Ahoj, prosím o kontrolu logu, PC je pomalé a zasekané.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:49, on 16.11.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\csrss.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Daniel\AppData\Roaming\Microsoft\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Daniel\AppData\Roaming\msconfig.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Daniel\AppData\Roaming\web2net.exe
C:\Users\Daniel\AppData\Roaming\hidserv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\nvsvc32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Daniel\Desktop\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_8935g
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.postaricles.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_8935g
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_8935g
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKCU\..\Run: [NVIDIA driver monitor] C:\Windows\nvsvc32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows System Devices Manager] c:\windows\csrss.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Microsoft Windows System] C:\Users\Daniel\P-7-78-8964-9648-3874\wincrs.exe
O4 - HKCU\..\Run: [svhost.exe] "C:\Users\Daniel\AppData\Roaming\svhost.exe"
O4 - HKCU\..\Run: [egregregerfwde] "C:\Users\Daniel\AppData\Roaming\svhost.exe"
O4 - HKCU\..\Run: [WindowsUpdate] C:\Users\Daniel\AppData\Roaming\msconfig.exe
O4 - HKCU\..\Run: [Google Updater] "C:\Users\Daniel\AppData\Roaming\Microsoft\svchost.exe"
O4 - HKCU\..\Run: [Windows Update System] C:\Users\Daniel\AppData\Roaming\hidserv.exe
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {70EDCF63-CA7E-4812-8528-DA1EA2FD53B6} (VitaminCtrl Class) - http://www.amkstribro.cz/VitaminCtrl_2_1_0_44.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
--
End of file - 12323 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu - zasekané PC
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: Prosím o kontrolu logu - zasekané PC
,,, a zavirene 
stiahni a uloz na plochu ComboFix
potom spust pod uctom s administratorskym opravnenim
akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie
Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.
po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)
stiahni a uloz na plochu ComboFix
potom spust pod uctom s administratorskym opravnenim
akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie
Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.
po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosím o kontrolu logu - zasekané PC
ComboFix 11-11-15.06 - Daniel 16.11.2011 13:44:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2972.2001 [GMT 1:00]
Spuštěný z: c:\users\Daniel\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daniel\AppData\Roaming\120271494522086.exe
c:\users\Daniel\AppData\Roaming\14601586432544.exe
c:\users\Daniel\AppData\Roaming\14BB.tmp
c:\users\Daniel\AppData\Roaming\152751765427821.exe
c:\users\Daniel\AppData\Roaming\16310793924981.exe
c:\users\Daniel\AppData\Roaming\193072306018575.exe
c:\users\Daniel\AppData\Roaming\20055860126486.exe
c:\users\Daniel\AppData\Roaming\202531341621742.exe
c:\users\Daniel\AppData\Roaming\206953153817531.exe
c:\users\Daniel\AppData\Roaming\21504195553970.exe
c:\users\Daniel\AppData\Roaming\226243132921810.exe
c:\users\Daniel\AppData\Roaming\22972137292177.exe
c:\users\Daniel\AppData\Roaming\2406746313201.exe
c:\users\Daniel\AppData\Roaming\251192209925962.exe
c:\users\Daniel\AppData\Roaming\254372708914507.exe
c:\users\Daniel\AppData\Roaming\25741315115264.exe
c:\users\Daniel\AppData\Roaming\258461435030990.exe
c:\users\Daniel\AppData\Roaming\259463191920276.exe
c:\users\Daniel\AppData\Roaming\27522190710237.exe
c:\users\Daniel\AppData\Roaming\2B3.exe
c:\users\Daniel\AppData\Roaming\3351933514497.exe
c:\users\Daniel\AppData\Roaming\3940735712284.exe
c:\users\Daniel\AppData\Roaming\3DB2.exe
c:\users\Daniel\AppData\Roaming\4866133573574.exe
c:\users\Daniel\AppData\Roaming\4931.tmp
c:\users\Daniel\AppData\Roaming\50D4.tmp
c:\users\Daniel\AppData\Roaming\5A19.exe
c:\users\Daniel\AppData\Roaming\5C44.tmp
c:\users\Daniel\AppData\Roaming\6528.exe
c:\users\Daniel\AppData\Roaming\6559.tmp
c:\users\Daniel\AppData\Roaming\6CE7.tmp
c:\users\Daniel\AppData\Roaming\71752565526708.exe
c:\users\Daniel\AppData\Roaming\72A7.tmp
c:\users\Daniel\AppData\Roaming\7540.tmp
c:\users\Daniel\AppData\Roaming\7771130620722.exe
c:\users\Daniel\AppData\Roaming\7DBB.tmp
c:\users\Daniel\AppData\Roaming\7EE1.tmp
c:\users\Daniel\AppData\Roaming\7F95.tmp
c:\users\Daniel\AppData\Roaming\80E2.tmp
c:\users\Daniel\AppData\Roaming\81B0.tmp
c:\users\Daniel\AppData\Roaming\8558.tmp
c:\users\Daniel\AppData\Roaming\9121936027754.exe
c:\users\Daniel\AppData\Roaming\977D.tmp
c:\users\Daniel\AppData\Roaming\98A5.tmp
c:\users\Daniel\AppData\Roaming\9934.tmp
c:\users\Daniel\AppData\Roaming\9D0B.tmp
c:\users\Daniel\AppData\Roaming\9E.tmp
c:\users\Daniel\AppData\Roaming\AB3E.tmp
c:\users\Daniel\AppData\Roaming\C93B.tmp
c:\users\Daniel\AppData\Roaming\CF71.exe
c:\users\Daniel\AppData\Roaming\E48.exe
c:\users\Daniel\AppData\Roaming\EC33.exe
c:\users\Daniel\AppData\Roaming\EFDC.tmp
c:\users\Daniel\AppData\Roaming\F00A.tmp
c:\users\Daniel\AppData\Roaming\F691.tmp
c:\users\Daniel\AppData\Roaming\Fkuquv.exe
c:\users\Daniel\AppData\Roaming\hidserv.exe
c:\users\Daniel\AppData\Roaming\chrtmp
c:\users\Daniel\AppData\Roaming\Microsoft\svchost.exe
c:\users\Daniel\AppData\Roaming\msconfig.exe
c:\users\Daniel\AppData\Roaming\msnsvconfig.txt
c:\users\Daniel\AppData\Roaming\Pkuquf.exe
c:\users\Daniel\AppData\Roaming\SERVICES.EXE
c:\users\Daniel\AppData\Roaming\svhost.exe
c:\users\Daniel\AppData\Roaming\web2net.exe
c:\users\Daniel\FlashPlayer.exe
c:\users\Daniel\main.dll
c:\users\Daniel\proplay.dll
c:\windows\csrss.exe
c:\windows\nvsvc32.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\wibrf.jpg
c:\windows\wiybr.png
.
----- Souboroví replikátoři -----
.
c:\windows\Installer\{00B21BFD-D933-E0AE-DB9B-382D9A678D2D}\ARPPRODUCTICON.exe
c:\windows\Installer\{04EDFF08-6211-B28C-28F1-E33AB34FDB6A}\ARPPRODUCTICON.exe
c:\windows\Installer\{0A0F27E1-1E33-4B42-3BFF-D0F507B34CC2}\ARPPRODUCTICON.exe
c:\windows\Installer\{12E5B662-4E43-DEBF-29F5-2F72471CCA68}\ARPPRODUCTICON.exe
c:\windows\Installer\{1436DCAB-BEE5-9CB7-8938-D9CC36C213E3}\ARPPRODUCTICON.exe
c:\windows\Installer\{15C37D2B-F2A8-8DE1-74FB-5962C724F340}\ARPPRODUCTICON.exe
c:\windows\Installer\{18142589-2D6B-D61F-49EA-F39DF07541E6}\ARPPRODUCTICON.exe
c:\windows\Installer\{272573B6-4B2F-AB1F-7E38-228F75376B58}\ARPPRODUCTICON.exe
c:\windows\Installer\{27753A06-F44E-05DA-3C39-852E9B0752C9}\ARPPRODUCTICON.exe
c:\windows\Installer\{526B35E0-5B67-5B80-3046-CAD82863F45A}\ARPPRODUCTICON.exe
c:\windows\Installer\{59EE38E0-EA2A-9BFC-D01D-79F25AB2C05E}\ARPPRODUCTICON.exe
c:\windows\Installer\{6030F82F-8BC7-379A-B4C9-56D93AE003E0}\ARPPRODUCTICON.exe
c:\windows\Installer\{632DDD27-160E-07CC-E41E-3254C7933E36}\ARPPRODUCTICON.exe
c:\windows\Installer\{63367878-F985-7C1A-331C-7683CB6D6B8A}\ARPPRODUCTICON.exe
c:\windows\Installer\{7322E6F2-3130-B968-CBB4-07F2CDCFB2C9}\ARPPRODUCTICON.exe
c:\windows\Installer\{7389DA38-3B06-A425-2A77-CEBE79FEEFDC}\ARPPRODUCTICON.exe
c:\windows\Installer\{73FDC722-C263-8F69-B00A-BB670401D430}\ARPPRODUCTICON.exe
c:\windows\Installer\{8B74383E-965E-95B7-670E-774658C12D1E}\ARPPRODUCTICON.exe
c:\windows\Installer\{8C95755D-4390-1804-1B9B-5A0E1ACA2C30}\ARPPRODUCTICON.exe
c:\windows\Installer\{8F705129-ADC3-4F17-8B1C-41D786A34A31}\ARPPRODUCTICON.exe
c:\windows\Installer\{A1584A04-37AD-7C30-479B-D149CAE771BC}\ARPPRODUCTICON.exe
c:\windows\Installer\{A7E87DAD-4B28-675D-D2A7-10F8648EB80D}\ARPPRODUCTICON.exe
c:\windows\Installer\{AD59ED1B-EE24-AD28-7968-4E2A1B9FF08E}\ARPPRODUCTICON.exe
c:\windows\Installer\{B4346F4B-4B4B-CF48-DC80-34293A19F687}\ARPPRODUCTICON.exe
c:\windows\Installer\{BF4860E9-E34D-42C4-8CD8-69AAF8FC78F1}\ARPPRODUCTICON.exe
c:\windows\Installer\{C1277C35-E2E1-90A8-DF57-B5E833603B72}\ARPPRODUCTICON.exe
c:\windows\Installer\{CA0F8066-37F6-F108-4398-4A327D4490A2}\ARPPRODUCTICON.exe
c:\windows\Installer\{CADD61C5-7883-58CC-2BCE-4079CDB09CBD}\ARPPRODUCTICON.exe
c:\windows\Installer\{CE101FB8-0D0A-5899-5E18-893CD263F615}\ARPPRODUCTICON.exe
c:\windows\Installer\{CE7E5838-93FD-3220-C384-33C09211EBE0}\ARPPRODUCTICON.exe
c:\windows\Installer\{DCE20A5F-89DF-D37E-F198-B7E68041A5EE}\ARPPRODUCTICON.exe
c:\windows\Installer\{E09664BB-BB08-45FA-87D1-33EAB0E017F5}\ARPPRODUCTICON.exe
c:\windows\Installer\{E731A9DD-424C-9871-ABBD-A61F5DE421BD}\ARPPRODUCTICON.exe
c:\windows\Installer\{FA3035F9-B626-49BC-9256-87FBA68CA3CB}\ARPPRODUCTICON.exe
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Installer\{8AF8660A-02C5-325A-5C45-03DE5439F344}\ARPPRODUCTICON.exe
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Installer\{A47E755B-3C96-8289-B2DD-C8B0E707AB05}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-16 do 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 13:00 . 2011-11-16 13:00 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2011-11-16 13:00 . 2011-11-16 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 20:12 . 2011-11-14 20:12 -------- d-----w- c:\users\Daniel\AppData\Local\Opera
2011-11-14 20:12 . 2011-11-14 20:12 -------- d-----w- c:\program files\Opera
2011-11-10 17:26 . 2011-11-10 17:26 96256 ----a-w- c:\windows\system32\Ganja144.exe
2011-11-10 17:09 . 2011-11-10 17:09 96256 ----a-w- c:\windows\system32\Ganja6.exe
2011-11-09 22:01 . 2011-11-09 22:01 96256 ----a-w- c:\windows\system32\Ganja56.exe
2011-11-09 22:01 . 2011-11-09 22:01 33280 ----a-w- c:\windows\system32\Ganja50.exe
2011-10-27 14:03 . 2011-10-27 14:03 -------- d-sh--r- c:\users\Daniel\P-7-78-8964-9648-3874
2011-10-26 14:54 . 2011-10-29 11:59 -------- d-sh--r- c:\users\Daniel\M-1-52-5782-8754-5245
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 20:29 . 2010-07-06 20:29 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Microsoft Windows System"="c:\users\Daniel\P-7-78-8964-9648-3874\wincrs.exe" [2011-10-27 192512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-06-05 253696]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-18 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-18 150552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-06 7227936]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-06 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-04-13 3553792]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-04-13 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-04-13 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-03-05 173288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-14 149280]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk - c:\windows\System32\cmd.exe [2008-1-21 318976]
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-4-9 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-06 20:29 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-05-03 19:17 124216 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-28 11:40 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-29 09:36 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-20 29472]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-14 75048]
R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-06 30192]
R4 gupdate1ca7b4d320a0c50;Služba Google Update (gupdate1ca7b4d320a0c50);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 133104]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 133104]
R4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-04-13 3441152]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-06-05 62208]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-07-10 42608]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2009-08-28 26928]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-03-18 4386304]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-03-18 93184]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-03-18 4568064]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-03 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-24 3666432]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-03-19 58144]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-02-24 41376]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:04]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://174.37.200.81
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0809&m=aspire_8935g
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138
DPF: {70EDCF63-CA7E-4812-8528-DA1EA2FD53B6} - hxxp://www.amkstribro.cz/VitaminCtrl_2_1_0_44.cab
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\yfluvn0t.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Windows System Devices Manager - c:\windows\csrss.exe
HKCU-Run-Pkuquf - c:\users\Daniel\AppData\Roaming\Pkuquf.exe
HKCU-Run-Google Updater - c:\users\Daniel\AppData\Roaming\Microsoft\svchost.exe
MSConfigStartUp-Bkuqur - c:\users\Daniel\AppData\Roaming\Bkuqur.exe
MSConfigStartUp-Canaveral - c:\windows\system32\sshnas21.dll
MSConfigStartUp-Fkuquv - c:\users\Daniel\AppData\Roaming\Fkuquv.exe
MSConfigStartUp-Google Updater - c:\users\Daniel\AppData\Roaming\Microsoft\svchost.exe
MSConfigStartUp-Pkuquf - c:\users\Daniel\AppData\Roaming\Pkuquf.exe
MSConfigStartUp-Windows Activation - c:\users\Daniel\AppData\Roaming\services.exe
MSConfigStartUp-Windows Login access - c:\users\Daniel\AppData\Roaming\web2net.exe
MSConfigStartUp-Windows Update System - c:\users\Daniel\AppData\Roaming\hidserv.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-16 14:00
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(792)
c:\program files\Acer Bio Protection\PwdFilter.dll
.
Celkový čas: 2011-11-16 14:02:56
ComboFix-quarantined-files.txt 2011-11-16 13:02
.
Před spuštěním: Volných bajtů: 182 145 703 936
Po spuštění: Volných bajtů: 190 367 916 032
.
- - End Of File - - 3E106A95F29D057928A418A4CFF6EE1D
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2972.2001 [GMT 1:00]
Spuštěný z: c:\users\Daniel\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daniel\AppData\Roaming\120271494522086.exe
c:\users\Daniel\AppData\Roaming\14601586432544.exe
c:\users\Daniel\AppData\Roaming\14BB.tmp
c:\users\Daniel\AppData\Roaming\152751765427821.exe
c:\users\Daniel\AppData\Roaming\16310793924981.exe
c:\users\Daniel\AppData\Roaming\193072306018575.exe
c:\users\Daniel\AppData\Roaming\20055860126486.exe
c:\users\Daniel\AppData\Roaming\202531341621742.exe
c:\users\Daniel\AppData\Roaming\206953153817531.exe
c:\users\Daniel\AppData\Roaming\21504195553970.exe
c:\users\Daniel\AppData\Roaming\226243132921810.exe
c:\users\Daniel\AppData\Roaming\22972137292177.exe
c:\users\Daniel\AppData\Roaming\2406746313201.exe
c:\users\Daniel\AppData\Roaming\251192209925962.exe
c:\users\Daniel\AppData\Roaming\254372708914507.exe
c:\users\Daniel\AppData\Roaming\25741315115264.exe
c:\users\Daniel\AppData\Roaming\258461435030990.exe
c:\users\Daniel\AppData\Roaming\259463191920276.exe
c:\users\Daniel\AppData\Roaming\27522190710237.exe
c:\users\Daniel\AppData\Roaming\2B3.exe
c:\users\Daniel\AppData\Roaming\3351933514497.exe
c:\users\Daniel\AppData\Roaming\3940735712284.exe
c:\users\Daniel\AppData\Roaming\3DB2.exe
c:\users\Daniel\AppData\Roaming\4866133573574.exe
c:\users\Daniel\AppData\Roaming\4931.tmp
c:\users\Daniel\AppData\Roaming\50D4.tmp
c:\users\Daniel\AppData\Roaming\5A19.exe
c:\users\Daniel\AppData\Roaming\5C44.tmp
c:\users\Daniel\AppData\Roaming\6528.exe
c:\users\Daniel\AppData\Roaming\6559.tmp
c:\users\Daniel\AppData\Roaming\6CE7.tmp
c:\users\Daniel\AppData\Roaming\71752565526708.exe
c:\users\Daniel\AppData\Roaming\72A7.tmp
c:\users\Daniel\AppData\Roaming\7540.tmp
c:\users\Daniel\AppData\Roaming\7771130620722.exe
c:\users\Daniel\AppData\Roaming\7DBB.tmp
c:\users\Daniel\AppData\Roaming\7EE1.tmp
c:\users\Daniel\AppData\Roaming\7F95.tmp
c:\users\Daniel\AppData\Roaming\80E2.tmp
c:\users\Daniel\AppData\Roaming\81B0.tmp
c:\users\Daniel\AppData\Roaming\8558.tmp
c:\users\Daniel\AppData\Roaming\9121936027754.exe
c:\users\Daniel\AppData\Roaming\977D.tmp
c:\users\Daniel\AppData\Roaming\98A5.tmp
c:\users\Daniel\AppData\Roaming\9934.tmp
c:\users\Daniel\AppData\Roaming\9D0B.tmp
c:\users\Daniel\AppData\Roaming\9E.tmp
c:\users\Daniel\AppData\Roaming\AB3E.tmp
c:\users\Daniel\AppData\Roaming\C93B.tmp
c:\users\Daniel\AppData\Roaming\CF71.exe
c:\users\Daniel\AppData\Roaming\E48.exe
c:\users\Daniel\AppData\Roaming\EC33.exe
c:\users\Daniel\AppData\Roaming\EFDC.tmp
c:\users\Daniel\AppData\Roaming\F00A.tmp
c:\users\Daniel\AppData\Roaming\F691.tmp
c:\users\Daniel\AppData\Roaming\Fkuquv.exe
c:\users\Daniel\AppData\Roaming\hidserv.exe
c:\users\Daniel\AppData\Roaming\chrtmp
c:\users\Daniel\AppData\Roaming\Microsoft\svchost.exe
c:\users\Daniel\AppData\Roaming\msconfig.exe
c:\users\Daniel\AppData\Roaming\msnsvconfig.txt
c:\users\Daniel\AppData\Roaming\Pkuquf.exe
c:\users\Daniel\AppData\Roaming\SERVICES.EXE
c:\users\Daniel\AppData\Roaming\svhost.exe
c:\users\Daniel\AppData\Roaming\web2net.exe
c:\users\Daniel\FlashPlayer.exe
c:\users\Daniel\main.dll
c:\users\Daniel\proplay.dll
c:\windows\csrss.exe
c:\windows\nvsvc32.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\wibrf.jpg
c:\windows\wiybr.png
.
----- Souboroví replikátoři -----
.
c:\windows\Installer\{00B21BFD-D933-E0AE-DB9B-382D9A678D2D}\ARPPRODUCTICON.exe
c:\windows\Installer\{04EDFF08-6211-B28C-28F1-E33AB34FDB6A}\ARPPRODUCTICON.exe
c:\windows\Installer\{0A0F27E1-1E33-4B42-3BFF-D0F507B34CC2}\ARPPRODUCTICON.exe
c:\windows\Installer\{12E5B662-4E43-DEBF-29F5-2F72471CCA68}\ARPPRODUCTICON.exe
c:\windows\Installer\{1436DCAB-BEE5-9CB7-8938-D9CC36C213E3}\ARPPRODUCTICON.exe
c:\windows\Installer\{15C37D2B-F2A8-8DE1-74FB-5962C724F340}\ARPPRODUCTICON.exe
c:\windows\Installer\{18142589-2D6B-D61F-49EA-F39DF07541E6}\ARPPRODUCTICON.exe
c:\windows\Installer\{272573B6-4B2F-AB1F-7E38-228F75376B58}\ARPPRODUCTICON.exe
c:\windows\Installer\{27753A06-F44E-05DA-3C39-852E9B0752C9}\ARPPRODUCTICON.exe
c:\windows\Installer\{526B35E0-5B67-5B80-3046-CAD82863F45A}\ARPPRODUCTICON.exe
c:\windows\Installer\{59EE38E0-EA2A-9BFC-D01D-79F25AB2C05E}\ARPPRODUCTICON.exe
c:\windows\Installer\{6030F82F-8BC7-379A-B4C9-56D93AE003E0}\ARPPRODUCTICON.exe
c:\windows\Installer\{632DDD27-160E-07CC-E41E-3254C7933E36}\ARPPRODUCTICON.exe
c:\windows\Installer\{63367878-F985-7C1A-331C-7683CB6D6B8A}\ARPPRODUCTICON.exe
c:\windows\Installer\{7322E6F2-3130-B968-CBB4-07F2CDCFB2C9}\ARPPRODUCTICON.exe
c:\windows\Installer\{7389DA38-3B06-A425-2A77-CEBE79FEEFDC}\ARPPRODUCTICON.exe
c:\windows\Installer\{73FDC722-C263-8F69-B00A-BB670401D430}\ARPPRODUCTICON.exe
c:\windows\Installer\{8B74383E-965E-95B7-670E-774658C12D1E}\ARPPRODUCTICON.exe
c:\windows\Installer\{8C95755D-4390-1804-1B9B-5A0E1ACA2C30}\ARPPRODUCTICON.exe
c:\windows\Installer\{8F705129-ADC3-4F17-8B1C-41D786A34A31}\ARPPRODUCTICON.exe
c:\windows\Installer\{A1584A04-37AD-7C30-479B-D149CAE771BC}\ARPPRODUCTICON.exe
c:\windows\Installer\{A7E87DAD-4B28-675D-D2A7-10F8648EB80D}\ARPPRODUCTICON.exe
c:\windows\Installer\{AD59ED1B-EE24-AD28-7968-4E2A1B9FF08E}\ARPPRODUCTICON.exe
c:\windows\Installer\{B4346F4B-4B4B-CF48-DC80-34293A19F687}\ARPPRODUCTICON.exe
c:\windows\Installer\{BF4860E9-E34D-42C4-8CD8-69AAF8FC78F1}\ARPPRODUCTICON.exe
c:\windows\Installer\{C1277C35-E2E1-90A8-DF57-B5E833603B72}\ARPPRODUCTICON.exe
c:\windows\Installer\{CA0F8066-37F6-F108-4398-4A327D4490A2}\ARPPRODUCTICON.exe
c:\windows\Installer\{CADD61C5-7883-58CC-2BCE-4079CDB09CBD}\ARPPRODUCTICON.exe
c:\windows\Installer\{CE101FB8-0D0A-5899-5E18-893CD263F615}\ARPPRODUCTICON.exe
c:\windows\Installer\{CE7E5838-93FD-3220-C384-33C09211EBE0}\ARPPRODUCTICON.exe
c:\windows\Installer\{DCE20A5F-89DF-D37E-F198-B7E68041A5EE}\ARPPRODUCTICON.exe
c:\windows\Installer\{E09664BB-BB08-45FA-87D1-33EAB0E017F5}\ARPPRODUCTICON.exe
c:\windows\Installer\{E731A9DD-424C-9871-ABBD-A61F5DE421BD}\ARPPRODUCTICON.exe
c:\windows\Installer\{FA3035F9-B626-49BC-9256-87FBA68CA3CB}\ARPPRODUCTICON.exe
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Installer\{8AF8660A-02C5-325A-5C45-03DE5439F344}\ARPPRODUCTICON.exe
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Installer\{A47E755B-3C96-8289-B2DD-C8B0E707AB05}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-16 do 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 13:00 . 2011-11-16 13:00 -------- d-----w- c:\users\Daniel\AppData\Local\temp
2011-11-16 13:00 . 2011-11-16 13:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 20:12 . 2011-11-14 20:12 -------- d-----w- c:\users\Daniel\AppData\Local\Opera
2011-11-14 20:12 . 2011-11-14 20:12 -------- d-----w- c:\program files\Opera
2011-11-10 17:26 . 2011-11-10 17:26 96256 ----a-w- c:\windows\system32\Ganja144.exe
2011-11-10 17:09 . 2011-11-10 17:09 96256 ----a-w- c:\windows\system32\Ganja6.exe
2011-11-09 22:01 . 2011-11-09 22:01 96256 ----a-w- c:\windows\system32\Ganja56.exe
2011-11-09 22:01 . 2011-11-09 22:01 33280 ----a-w- c:\windows\system32\Ganja50.exe
2011-10-27 14:03 . 2011-10-27 14:03 -------- d-sh--r- c:\users\Daniel\P-7-78-8964-9648-3874
2011-10-26 14:54 . 2011-10-29 11:59 -------- d-sh--r- c:\users\Daniel\M-1-52-5782-8754-5245
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 20:29 . 2010-07-06 20:29 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Microsoft Windows System"="c:\users\Daniel\P-7-78-8964-9648-3874\wincrs.exe" [2011-10-27 192512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-06-05 253696]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-18 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-18 150552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-18 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-06 7227936]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-06 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-04-13 3553792]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-04-13 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-04-13 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-03-05 173288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-14 149280]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
$McRebootA5E6DEAA56$.lnk - c:\windows\System32\cmd.exe [2008-1-21 318976]
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-4-9 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-06 20:29 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-05-03 19:17 124216 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-28 11:40 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-06-29 09:36 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-20 29472]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-14 75048]
R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-06 30192]
R4 gupdate1ca7b4d320a0c50;Služba Google Update (gupdate1ca7b4d320a0c50);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 133104]
R4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 133104]
R4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
R4 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-04-13 3441152]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-06-05 62208]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-07-10 42608]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2009-08-28 26928]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-03-18 4386304]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-03-18 93184]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-03-18 4568064]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-03 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-24 3666432]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-03-19 58144]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-02-24 41376]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:04]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-12 17:04]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://174.37.200.81
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0809&m=aspire_8935g
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 10.0.0.138
DPF: {70EDCF63-CA7E-4812-8528-DA1EA2FD53B6} - hxxp://www.amkstribro.cz/VitaminCtrl_2_1_0_44.cab
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\yfluvn0t.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Windows System Devices Manager - c:\windows\csrss.exe
HKCU-Run-Pkuquf - c:\users\Daniel\AppData\Roaming\Pkuquf.exe
HKCU-Run-Google Updater - c:\users\Daniel\AppData\Roaming\Microsoft\svchost.exe
MSConfigStartUp-Bkuqur - c:\users\Daniel\AppData\Roaming\Bkuqur.exe
MSConfigStartUp-Canaveral - c:\windows\system32\sshnas21.dll
MSConfigStartUp-Fkuquv - c:\users\Daniel\AppData\Roaming\Fkuquv.exe
MSConfigStartUp-Google Updater - c:\users\Daniel\AppData\Roaming\Microsoft\svchost.exe
MSConfigStartUp-Pkuquf - c:\users\Daniel\AppData\Roaming\Pkuquf.exe
MSConfigStartUp-Windows Activation - c:\users\Daniel\AppData\Roaming\services.exe
MSConfigStartUp-Windows Login access - c:\users\Daniel\AppData\Roaming\web2net.exe
MSConfigStartUp-Windows Update System - c:\users\Daniel\AppData\Roaming\hidserv.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-16 14:00
Windows 6.0.6001 Service Pack 1 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(792)
c:\program files\Acer Bio Protection\PwdFilter.dll
.
Celkový čas: 2011-11-16 14:02:56
ComboFix-quarantined-files.txt 2011-11-16 13:02
.
Před spuštěním: Volných bajtů: 182 145 703 936
Po spuštění: Volných bajtů: 190 367 916 032
.
- - End Of File - - 3E106A95F29D057928A418A4CFF6EE1D
Re: Prosím o kontrolu logu - zasekané PC
no hroza ,,, a este cosi ostalo >> docisti to s AVPTool
FRST |ADWCleaner |MBAM |CCleaner |AVPTool
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Re: Prosím o kontrolu logu - zasekané PC
Supr, děkuju moc! Notebook teď běhá daleko líp než dosud, nebyl můj, ale kámošův, je tak trochu "klikací" typ 
Takže ještě jednou velké díky!
Takže ještě jednou velké díky!
Přispějete na provoz fóra?