\system32\pfinger.ocx
2011-09-02 21:11 . 2011-09-02 21:13 -------- d-----w- c:\documents and settings\okaynetbook\Data aplikací\GetRightToGo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 09:24 . 2011-08-13 06:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 23:14 . 2011-01-24 18:19 7269712 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2009-09-01 22:26 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-08-16 16:46 . 2009-09-01 21:01 6427240 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-08-15 14:47 . 2009-09-01 21:01 60008 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-08-09 14:14 . 2009-09-01 21:01 20055144 ----a-w- c:\windows\RTHDCPL.EXE
2011-08-04 14:59 . 2009-09-01 21:01 1493608 ----a-w- c:\windows\RtlUpd.exe
2011-07-29 04:34 . 2011-07-29 04:34 689664 ----a-w- c:\windows\system32\yowindow.scr
2011-07-15 13:29 . 2009-09-01 22:26 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2011-08-15 20:46 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-11 12:17 . 2009-09-01 21:01 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-07-08 14:02 . 2009-09-01 22:26 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 23:21 . 2011-07-05 23:21 65536 ----a-r- c:\documents and settings\okaynetbook\Data aplikací\Microsoft\Installer\{8E2EB794-0B1A-4FD3-BEB2-1B6F2136EA5B}\Purchase_Internet__8E2EB7940B1A4FD3BEB21B6F2136EA5B.exe
2011-07-05 23:21 . 2011-07-05 23:21 65536 ----a-r- c:\documents and settings\okaynetbook\Data aplikací\Microsoft\Installer\{8E2EB794-0B1A-4FD3-BEB2-1B6F2136EA5B}\Purchase_Internet__34CB414289D04B6C850FDB8A27E958B7.exe
2011-07-05 23:21 . 2011-07-05 23:21 40960 ----a-r- c:\documents and settings\okaynetbook\Data aplikací\Microsoft\Installer\{8E2EB794-0B1A-4FD3-BEB2-1B6F2136EA5B}\ISatTV.exe1_34CB414289D04B6C850FDB8A27E958B7.exe
2011-07-05 23:21 . 2011-07-05 23:21 40960 ----a-r- c:\documents and settings\okaynetbook\Data aplikací\Microsoft\Installer\{8E2EB794-0B1A-4FD3-BEB2-1B6F2136EA5B}\ISatTV.exe_34CB414289D04B6C850FDB8A27E958B7.exe
2011-07-05 23:21 . 2011-07-05 23:21 40960 ----a-r- c:\documents and settings\okaynetbook\Data aplikací\Microsoft\Installer\{8E2EB794-0B1A-4FD3-BEB2-1B6F2136EA5B}\ARPPRODUCTICON.exe
2011-07-05 22:22 . 2011-07-05 22:22 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-05-01 14:50 . 2011-05-09 19:40 2536390 ----a-w- c:\program files\IDM.5.19.2.exe
2008-03-09 05:25 . 2010-05-17 19:18 236 ----a-w- c:\program files\Common Files\dx.reg
2011-09-03 06:40 . 2011-09-28 21:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\IDM.5.19.2\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]
"GrooveMonitor"="d:\programy\Microsoft Office 2007 CZ full\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\okaynetbook\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - sndvol32.lnk - c:\windows\system32\sndvol32.exe [2009-9-1 138752]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"d:\\programy\\Microsoft Office 2007 CZ full\\Office12\\GROOVE.EXE"=
"d:\\Games\\left_4_dead\\left 4 dead\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 20:45 20744]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [15.9.2011 17:12 101616]
R1 MpKsl0ae0e092;MpKsl0ae0e092;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D61E125B-703B-4773-8D14-478BA4ABB4FB}\MpKsl0ae0e092.sys [29.9.2011 11:15 28752]
R1 MpKslc0006d70;MpKslc0006d70;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{D61E125B-703B-4773-8D14-478BA4ABB4FB}\MpKslc0006d70.sys [28.9.2011 19:44 28752]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [15.6.2011 16:15 353168]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [6.7.2011 19:21 13592]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.7.2010 19:27 246520]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [4.8.2010 17:06 61440]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [18.8.2009 23:44 61040]
S1 MpKsl3035e4d2;MpKsl3035e4d2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2DC07DD7-5D5D-44B4-8265-8099EE8D422E}\MpKsl3035e4d2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2DC07DD7-5D5D-44B4-8265-8099EE8D422E}\MpKsl3035e4d2.sys [?]
S1 MpKsl45925265;MpKsl45925265;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B78BFFF6-3F5A-4A9E-92C9-75BF44751E68}\MpKsl45925265.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B78BFFF6-3F5A-4A9E-92C9-75BF44751E68}\MpKsl45925265.sys [?]
S1 MpKsl89fe49ca;MpKsl89fe49ca;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6398E580-7350-4D20-91A2-EBEA19ADE162}\MpKsl89fe49ca.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6398E580-7350-4D20-91A2-EBEA19ADE162}\MpKsl89fe49ca.sys [?]
S1 MpKsl92706dd6;MpKsl92706dd6;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{ED732446-F921-4509-AD0E-FBE0131D4AD8}\MpKsl92706dd6.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{ED732446-F921-4509-AD0E-FBE0131D4AD8}\MpKsl92706dd6.sys [?]
S1 MpKsl9c8abaa8;MpKsl9c8abaa8;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C1041DC6-62E4-45E0-BFEC-C9FFAEA72133}\MpKsl9c8abaa8.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C1041DC6-62E4-45E0-BFEC-C9FFAEA72133}\MpKsl9c8abaa8.sys [?]
S1 MpKslc6cef8fd;MpKslc6cef8fd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9853E6DE-6988-4F2E-8AFE-9A18AEB43742}\MpKslc6cef8fd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9853E6DE-6988-4F2E-8AFE-9A18AEB43742}\MpKslc6cef8fd.sys [?]
S1 MpKslf6aff973;MpKslf6aff973;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9853E6DE-6988-4F2E-8AFE-9A18AEB43742}\MpKslf6aff973.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9853E6DE-6988-4F2E-8AFE-9A18AEB43742}\MpKslf6aff973.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.9.2010 22:01 136176]
S3 2hotspot controller;2hotspot Miniport;c:\windows\system32\DRIVERS\acontrol.sys --> c:\windows\system32\DRIVERS\acontrol.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1.9.2009 23:01 1691480]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [6.7.2011 18:43 44432]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [6.7.2011 0:22 23456]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.9.2010 22:01 136176]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys --> c:\windows\system32\Drivers\NANMp50.sys [?]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [22.8.2011 17:18 2240064]
S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [2.3.2011 16:00 323328]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [7.11.2010 5:59 23608]
S3 STSService;STSService;"c:\program files\SoundTaxi Media Suite\STSService.exe" --> c:\program files\SoundTaxi Media Suite\STSService.exe [?]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [12.8.2009 8:57 39040]
S3 widseasd;Widsea Secret Disk Service;\??\c:\documents and settings\okaynetbook\Dokumenty\Downloads\Music\TS-Disk1.63\TS-Disk1.63\widseasd.sys --> c:\documents and settings\okaynetbook\Dokumenty\Downloads\Music\TS-Disk1.63\TS-Disk1.63\widseasd.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.9.2009 0:26 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL0AE0E092
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-27 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-06-15 12:46]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 20:00]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 20:00]
.
2011-07-06 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2010-07-21 14:52]
.
2011-09-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com.eg/keyword/%s
IE: ????3??
IE: ????3??????
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout s IDM - c:\program files\IDM.5.19.2\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\IDM.5.19.2\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\IDM.5.19.2\IEGetAll.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: ????3?? - c:\documents and settings\okaynetbook\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\okaynetbook\Data aplikací\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 217.119.127.1 217.119.127.200
FF - ProfilePath - c:\documents and settings\okaynetbook\Data aplikací\Mozilla\Firefox\Profiles\6jpdurms.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Farm Mania: Hot Vacation - d:\games\INE\GAMESF~1\FARMMA~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3626335844-41941361-4021371189-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\okaynetbook\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3626335844-41941361-4021371189-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\okaynetbook\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-3626335844-41941361-4021371189-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7294E9D8-DE57-5336-3579-2C64E75607CF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajeegnacogejfcdib"=hex:63,61,6a,6f,62,6d,00,7c
"iafnmlmjdpoeibcejb"=hex:6a,61,6a,6f,6e,6b,6a,6b,68,6a,63,67,6f,6b,63,70,61,65,
6c,68,00,b3
"hapnojjiehleomln"=hex:6a,61,6a,6f,6e,6b,6a,6b,68,6a,63,67,6f,6b,63,70,61,65,
6c,68,00,b3
.
[HKEY_USERS\S-1-5-21-3626335844-41941361-4021371189-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E46F3BC9-8B94-C456-C5D6-D2E81A5A459D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iahhggppehjionjpmc"=hex:6a,61,64,67,64,68,66,63,63,67,6d,62,69,63,64,6d,68,6d,
6a,62,00,a6
"habimfkfdnbpjiln"=hex:6a,61,64,67,64,68,66,63,63,67,6d,62,69,63,64,6d,68,6d,
6a,62,00,a6
"iadipbjdpahnebdhdl"=hex:63,61,64,67,6c,69,00,7c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0470c0e5-e7d6-4970-aadc-2497f7be8e14}]
@Denied: (Full) (Everyone)
"Model"=dword:00000118
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7294E9D8-DE57-5336-3579-2C64E75607CF}\InProcServer32*]
"jalnpijjhmjpapcpnkna"=hex:6a,61,6a,6f,6e,6b,6a,6b,68,6a,63,67,6f,6b,63,70,61,
65,6c,68,00,01
"ialnfjdkebijalikbp"=hex:6a,61,6a,6f,6e,6b,6a,6b,68,6a,63,67,6f,6b,63,70,61,65,
6c,68,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):00,fe,de,4d,de,29,61,83,57,e5,06,1c,bd,d4,98,e6,74,46,8e,c8,5e,
5a,e0,cf,a1,39,fe,20,4c,cd,1e,1d,1f,19,39,ac,4d,7b,0e,08,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash]
@DACL=(02 0000)
@="Shockwave Flash Object"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
c:\windows\system32\igfxdev.dll
.
Celkový čas: 2011-09-29 20:28:59
ComboFix-quarantined-files.txt 2011-09-29 18:28
.
Před spuštěním: Volných bajtů: 13 327 663 104
Po spuštění: Volných bajtů: 13 305 475 072
.
- - End Of File - - 4D80E1B2DAB1E023A54ABA9860640E42

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\program files\Ask.com

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

Reglockdel::
[HKEY_USERS\S-1-5-21-3626335844-41941361-4021371189-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
[HKEY_USERS\S-1-5-21-3626335844-41941361-4021371189-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]

Regnull::
[HKEY_USERS\S-1-5-21-3626335844-41941361-4021371189-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7294E9D8-DE57-5336-3579-2C64E75607CF}*]
[HKEY_USERS\S-1-5-21-3626335844-41941361-4021371189-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E46F3BC9-8B94-C456-C5D6-D2E81A5A459D}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7294E9D8-DE57-5336-3579-2C64E75607CF}\InProcServer32*]

Firefox::
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[jarek26]

po prvom combofixu mi zase tahalo explorer.exe na 99% cpu.dal som ten doplnkovy sken a posielam log,bude to uz dobre?
dakujem
ComboFix 11-09-29.06 - okaynetbook 29.09.2011 23:30:28.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1015.551 [GMT 2:00]
Spuštěný z: c:\documents and settings\okaynetbook\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\okaynetbook\Plocha\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
SP: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7094}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
ADS - WINDOWS: deleted 128 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-28 do 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 21:42 . 2011-09-29 21:42 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A0CA1929-6C78-4C02-B211-BE52B75AF1EA}\offreg.dll
2011-09-29 18:43 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{A0CA1929-6C78-4C02-B211-BE52B75AF1EA}\mpengine.dll
2011-09-29 09:49 . 2011-09-29 09:49 -------- d-----w- C:\rsit
2011-09-28 21:50 . 2011-09-03 06:40 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-28 21:50 . 2011-09-03 06:40 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-09-28 21:50 . 2011-09-03 06:40 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-09-28 21:50 . 2011-09-03 06:40 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-09-28 21:50 . 2011-09-03 06:40 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-09-28 21:50 . 2011-09-03 06:40 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-09-28 21:50 . 2011-09-02 23:25 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-28 21:50 . 2011-09-02 23:25 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-09-22 18:46 . 2011-09-22 18:46 -------- d-----w- c:\program files\upnito.sk manager
2011-09-16 22:15 . 2011-09-16 22:15 -------- d-----w- c:\documents and settings\okaynetbook\Data aplikací\AutoHideIP
2011-09-16 22:15 . 2011-09-16 22:15 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AutoHideIP
2011-09-15 15:12 . 2011-07-06 15:14 101616 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2011-09-10 16:20 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-09-10 16:20 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-09-10 16:20 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-09-10 16:20 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-09-10 16:20 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-09-10 16:20 . 2011-09-10 16:20 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-09-10 16:20 . 2011-09-10 16:20 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-09-10 16:02 . 2011-09-10 16:02 -------- d-----w- c:\documents and settings\okaynetbook\Data aplikací\Sahmon Games
2011-09-10 15:14 . 2011-09-10 15:14 -------- d-----w- c:\documents and settings\okaynetbook\Data aplikací\Meridian93
2011-09-10 14:43 . 2011-09-10 14:43 -------- d-----w- c:\windows\system32\winrm
2011-09-10 14:43 . 2011-09-10 14:43 -------- d-----w- c:\windows\system32\GroupPolicy
2011-09-10 14:43 . 2011-09-10 14:43 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-09-10 14:07 . 2011-09-10 14:07 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-09-10 12:29 . 2002-08-05 08:46 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2011-09-10 12:29 . 2002-08-02 01:10 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2011-09-10 12:29 . 2002-08-02 00:20 634880 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2011-09-10 12:29 . 2002-08-02 00:20 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2011-09-10 12:29 . 2002-08-02 00:20 151552 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2011-09-10 12:29 . 2011-09-10 12:29 159876 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2011-09-10 12:29 . 2011-09-10 12:29 270468 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2011-09-09 09:35 . 2011-09-09 09:35 -------- d-----w- c:\documents and settings\okaynetbook\Local Settings\Data aplikací\MPlayer
2011-09-03 17:38 . 2011-09-03 17:38 -------- d-----w- c:\documents and settings\okaynetbook\Data aplikací\WendigoStudios
2011-09-02 21:22 . 2011-09-02 21:22 -------- d-----w- c:\program files\MindDabble_4pEI
2011-09-02 21:18 . 2011-09-02 21:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IrisGuard
2011-09-02 21:16 . 2011-09-02 21:19 -------- d-----w- c:\documents and settings\okaynetbook\Local Settings\Data aplikací\Neurotechnology
2011-09-02 21:15 . 2003-08-25 16:11 313016 ----a-w- c:\windows\system32\pbbase.dll
2011-09-02 21:15 . 2002-05-09 10:35 335872 ----a-w- c:\windows\system32\pb.dll
2011-09-02 21:15 . 2001-09-14 10:35 188416 ----a-w- c:\windows\system32\pbsdkwiz.dll
2011-09-02 21:15 . 2004-10-01 21:18 118784 ----a-w- c:\windows\system32\pfinger.ocx
2011-09-02 21:11 . 2011-09-02 21:13 -------- d-----w- c:\documents and settings\okaynetbook\Data aplikací\GetRightToGo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 09:24 . 2011-08-13 06:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-12 23:14 . 2011-01-24 18:19 7269712 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2009-09-01 22:26 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-08-16 16:46 . 2009-09-01 21:01 6427240 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2011-08-15 14:47 . 2009-09-01 21:01 60008 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-08-09 14:14 . 2009-09-01 21:01 20055144 ----a-w- c:\windows\RTHDCPL.EXE
2011-08-04 14:59 . 2009-09-01 21:01 1493608 ----a-w- c:\windows\RtlUpd.exe
2011-07-29 04:34 . 2011-07-29 04:34 689664 ----a-w- c:\windows\system32\yowindow.scr
2011-07-15 13:29 . 2009-09-01 22:26 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-13 03:39 . 2011-08-15 20:46 6881616 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-11 12:17 . 2009-09-01 21:01 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-07-08 14:02 . 2009-09-01 22:26 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 23:21 . 2011-07-05 23:21 65536 ----a-r- c:\documents and settings\okaynetbook\Data aplikací\Microsoft\Installer\{8E2EB794-0B1A-4FD3-BEB2-1B6F2136EA5B}\Purchase_Internet__8E2EB7940B1A4FD3BEB21B6F2136EA5B.exe
2011-07-05 23:21 . 2011-07-05 23:21 65536 ----a-r- c:\documents and settings\okaynetbook\Data aplikací\Microsoft\Installer\{8E2EB794-0B1A-4FD3-BEB2-1B6F2136EA5B}\Purchase_Internet__34CB414289D04B6C850FDB8A27E958B7.exe
2011-07-05 23:21 . 2011-07-05 23:21 40960 ----a-r- c:\documents and settings\okaynetbook\Data aplikací\Microsoft\Installer\{8E2EB794-0B1A-4FD3-BEB2-1B6F2136EA5B}\ISatTV.exe1_34CB414289D04B6C850FDB8A27E958B7.exe
2011-07-05 23:21 . 2011-07-05 23:21 40960 ----a-r- c:\documents and settings\okaynetbook\Data aplikací\Microsoft\Installer\{8E2EB794-0B1A-4FD3-BEB2-1B6F2136EA5B}\ISatTV.exe_34CB414289D04B6C850FDB8A27E958B7.exe
2011-07-05 23:21 . 2011-07-05 23:21 40960 ----a-r- c:\documents and settings\okaynetbook\Data aplikací\Microsoft\Installer\{8E2EB794-0B1A-4FD3-BEB2-1B6F2136EA5B}\ARPPRODUCTICON.exe
2011-07-05 22:22 . 2011-07-05 22:22 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-05-01 14:50 . 2011-05-09 19:40 2536390 ----a-w- c:\program files\IDM.5.19.2.exe
2008-03-09 05:25 . 2010-05-17 19:18 236 ----a-w- c:\program files\Common Files\dx.reg
2011-09-03 06:40 . 2011-09-28 21:50 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-09-29_18.24.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-29 21:42 . 2011-09-29 21:42 16384 c:\windows\temp\Perflib_Perfdata_3b8.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\IDM.5.19.2\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-07-27 397312]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-09 20055144]
"GrooveMonitor"="d:\programy\Microsoft Office 2007 CZ full\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\okaynetbook\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Z stupce - sndvol32.lnk - c:\windows\system32\sndvol32.exe [2009-9-1 138752]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"d:\\programy\\Microsoft Office 2007 CZ full\\Office12\\GROOVE.EXE"=
"d:\\Games\\left_4_dead\\left 4 dead\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 20:45 20744]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [15.9.2011 17:12 101616]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [15.6.2011 16:15 353168]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [6.7.2011 19:21 13592]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.7.2010 19:27 246520]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [4.8.2010 17:06 61440]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [18.8.2009 23:44 61040]
S1 MpKsl3035e4d2;MpKsl3035e4d2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2DC07DD7-5D5D-44B4-8265-8099EE8D422E}\MpKsl3035e4d2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{2DC07DD7-5D5D-44B4-8265-8099EE8D422E}\MpKsl3035e4d2.sys [?]
S1 MpKsl45925265;MpKsl45925265;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B78BFFF6-3F5A-4A9E-92C9-75BF44751E68}\MpKsl45925265.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B78BFFF6-3F5A-4A9E-92C9-75BF44751E68}\MpKsl45925265.sys [?]
S1 MpKsl89fe49ca;MpKsl89fe49ca;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6398E580-7350-4D20-91A2-EBEA19ADE162}\MpKsl89fe49ca.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6398E580-7350-4D20-91A2-EBEA19ADE162}\MpKsl89fe49ca.sys [?]
S1 MpKsl92706dd6;MpKsl92706dd6;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{ED732446-F921-4509-AD0E-FBE0131D4AD8}\MpKsl92706dd6.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{ED732446-F921-4509-AD0E-FBE0131D4AD8}\MpKsl92706dd6.sys [?]
S1 MpKsl9c8abaa8;MpKsl9c8abaa8;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C1041DC6-62E4-45E0-BFEC-C9FFAEA72133}\MpKsl9c8abaa8.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{C1041DC6-62E4-45E0-BFEC-C9FFAEA72133}\MpKsl9c8abaa8.sys [?]
S1 MpKslc6cef8fd;MpKslc6cef8fd;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9853E6DE-6988-4F2E-8AFE-9A18AEB43742}\MpKslc6cef8fd.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9853E6DE-6988-4F2E-8AFE-9A18AEB43742}\MpKslc6cef8fd.sys [?]
S1 MpKslf6aff973;MpKslf6aff973;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9853E6DE-6988-4F2E-8AFE-9A18AEB43742}\MpKslf6aff973.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{9853E6DE-6988-4F2E-8AFE-9A18AEB43742}\MpKslf6aff973.sys [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15.9.2010 22:01 136176]
S3 2hotspot controller;2hotspot Miniport;c:\windows\system32\DRIVERS\acontrol.sys --> c:\windows\system32\DRIVERS\acontrol.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1.9.2009 23:01 1691480]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [7.12.2008 12:44 30088]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [6.7.2011 18:43 44432]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [6.7.2011 0:22 23456]
S3 FsUsbExDisk;FsUsbExDisk;\??\c:\windows\system32\FsUsbExDisk.SYS --> c:\windows\system32\FsUsbExDisk.SYS [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15.9.2010 22:01 136176]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 14:58 26248]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys --> c:\windows\system32\Drivers\NANMp50.sys [?]
S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [22.8.2011 17:18 2240064]
S3 RTLWUSB;AirLive WL1600USB;c:\windows\system32\drivers\RTL8187.sys [2.3.2011 16:00 323328]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [7.11.2010 5:59 23608]
S3 STSService;STSService;"c:\program files\SoundTaxi Media Suite\STSService.exe" --> c:\program files\SoundTaxi Media Suite\STSService.exe [?]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [12.8.2009 8:57 39040]
S3 widseasd;Widsea Secret Disk Service;\??\c:\documents and settings\okaynetbook\Dokumenty\Downloads\Music\TS-Disk1.63\TS-Disk1.63\widseasd.sys --> c:\documents and settings\okaynetbook\Dokumenty\Downloads\Music\TS-Disk1.63\TS-Disk1.63\widseasd.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2.9.2009 0:26 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-29 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-06-15 12:46]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 20:00]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 20:00]
.
2011-07-06 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2010-07-21 14:52]
.
2011-09-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 13:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com.eg/keyword/%s
IE: ????3??
IE: ????3??????
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Stáhnout pomocí FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Stáhnout s IDM - c:\program files\IDM.5.19.2\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\IDM.5.19.2\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\IDM.5.19.2\IEGetAll.htm
IE: Stáhnout vše pomocí FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: ????3?? - c:\documents and settings\okaynetbook\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\okaynetbook\Data aplikací\FlashGetBHO\GetAllUrl.htm
TCP: DhcpNameServer = 217.119.127.1 217.119.127.200
FF - ProfilePath - c:\documents and settings\okaynetbook\Data aplikací\Mozilla\Firefox\Profiles\6jpdurms.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-29 23:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3626335844-41941361-4021371189-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\okaynetbook\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-3626335844-41941361-4021371189-1005\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@="c:\\Documents and Settings\\okaynetbook\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0470c0e5-e7d6-4970-aadc-2497f7be8e14}]
@Denied: (Full) (Everyone)
"Model"=dword:00000118
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):00,fe,de,4d,de,29,61,83,57,e5,06,1c,bd,d4,98,e6,74,46,8e,c8,5e,
5a,e0,cf,a1,39,fe,20,4c,cd,1e,1d,1f,19,39,ac,4d,7b,0e,08,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\ShockwaveFlash.ShockwaveFlash]
@DACL=(02 0000)
@="Shockwave Flash Object"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
.
- - - - - - - > 'explorer.exe'(2328)
c:\program files\IDM.5.19.2\IDMShellExt.dll
c:\program files\IDM.5.19.2\IDMNetMon.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2011-09-29 23:49:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-29 21:49
ComboFix2.txt 2011-09-29 18:29
.
Před spuštěním: Volných bajtů: 11 810 226 176
Po spuštění: Volných bajtů: 11 784 282 112
.
- - End Of File - - 6D7D89A9BC11777EDDEBA552B6838DB8

[Rudy]

Smazáno, log již vypadá čistý. Nastala nějaká změna?

[jarek26]

uz je to v poriadku,je to dobre dakujem

[Rudy]

Nemáte zač!