Nelze spustit Hijack

[Ich]

Zdravim,
prave jsem zkusil spustit hijack ale nastal nejaky problem.
Vyskocil na me License agreement na ktery kdyz kliknu, tak vyskoci Hijackthis hlaska ze akce nemuze byt dokoncena,protoze jina aplikace je busy.Mam zvolit 'swich' ale to nereaguje.
Pokousel jsem se to vypnout pres spravce uloh ale nelze.Zatuhlo to na plose.
Prosim o pomoc.

s polu s oknem License agreement je tam i cerne okenko 'random's system information tool (tady onen hijack jestli se nemylim}
Edit:

Tak uz se mi to podarilo vypnout ale opetovne spusteni opet nezabralo-stejny problem.

Mam zkusit jiny program pro vy tvoreni logu?
mam system win vista.

[vyosek]

Zdravim a pekny podvecer preji

Poprosim o log z DDS

• Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
• Spustte a kliknete na Start
• Po chvili vyskoci log, ten rad uvidim

[Ich]

DDS (Ver_2011-09-30.01) - NTFS_AMD64
Internet Explorer: 7.0.6001.18000
Run by acer at 4:07:26 on 2008-11-01
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2814.1258 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\acer\AppData\Local\Adobe\OOBE\PDApp\DWA\Setup.exe
C:\Program Files\trend micro\acer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\acer\Downloads\HijackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\Prereqtool.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=1&o=vp64&d=1109&m=aspire_m3201
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=1&o=vp64&d=1109&m=aspire_m3201
uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} -
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Pomocník pro přihlášení ke službě Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} -
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
EB: EurotranXP: {0E0ADD34-AF8E-47FA-A99B-3E7556FAF54C} - C:\Program Files (x86)\Verdict Free\etnxp.dll
EB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} -
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
uRun: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [PlayNC Launcher] <no file>
mRun: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
mRun: [eRecoveryService] <no file>
StartupFolder: C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBER~1.LNK - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBER~2.LNK - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoInternetIcon = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoInternetIcon = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - C:\Program Files (x86)\Verdict Free\etnxp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - C:\Program Files (x86)\Verdict Free\etnxp.dll
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1 192.168.2.1
TCP: Interfaces\{BCE443C1-3D4B-418A-9C30-015EE1DD20BC} : DHCPNameServer = 192.168.1.1 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=1&o=vp64&d=1109&m=aspire_m3201
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=1&o=vp64&d=1109&m=aspire_m3201
x64-BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
x64-TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
x64-Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
x64-Run: [eDataSecurity Loader] "C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe"
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: NoInternetIcon = dword:1
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
Hosts: 81.0.254.162 L2authd.Lineage2.com
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\gbm0a0lm.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - component: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\gbm0a0lm.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-2-20 308296]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2009-2-20 269448]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 202752]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-6-24 123120]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 npf;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2009-11-16 47632]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2008-12-20 86016]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-2-20 391680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe --> C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [?]
S2 gupdate1ca664a24574e78;Služba Google Update (gupdate1ca664a24574e78);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-16 133104]
S2 RPCER;Remote Procedure Call (HNM);C:\Program Files\Common Files\ODBC\comp.exe --> C:\Program Files\Common Files\ODBC\comp.exe [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2008-12-20 117248]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-16 133104]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2008-12-20 98816]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-2-20 102472]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-2-20 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-2-20 49480]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2008-11-4 129976]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-9-23 50424]
S3 PerfHost;Hostitel knihoven DLL čítačů výkonu;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-2-20 215568]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-5 93184]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-12-07 11:26:56 54867776 ----a-w- C:\Windows\System32\mrt.exe
2011-11-15 13:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-07-06 15:18:20 274432 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-02 13:22:31 2762240 ----a-w- C:\Windows\System32\win32k.sys
2011-05-03 13:42:40 222464 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2011-05-02 16:35:51 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-02 15:58:28 738816 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 15:25:27 344576 ----a-w- C:\Windows\System32\schannel.dll
2011-04-29 14:54:10 276992 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-04-29 13:12:26 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 13:12:20 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-29 13:11:56 135168 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-29 13:11:52 105984 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-21 15:29:00 1032704 ----a-w- C:\Windows\System32\wininet.dll
2011-04-21 15:28:37 1427968 ----a-w- C:\Windows\System32\urlmon.dll
2011-04-21 15:27:10 208896 ----a-w- C:\Windows\System32\occache.dll
2011-04-21 15:26:01 1129984 ----a-w- C:\Windows\System32\mstime.dll
2011-04-21 15:25:32 759808 ----a-w- C:\Windows\System32\mshtmled.dll
2011-04-21 15:25:31 5702144 ----a-w- C:\Windows\System32\mshtml.dll
2011-04-21 15:25:29 590848 ----a-w- C:\Windows\System32\msfeeds.dll
2011-04-21 15:24:48 32256 ----a-w- C:\Windows\System32\jsproxy.dll
2011-04-21 15:24:29 7016960 ----a-w- C:\Windows\System32\ieframe.dll
2011-04-21 15:24:29 375296 ----a-w- C:\Windows\System32\iertutil.dll
2011-04-21 15:24:29 249856 ----a-w- C:\Windows\System32\iepeers.dll
2011-04-21 15:24:26 86528 ----a-w- C:\Windows\System32\ieencode.dll
2011-04-21 15:24:25 480256 ----a-w- C:\Windows\System32\iedkcs32.dll
2011-04-21 15:24:25 422400 ----a-w- C:\Windows\System32\ieapfltr.dll
2011-04-21 15:24:25 267776 ----a-w- C:\Windows\System32\ieaksie.dll
2011-04-21 15:00:34 833024 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-21 15:00:21 1174528 ----a-w- C:\Windows\SysWow64\urlmon.dll
2011-04-21 14:59:25 146432 ----a-w- C:\Windows\SysWow64\occache.dll
2011-04-21 14:58:50 671232 ----a-w- C:\Windows\SysWow64\mstime.dll
2011-04-21 14:58:36 477184 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2011-04-21 14:58:36 3593728 ----a-w- C:\Windows\SysWow64\mshtml.dll
2011-04-21 14:58:34 467456 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2011-04-21 14:58:04 28160 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2011-04-21 14:57:48 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2011-04-21 14:57:48 6078976 ----a-w- C:\Windows\SysWow64\ieframe.dll
2011-04-21 14:57:48 389120 ----a-w- C:\Windows\SysWow64\iedkcs32.dll
2011-04-21 14:57:48 380928 ----a-w- C:\Windows\SysWow64\ieapfltr.dll
2011-04-21 14:57:48 270848 ----a-w- C:\Windows\SysWow64\iertutil.dll
2011-04-21 14:57:48 193024 ----a-w- C:\Windows\SysWow64\iepeers.dll
2011-04-21 14:57:47 230400 ----a-w- C:\Windows\SysWow64\ieaksie.dll
2011-04-21 13:59:55 485376 ----a-w- C:\Windows\System32\html.iec
2011-04-21 13:42:48 407552 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-21 13:34:37 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-21 13:28:42 389632 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-21 13:08:37 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-20 15:16:49 450048 ----a-w- C:\Windows\System32\winsrv.dll
2011-04-20 15:11:39 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-04-14 14:45:13 97792 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-04-12 15:14:49 1208832 ----a-w- C:\Windows\System32\kernel32.dll
2011-04-12 14:56:23 857600 ----a-w- C:\Windows\SysWow64\kernel32.dll
2011-03-10 16:30:11 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-10 16:30:10 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-10 16:12:54 1161728 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-03 15:06:38 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-03-03 15:06:28 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:06:27 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:06:27 281600 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 14:56:40 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-03-03 14:56:29 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 13:25:43 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-03-03 13:01:01 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-03-02 15:10:39 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-02 15:10:38 221184 ----a-w- C:\Windows\System32\dnsapi.dll
2011-03-02 14:49:42 167936 ----a-w- C:\Windows\SysWow64\dnsapi.dll
2011-02-27 15:53:47 18320 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-27 15:53:46 1075600 ----a-w- C:\Windows\System32\winload.efi
2011-02-27 15:53:45 990096 ----a-w- C:\Windows\System32\winresume.efi
2011-02-27 15:53:45 979344 ----a-w- C:\Windows\System32\winresume.exe
2011-02-27 15:53:45 20880 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-27 15:53:45 18832 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-27 15:53:45 1062800 ----a-w- C:\Windows\System32\winload.exe
2011-02-25 16:02:38 98816 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
2011-02-18 13:51:57 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-18 13:50:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-16 15:41:45 603648 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-16 15:38:39 753152 ----a-w- C:\Windows\System32\jscript.dll
2011-02-16 15:36:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-16 15:35:41 430080 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-16 15:32:46 512000 ----a-w- C:\Windows\SysWow64\jscript.dll
2011-02-16 15:29:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-16 13:44:38 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-16 13:24:56 292864 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-30 16:19:34 69632 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
2011-01-30 16:19:34 28672 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
2011-01-30 16:19:32 86016 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
2011-01-21 15:57:04 454144 ----a-w- C:\Windows\System32\shlwapi.dll
2011-01-21 15:56:31 12898304 ----a-w- C:\Windows\System32\shell32.dll
2011-01-21 15:46:57 351744 ----a-w- C:\Windows\SysWow64\shlwapi.dll
2011-01-21 15:46:32 11582464 ----a-w- C:\Windows\SysWow64\shell32.dll
2010-12-29 17:53:52 416768 ----a-w- C:\Windows\System32\sbe.dll
2010-12-29 17:53:52 210944 ----a-w- C:\Windows\System32\sbeio.dll
2010-12-29 17:53:37 560128 ----a-w- C:\Windows\System32\EncDec.dll
2010-12-29 17:51:49 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
.
============= FINISH: 4:08:14,32 ===============

[vyosek]

Doporucuji odinstalovat (pokud nepouzivate) toolbary (listy prohlizecu) v Přidat nebo odebrat programy

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

[Ich]

Rogue:

RogueKiller V7.5.2 [05/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows Vista (6.0.6001 Service Pack 1) 64 bits version
Spuštěno v: Normální režim
Uživatel: acer [Práva správce]
Mód: Kontrola -- Datum: 11/01/2008 04:17:59

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SUSP PATH] Setup.exe -- C:\Users\acer\AppData\Local\Adobe\OOBE\PDApp\DWA\Setup.exe -> KILLED [TermProc]

¤¤¤ Záznamy Registrů: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NENAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
::1 localhost
127.0.0.1 localhost
81.0.254.162 L2authd.Lineage2.com


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EAVS-00D7B1 ATA Device +++++
--- User ---
[MBR] e023b917dfb73e92e5dfa660c91f8f47
[BSP] 2fbfcc00749e5b38d4f9638b2697d630 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 15005 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30734336 | Size: 375526 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 799811584 | Size: 563335 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

[vyosek]

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Ich]

tak musim rict ze to bylo trochu divoke ale nejak to dopadlo.
PC jsem musel nekolikrat vyp/zapnout - nechtel nabehnout system,takze log jsem dohledal az nyni.Doufam ze je to ono:

ComboFix 12-05-31.02 - acer 01.11.2008 4:28:17.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2814.1293 [GMT 1:00]
Spuštěný z: C:\Users\acer\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

[Ich]

No nicmene to vypada ze je stale nejaky problem.
Napr. pouhe smazani cehokoliv z plochy je nemozne.Co to muze zpusobovat?

Jinak mam ale pocit ze je PC ted preci jen zase trochu sviznejsi.

[vyosek]

No neni Log neni cely...

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) a aplikujte CF tam

[Ich]

uf to bylo neco..ale tak snad se podarilo.Tak tady log:

ComboFix 12-05-31.02 - acer 01.11.2008 5:44.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2814.2155 [GMT 1:00]
Spuštěný z: c:\users\acer\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\HTV
c:\program files (x86)\HTV\akv.cfg
c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe
c:\users\Public\Documents\NTIBUN5.dll
c:\users\Public\Documents\NTIMP3.dll
c:\users\Public\Documents\NTIMPEG2.dll
c:\users\Public\Documents\NTIOFM4.dll
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\host
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
---- Předchozí spuštění -------
.
c:\program files (x86)\HTV
c:\program files (x86)\HTV\akv.cfg
c:\program files (x86)\HTV\htv.001
c:\program files (x86)\HTV\HTV.002
c:\users\acer\AppData\Local\assembly\tmp
c:\users\acer\AppData\Local\Temp\rundll32.exe
c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32.exe
c:\users\Public\Documents\NTIBUN5.dll
c:\users\Public\Documents\NTIMP3.dll
c:\users\Public\Documents\NTIMPEG2.dll
c:\users\Public\Documents\NTIOFM4.dll
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\host
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-01 do 2008-11-01 )))))))))))))))))))))))))))))))
.
.
2012-01-07 12:55 . 2012-01-07 13:09 -------- d-----w- c:\program files (x86)\Real
2011-12-18 08:10 . 2011-12-18 08:27 -------- d-----w- c:\program files (x86)\NCsoft
2011-09-15 08:51 . 2011-09-15 08:51 -------- d-----w- c:\program files (x86)\JoWooD
2011-09-13 12:04 . 2012-01-07 13:01 -------- d-----w- c:\program files (x86)\DsNET Corp
2011-06-17 12:25 . 2011-04-21 15:02 634648 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2011-06-17 10:50 . 2011-05-02 12:00 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-06-17 10:45 . 2011-05-02 16:00 766464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2011-05-29 09:45 . 2010-12-28 14:56 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-05-29 09:45 . 2010-12-28 14:56 57344 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadcs.dll
2011-05-29 09:45 . 2010-12-28 14:56 253952 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-05-29 09:45 . 2010-12-28 14:56 241664 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-05-29 09:45 . 2010-12-28 14:56 180224 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-05-29 09:43 . 2010-10-12 15:48 33280 ----a-w- c:\program files (x86)\Windows Mail\wabfind.dll
2011-05-29 09:43 . 2010-10-12 13:52 66048 ----a-w- c:\program files (x86)\Windows Mail\wabmig.exe
2011-05-29 09:43 . 2010-10-12 13:52 515584 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-11-14 16:41 . 2010-11-15 14:04 -------- d-----w- c:\program files (x86)\JoWooD Entertainment AG
2010-10-31 14:40 . 2010-10-31 14:40 -------- d-----w- c:\programdata\ATI
2010-10-31 11:26 . 2010-10-31 14:30 -------- d-----w- c:\program files\ATI Technologies
2010-10-21 14:40 . 2010-10-21 14:40 -------- d-----w- c:\program files (x86)\Microsoft Games
2010-10-17 16:54 . 2010-10-17 16:54 -------- d-----w- c:\program files\Windows NT
2010-10-15 09:55 . 2010-06-28 14:31 339968 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-15 09:54 . 2010-09-10 16:35 168960 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2010-10-11 17:07 . 2008-11-05 18:25 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2010-10-11 14:23 . 2010-10-11 14:23 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2010-10-11 13:51 . 2010-10-11 14:05 -------- d-----w- c:\program files\2K Games
2010-09-28 20:35 . 2008-11-05 18:17 -------- d-----w- C:\bwinPoker
2010-08-09 18:43 . 2010-08-09 18:43 -------- d-----w- c:\program files\WinPcap
2010-08-06 11:44 . 2010-08-06 11:44 -------- d-----w- c:\programdata\Funcom
2010-07-11 19:41 . 2010-07-11 19:41 -------- d-----r- c:\program files (x86)\Skype
2010-07-11 19:41 . 2010-07-11 19:41 -------- d-----w- c:\program files (x86)\Common Files\Skype
2010-07-11 19:41 . 2010-07-11 19:41 -------- d-----w- c:\programdata\Skype
2010-06-25 19:58 . 2008-10-31 06:06 -------- d-----w- c:\program files (x86)\Warcraft III
2010-06-10 15:01 . 2010-06-10 15:01 -------- d-----w- c:\program files\Reference Assemblies
2010-05-27 17:27 . 2010-05-27 17:27 -------- d-----w- c:\program files\Alwil Software
2010-05-27 17:23 . 2010-05-27 17:23 -------- d-----w- c:\program files (x86)\3DO
2010-05-13 13:06 . 2009-01-17 09:35 -------- d-----w- c:\program files (x86)\Diablo II
2010-05-12 13:15 . 2010-01-29 16:22 1616384 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2010-04-16 10:42 . 2010-08-14 01:23 -------- d-----w- c:\program files\Movie Maker
2010-04-15 07:59 . 2008-10-31 02:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 14:12 . 2010-03-09 20:23 6611280 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5CC2050-880D-43BD-B1E3-A487218FBEEB}\mpengine.dll
2010-01-08 14:02 . 2009-02-08 08:14 -------- d-----w- c:\program files (x86)\Common Files\Steam
2009-12-18 11:02 . 2009-12-18 11:02 -------- d-----w- c:\program files (x86)\BurnAware Free
2009-12-10 05:24 . 2009-12-10 05:24 -------- d-----w- c:\programdata\WindowsSearch
2009-11-15 23:38 . 2009-11-15 23:38 -------- d-----w- c:\program files (x86)\Codec Pack - All In 1
2009-11-15 23:19 . 2009-01-18 20:55 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2009-11-15 23:19 . 2009-01-18 20:55 -------- d-----w- c:\program files (x86)\DivX
2009-11-14 09:52 . 2009-11-14 09:52 -------- d-----w- c:\programdata\Meridian93
2009-11-13 11:52 . 2008-11-01 04:20 -------- d-----w- c:\program files (x86)\Webteh
2009-11-10 12:57 . 2008-11-23 11:06 -------- d-----w- c:\program files (x86)\EA Games
2009-11-10 11:19 . 2009-11-15 23:10 -------- d-----w- c:\programdata\Electronic Arts
2009-11-09 20:54 . 2009-11-10 12:53 -------- d-----w- c:\program files (x86)\Electronic Arts
2009-11-06 17:51 . 2010-04-14 14:14 -------- d-----w- c:\users\AppData
2009-11-06 17:51 . 2009-11-06 17:51 -------- d-----w- c:\program files (x86)\Alcohol Soft
2009-11-06 17:30 . 2009-11-06 17:30 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar
2009-11-06 17:29 . 2009-11-06 17:30 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2009-11-06 17:28 . 2009-11-06 17:29 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-05 16:11 . 2008-11-04 15:48 -------- d-----w- c:\program files (x86)\uTorrent
2009-11-05 15:58 . 2009-02-01 20:09 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2009-11-05 15:58 . 2009-11-05 15:59 -------- d-----w- c:\program files (x86)\Winamp
2009-11-05 15:53 . 2009-11-05 15:53 -------- d-----w- c:\program files (x86)\MSXML 4.0
2009-11-05 15:17 . 2009-09-10 15:21 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
2009-11-05 15:17 . 2009-11-05 15:17 -------- d-----w- c:\programdata\ICQ
2009-11-05 15:13 . 2008-11-19 18:54 -------- d-----w- c:\program files (x86)\ICQ6.5
2009-11-05 15:07 . 2009-07-14 10:59 107520 ----a-w- c:\program files (x86)\Windows Media Player\wmpconfig.exe
2009-11-05 15:07 . 2009-07-14 10:58 107520 ----a-w- c:\program files (x86)\Windows Media Player\wmpshare.exe
2009-11-05 11:54 . 2009-11-05 11:54 -------- d-----w- c:\program files\YUAN
2009-11-05 11:50 . 2010-04-16 16:24 -------- d-----w- c:\program files (x86)\Google
2009-11-05 11:48 . 2008-11-01 04:06 -------- d-----w- c:\users\acer
2009-11-05 11:23 . 2009-11-05 11:23 -------- d-----w- c:\users\Default\AppData\Roaming\ATI
2009-11-05 11:23 . 2009-11-05 11:23 -------- d-----w- c:\users\Default\AppData\Local\ATI
2009-11-05 11:21 . 2010-10-31 14:29 -------- d-----w- c:\program files (x86)\ATI Technologies
2009-11-05 11:20 . 2009-11-05 11:20 -------- d-----w- c:\program files\ATI
2009-07-12 10:11 . 2009-07-12 10:11 670016 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll
2009-07-11 20:37 . 2009-07-11 20:37 641536 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll
2009-04-04 20:34 . 2009-01-18 20:55 -------- d-----w- c:\programdata\DivX
2009-03-07 19:06 . 2008-11-01 13:01 -------- d-----w- c:\programdata\Spyware Terminator
2009-03-07 19:06 . 2008-11-01 13:01 -------- d-----w- c:\program files (x86)\Spyware Terminator
2009-03-07 18:55 . 2010-08-11 10:30 -------- d-----w- c:\programdata\Alwil Software
2009-03-07 18:55 . 2010-04-15 07:54 -------- d-----w- c:\program files\Setup
2009-03-07 18:09 . 2008-11-08 06:04 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2009-03-06 11:17 . 2009-03-06 11:17 -------- d-----w- c:\programdata\Solidshield
2009-03-05 11:48 . 2009-03-05 11:48 -------- d-----w- c:\programdata\Blizzard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-29 15:25 . 2011-07-18 02:42 344576 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 14:54 . 2011-07-18 02:42 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-03-03 15:06 . 2011-05-29 09:48 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:06 . 2011-05-29 09:48 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:06 . 2011-05-29 09:48 281600 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 14:56 . 2011-05-29 09:48 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-05-29 09:48 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-05-29 09:48 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 14:56 . 2011-05-29 09:48 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-11-06 04:35 . 2011-05-29 09:42 854528 ----a-w- c:\windows\system32\schedsvc.dll
2009-06-07 05:27 . 2002-12-20 13:02 1071088 ----a-w- c:\windows\SysWow64\MsComCtl.ocx
2009-03-17 03:52 . 2009-11-05 15:13 55296 ----a-w- c:\windows\apppatch\AppPatch64\apihex64.dll
2009-03-17 03:38 . 2009-11-05 15:13 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2008-11-01 03:57 . 2009-02-20 13:04 145920 ----a-w- c:\windows\apppatch\AppPatch64\iebrshim.dll
2008-11-01 03:44 . 2009-02-20 13:04 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2008-09-19 21:55 . 2008-09-19 21:55 200704 ----a-w- c:\windows\SysWow64\ssldivx.dll
2008-09-19 21:55 . 2008-09-19 21:55 1044480 ----a-w- c:\windows\SysWow64\libdivx.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-11-28 3318784]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-09 3077528]
"Facebook Update"="c:\users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-30 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1018544741-754534756-2578017032-1000Core.job
- c:\users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-30 15:42]
.
2012-01-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1018544741-754534756-2578017032-1000UA.job
- c:\users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-30 15:42]
.
2008-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 23:19]
.
2009-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-15 23:19]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200]
"RtHDVCpl"="RAVCpl64.exe" [2008-05-20 6296064]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files (x86)\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files (x86)\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\gbm0a0lm.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-Acer Empowering Technology Monitor - c:\program files\Acer\Empowering Technology\SysMonitor.exe
HKLM-Run-EmpoweringTechnology - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe
AddRemove-4shared Desktop - c:\users\acer\Desktop\MOJE SLOZKY\Game\Lineage 2 int\4shared Desktop\uninstall.exe
AddRemove-7-Zip - c:\users\acer\Desktop\CSS\7-Zip\Uninstall.exe
AddRemove-CCleaner - c:\users\acer\Desktop\CCleaner\uninst.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-CSS FULL DZ [Oct 15 2007] - c:\users\acer\Desktop\Tom\Game\VALVe\Counter-Strike Source\uninst.exe
AddRemove-Left 4 Dead_is1 - c:\program files (x86)\Left4Dead\unins000.exe
AddRemove-S.T.A.L.K.E.R. - Shadow of Chernobyl_is1 - d:\program files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457} - c:\program files (x86)\Acer GameZone\Galapago\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363} - c:\program files (x86)\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110} - c:\program files (x86)\Acer GameZone\Dream Day First Home\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Spyware Terminator\sp_rsser.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
.
**************************************************************************
.
Celkový čas: 2008-11-01 06:06:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-01 05:06
.
Před spuštěním: Volných bajtů: 175 523 049 472
Po spuštění: Volných bajtů: 172 145 348 608
.
- - End Of File - - BC041D6C8E1E6911840AC1CCA5E9A75F

[vyosek]

Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/

• c:\program files (x86)\Internet Explorer\iexplore.exe
• Kliknete na Choose file
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Scan It
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

[Ich]

https://www.virustotal.com/file/a4def84 ... 338733977/

[vyosek]

Poprosim o log z DDS

• Stahnete DDS odsud http://download.bleepingcomputer.com/sUBs/Beta/dds.exe a ulozte na plochu
• Spustte a kliknete na Start
• Po chvili vyskoci log, ten rad uvidim

[Ich]

DDS (Ver_2011-09-30.01) - NTFS_AMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 10.4.0
Run by acer at 18:22:46 on 2012-06-04
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2814.1826 [GMT 2:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} -
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Pomocník pro přihlášení ke službě Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} -
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
uRun: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Facebook Update] "C:\Users\acer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBER~1.LNK - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBER~2.LNK - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00104-0001-0004-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - C:\Program Files (x86)\Verdict Free\etnxp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - C:\Program Files (x86)\Verdict Free\etnxp.dll
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1 192.168.2.1
TCP: Interfaces\{BCE443C1-3D4B-418A-9C30-015EE1DD20BC} : DHCPNameServer = 192.168.1.1 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=1&o=vp64&d=1109&m=aspire_m3201
x64-BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
x64-TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
x64-Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot
x64-Run: [eDataSecurity Loader] "C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe"
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\gbm0a0lm.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\acer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\gbm0a0lm.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-2-20 308296]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2009-2-20 269448]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 202752]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2008-12-20 86016]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-2-20 391680]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe --> C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [?]
S2 gupdate1ca664a24574e78;Služba Google Update (gupdate1ca664a24574e78);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-16 133104]
S2 RPCER;Remote Procedure Call (HNM);C:\Program Files\Common Files\ODBC\comp.exe --> C:\Program Files\Common Files\ODBC\comp.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-4 257696]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2008-12-20 117248]
S3 gupdatem;Služba Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-16 133104]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2008-12-20 98816]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-2-20 102472]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-2-20 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-2-20 49480]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2008-11-4 129976]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-9-23 50424]
S3 PerfHost;Hostitel knihoven DLL čítačů výkonu;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-2-20 215568]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-11-5 93184]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-06-04 16:21:45 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-04 16:21:45 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-03 14:41:35 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-03 14:41:35 687560 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-03 14:41:35 227784 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-06-03 14:41:35 174024 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-06-03 14:41:35 174024 ----a-w- C:\Windows\SysWow64\java.exe
2012-04-26 18:03:14 57848688 ----a-w- C:\Windows\System32\mrt.exe
.
============= FINISH: 18:23:25,03 ===============

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  DDS::
  uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} -
  uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
  uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
  mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
  BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
  TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
  TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
  TB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} -
  TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
  uRun: [DAEMON Tools Lite]
  uRun: [AlcoholAutomount]
  uRun: [SpywareTerminatorUpdate]
  uRun: [Skype]
  uRun: [Facebook Update]
  mRun: [PCMMediaSharing]
  mRun: [WinampAgent
  mRun: [HP Software Update]
  mRun: [DivXUpdate]
  mRun: [SwitchBoard]
  mRun: [SunJavaUpdateSched]
  mRun: [Adobe ARM]
  x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
  x64-Run: [AdobeAAMUpdater-1.0]
  
  Folder::
  C:\Program Files (x86)\DAEMON Tools Toolbar
  
  File::
  c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1018544741-754534756-2578017032-1000Core.job
  c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1018544741-754534756-2578017032-1000UA.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  Firefox::
  FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\gbm0a0lm.default\
  FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
  
  Driver::
  gupdate1ca664a24574e78
  
  RegLock::
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci