VIRY.CZ

..byl odstaněn nějaký malware, pc není zrovna sprinter..
děkuji


Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-09-25 15:41:59
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (27%) free of 153 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:42:47, on 25.9.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LGScsiCommandService.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60403
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60403
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60403
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60403
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 8472931171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8472921984
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} (WebWatch Class) - http://www.miga.cz/WinWebPush.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Služba Google Update (gupdate1c9fcd1a3051fda) (gupdate1c9fcd1a3051fda) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LG SCSI command service (LGScsiCommandService) - Mobile Leader Co.,Ltd. - C:\WINDOWS\system32\LGScsiCommandService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10273 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\MpIdleTask.job
C:\WINDOWS\tasks\Norton Security Scan for H.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21A88CB9-84D2-4020-A2D1-B25A21034884}]
HistoryTriggerBHO Class - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll [2011-05-31 35688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-24 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-17 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-24 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-09-24 79856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-12 17531392]
"Google Updater"=C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2011-09-13 161336]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 931200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-11 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-07-31 38872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
C:\Documents and Settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [2012-03-28 404568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN GO]
C:\Documents and Settings\All Users\Data aplikací\GameXN\GameXNGO.exe [2011-09-02 347008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.6\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2011-08-19 421736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG LinkAir]
C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe [2011-05-31 2449768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-04 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor]
C:\Program Files\UnHackMe\hackmon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Časovač]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2004-02-25 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^H^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
C:\PROGRA~1\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^H^Nabídka Start^Programy^Po spuštění^Registration Assassin.LNK]
C:\Program Files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe -d 804121 -l english -r 7 -g Assassin -c us -i 3538 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mamka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mamka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
C:\PROGRA~1\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\InterVideo\DVD7\WinDVD.exe"="C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\zalohahajk\Program Files\ICQ6\ICQ.exe"="C:\zalohahajk\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ Library"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\zalohahajk\Program Files\Valve\hl.exe"="C:\zalohahajk\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\zalohahajk\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\zalohahajk\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\zalohahajk\Program Files\Valve\hlds.exe"="C:\zalohahajk\Program Files\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\Documents and Settings\H\Plocha\pes2010.exe"="C:\Documents and Settings\H\Plocha\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\zalohahajk\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe"="C:\zalohahajk\Program Files\3DO\Heroes of Might and Magic IV\heroes4c.exe:*:Enabled:Heroes of Might and Magic® IV: Winds of War™"
"C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe"="C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\BitTorrent\BitTorrent.exe"="C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Hajecek11\Plocha\Skype.exe"="C:\Documents and Settings\Hajecek11\Plocha\Skype.exe:*:Enabled:Skype"
"C:\zalohahajk\Program Files\Adobe\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\zalohahajk\Program Files\Adobe\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011"
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Disabled:Football Manager 2010"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\zalohahajk\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\zalohahajk\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe"="C:\Program Files\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator Update Support"
"C:\zalohahajk\Program Files\Warcraft III\gproxy.exe"="C:\zalohahajk\Program Files\Warcraft III\gproxy.exe:*:Enabled:gproxy"
"C:\zalohahajk\Program Files\Warcraft III\war3.exe"="C:\zalohahajk\Program Files\Warcraft III\war3.exe:*:Disabled:Warcraft III"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\FIFA 12\Game\fifa.exe"="C:\Program Files\FIFA 12\Game\fifa.exe:*:Enabled:FIFA 12"
"E:\Warcraft III\gproxy.exe"="E:\Warcraft III\gproxy.exe:*:Enabled:gproxy"
"E:\Warcraft III\war3.exe"="E:\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\gproxy.exe"="C:\Program Files\gproxy.exe:*:Enabled:gproxy Application"
"C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:*:Disabled:Football Manager 2011"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"msacm.lhacm"=lhacm.acm
"vidc.mjpg"=pvmjpg30.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"VIDC.MP43"=mpg4c32.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2012-09-25 15:42:01 ----D---- C:\Program Files\trend micro
2012-09-25 15:41:59 ----DC---- C:\rsit
2012-09-25 15:23:52 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2012-09-25 12:36:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\RegRun
2012-09-25 12:27:59 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Malwarebytes
2012-09-25 12:27:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2012-09-25 12:27:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-09-25 12:26:18 ----RASHOT---- C:\WINDOWS\winstart.bat
2012-09-25 12:26:01 ----D---- C:\Program Files\UnHackMe
2012-09-24 17:59:56 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-09-24 15:29:20 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2012-09-24 15:26:50 ----D---- C:\Program Files\Microsoft Security Client
2012-09-24 15:05:05 ----D---- C:\WINDOWS\pss
2012-09-24 15:04:43 ----D---- C:\Documents and Settings\Administrator\Data aplikací\vlc
2012-09-24 14:32:30 ----D---- C:\Program Files\Common Files\Java
2012-09-24 14:11:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Ask
2012-09-24 14:10:46 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-09-24 14:10:46 ----A---- C:\WINDOWS\system32\javaws.exe
2012-09-24 14:10:46 ----A---- C:\WINDOWS\system32\javaw.exe
2012-09-24 14:10:46 ----A---- C:\WINDOWS\system32\java.exe
2012-09-24 14:07:41 ----D---- C:\Program Files\CCleaner
2012-09-24 10:48:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
2012-09-24 10:47:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135$
2012-09-24 10:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2731847$
2012-09-24 10:47:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219$
2012-09-24 10:47:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2012-09-24 10:47:10 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2012-09-24 10:46:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2012-09-24 10:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-09-24 10:45:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-09-24 10:45:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-09-24 10:41:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$
2012-09-24 10:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$
2012-09-24 10:31:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2012-09-24 10:31:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2012-09-24 10:30:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2012-09-24 10:24:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-09-24 10:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-09-24 10:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-09-24 10:22:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-09-24 10:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-09-24 10:22:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-09-24 10:21:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-09-24 10:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-09-24 10:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2633952$
2012-09-24 10:19:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2012-09-24 10:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2012-09-24 10:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2012-09-24 10:18:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2012-09-24 10:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2012-09-24 10:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2492386$
2012-09-24 10:08:12 ----D---- C:\WINDOWS\system32\winrm
2012-09-24 10:08:12 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2012-09-24 10:08:12 ----D---- C:\WINDOWS\system32\GroupPolicy
2012-09-24 10:08:09 ----HDC---- C:\WINDOWS\$968930Uinstall_KB968930$
2012-09-24 10:08:08 ----D---- C:\WINDOWS\$NtUninstallKB968930$
2012-09-24 10:07:51 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2012-09-24 09:56:32 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-09-24 09:51:33 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Sun
2012-09-24 09:48:25 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2012-09-24 09:48:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\LangSoft
2012-09-24 09:47:31 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Opera
2012-09-24 09:46:41 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Apple Computer
2012-09-24 09:45:49 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Identities
2012-09-24 09:45:38 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2012-09-24 09:45:37 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2012-09-24 09:45:37 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia

======List of files/folders modified in the last 1 month======

2012-09-25 15:42:13 ----D---- C:\WINDOWS\Prefetch
2012-09-25 15:42:01 ----D---- C:\Program Files
2012-09-25 15:41:30 ----D---- C:\WINDOWS\Temp
2012-09-25 15:41:08 ----D---- C:\WINDOWS\system32\CatRoot2
2012-09-25 15:39:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-09-25 15:39:07 ----D---- C:\WINDOWS\system32\drivers
2012-09-25 15:39:06 ----D---- C:\WINDOWS\system32
2012-09-25 15:36:43 ----SHC---- C:\boot.ini
2012-09-25 15:36:43 ----A---- C:\WINDOWS\WIN.INI
2012-09-25 15:36:43 ----A---- C:\WINDOWS\SYSTEM.INI
2012-09-25 15:34:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\LangSoft
2012-09-25 15:25:01 ----D---- C:\WINDOWS
2012-09-25 15:23:35 ----D---- C:\WINDOWS\Resources
2012-09-25 13:37:39 ----D---- C:\WINDOWS\Debug
2012-09-25 13:05:11 ----SHD---- C:\WINDOWS\Installer
2012-09-25 13:05:09 ----RSD---- C:\WINDOWS\assembly
2012-09-25 13:05:08 ----D---- C:\WINDOWS\WinSxS
2012-09-25 13:02:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-09-25 12:56:15 ----D---- C:\WINDOWS\system32\CatRoot
2012-09-25 12:54:26 ----HD---- C:\WINDOWS\inf
2012-09-25 12:44:48 ----SD---- C:\WINDOWS\Tasks
2012-09-25 12:22:17 ----D---- C:\Program Files\Valve
2012-09-25 12:19:34 ----D---- C:\Program Files\Microsoft Office
2012-09-25 12:19:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-09-25 12:17:28 ----D---- C:\Program Files\Common Files\System
2012-09-25 12:17:27 ----RSD---- C:\WINDOWS\Fonts
2012-09-25 12:16:50 ----D---- C:\Program Files\Microsoft.NET
2012-09-25 12:16:48 ----D---- C:\Program Files\Common Files\DESIGNER
2012-09-25 12:16:46 ----D---- C:\WINDOWS\Help
2012-09-24 17:35:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\GameXN
2012-09-24 17:03:35 ----A---- C:\WINDOWS\NeroDigital.ini
2012-09-24 16:59:41 ----D---- C:\Program Files\DNA
2012-09-24 15:27:11 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2012-09-24 15:00:56 ----D---- C:\Program Files\Common Files\InstallShield
2012-09-24 15:00:01 ----A---- C:\WINDOWS\system32\lgAxconfig.ini
2012-09-24 14:57:12 ----D---- C:\Program Files\Google
2012-09-24 14:52:18 ----D---- C:\Program Files\DsNET Corp
2012-09-24 14:50:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-09-24 14:45:51 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-09-24 14:42:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2012-09-24 14:42:05 ----D---- C:\Program Files\DivX
2012-09-24 14:42:02 ----D---- C:\Program Files\Common Files
2012-09-24 14:41:09 ----D---- C:\Program Files\Krtecek
2012-09-24 14:40:40 ----D---- C:\Program Files\TeamSpeak 3 Client
2012-09-24 14:40:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-09-24 14:39:57 ----D---- C:\Program Files\Opera
2012-09-24 14:39:38 ----D---- C:\Program Files\PatchBeam
2012-09-24 14:38:07 ----D---- C:\Program Files\Winamp
2012-09-24 14:36:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-09-24 14:35:04 ----D---- C:\Program Files\Zrychleni Pocitace
2012-09-24 14:34:46 ----D---- C:\Program Files\FIFA 12
2012-09-24 14:34:16 ----D---- C:\Program Files\InterVideo
2012-09-24 14:34:10 ----D---- C:\Program Files\Common Files\InterVideo
2012-09-24 14:32:59 ----D---- C:\Program Files\Common Files\Adobe
2012-09-24 14:32:59 ----D---- C:\Program Files\Adobe
2012-09-24 14:10:32 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-09-24 14:08:20 ----SHD---- C:\RECYCLER
2012-09-24 14:08:20 ----D---- C:\WINDOWS\Minidump
2012-09-24 14:08:20 ----D---- C:\WINDOWS\Logs
2012-09-24 13:47:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-09-24 13:47:15 ----D---- C:\Program Files\Internet Explorer
2012-09-24 13:47:14 ----D---- C:\Program Files\Microsoft Silverlight
2012-09-24 13:47:10 ----D---- C:\WINDOWS\AppPatch
2012-09-24 13:46:18 ----D---- C:\WINDOWS\security
2012-09-24 10:55:09 ----D---- C:\WINDOWS\Microsoft.NET
2012-09-24 10:48:22 ----D---- C:\WINDOWS\ie8updates
2012-09-24 10:48:14 ----HD---- C:\WINDOWS\$hf_mig$
2012-09-24 10:37:50 ----D---- C:\WINDOWS\system32\XPSViewer
2012-09-24 10:25:57 ----D---- C:\Program Files\NVIDIA Corporation
2012-09-24 10:08:16 ----D---- C:\WINDOWS\system32\config
2012-09-24 10:08:12 ----D---- C:\WINDOWS\system32\wbem
2012-09-24 09:49:20 ----D---- C:\WINDOWS\SoftwareDistribution
2012-09-24 09:48:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-09-24 09:46:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2012-09-24 09:45:36 ----D---- C:\Documents and Settings
2012-09-17 12:48:01 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-08-28 20:48:50 ----A---- C:\WINDOWS\system32\ieframe.dll
2012-08-28 17:18:59 ----A---- C:\WINDOWS\system32\wininet.dll
2012-08-28 17:18:58 ----A---- C:\WINDOWS\system32\urlmon.dll
2012-08-28 17:18:58 ----A---- C:\WINDOWS\system32\url.dll
2012-08-28 17:18:58 ----A---- C:\WINDOWS\system32\occache.dll
2012-08-28 17:18:57 ----A---- C:\WINDOWS\system32\mstime.dll
2012-08-28 17:18:57 ----A---- C:\WINDOWS\system32\mshtmled.dll
2012-08-28 17:18:57 ----A---- C:\WINDOWS\system32\mshtml.dll
2012-08-28 17:18:54 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2012-08-28 17:18:54 ----A---- C:\WINDOWS\system32\msfeeds.dll
2012-08-28 17:18:53 ----A---- C:\WINDOWS\system32\licmgr10.dll
2012-08-28 17:18:53 ----A---- C:\WINDOWS\system32\jsproxy.dll
2012-08-28 17:18:51 ----A---- C:\WINDOWS\system32\iertutil.dll
2012-08-28 17:18:50 ----A---- C:\WINDOWS\system32\iepeers.dll
2012-08-28 17:18:45 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2012-08-28 14:07:34 ----A---- C:\WINDOWS\system32\ie4uinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-03-20 171064]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-06-10 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-01-04 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-09-10 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-09-10 25888]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-12 5051904]
R3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-02-09 13415040]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-10-12 255232]
S0 Partizan;Partizan; C:\WINDOWS\system32\drivers\Partizan.sys []
S3 adrvn65l;adrvn65l; C:\WINDOWS\system32\drivers\adrvn65l.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2009-08-14 1668352]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\H\LOCALS~1\Temp\OYD6A5.tmp []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\H\LOCALS~1\Temp\sony_ssm.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-09-24 153584]
R2 LGScsiCommandService;LG SCSI command service; C:\WINDOWS\system32\LGScsiCommandService.exe [2010-03-09 47616]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 11552]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-30 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2011-09-12 202040]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2009-08-04 217088]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1c9fcd1a3051fda;Služba Google Update (gupdate1c9fcd1a3051fda); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-04 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-13 194104]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 250288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-05-07 74360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-04 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-08-19 821096]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-10 113120]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Zdravím, tohle fixni v HJT :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60403
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60403
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60403
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60403
O3 - Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (file missing)

HJT najdeš zde :

C:\Program Files\trend micro\Administrator.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Služba Google Update (gupdate1c9fcd1a3051fda)

Služba Google Update (gupdatem)

Google Software Updater (gusvc)

klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

dobrý den,
tak jsem provedl, jen při spouštění Combo to prudilo se štítem avastu a ms essental..essential byl zastaven a avast v pc není..nevím..
nicméně, log je tady

ComboFix 12-09-24.03 - Administrator 26.09.2012 12:05:34.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1505 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\khq
c:\windows\IsUn0413.exe
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-26 do 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 09:53 . 2012-09-26 09:53 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27C52B20-2F6D-4330-BDB7-6C5CE5A1ABCE}\MpKsldce2d17a.sys
2012-09-26 09:51 . 2012-09-26 09:51 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27C52B20-2F6D-4330-BDB7-6C5CE5A1ABCE}\offreg.dll
2012-09-25 13:51 . 2012-08-29 23:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27C52B20-2F6D-4330-BDB7-6C5CE5A1ABCE}\mpengine.dll
2012-09-25 13:42 . 2012-09-25 13:48 -------- d-----w- c:\program files\trend micro
2012-09-25 13:41 . 2012-09-25 13:42 -------- dc----w- C:\rsit
2012-09-25 10:36 . 2012-09-25 13:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RegRun
2012-09-25 10:27 . 2012-09-25 10:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-09-25 10:27 . 2012-09-25 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-25 10:26 . 2012-09-25 10:26 2 --shatr- c:\windows\winstart.bat
2012-09-25 10:26 . 2012-09-25 13:39 -------- d-----w- c:\program files\UnHackMe
2012-09-24 15:59 . 2012-09-24 16:10 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-24 13:29 . 2012-08-29 23:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-24 13:29 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-24 13:26 . 2012-09-24 13:27 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-24 12:32 . 2012-09-24 12:32 -------- d-----w- c:\program files\Common Files\Java
2012-09-24 12:11 . 2012-09-24 12:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ask
2012-09-24 12:10 . 2012-09-24 12:10 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 12:07 . 2012-09-24 15:54 -------- d-----w- c:\program files\CCleaner
2012-09-24 08:08 . 2012-09-24 08:08 -------- d-----w- c:\windows\system32\winrm
2012-09-24 08:08 . 2012-09-24 08:08 -------- d-----w- c:\windows\system32\GroupPolicy
2012-09-24 08:08 . 2012-09-24 08:08 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-09-24 08:04 . 2012-08-28 15:18 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-24 07:56 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-09-24 07:56 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-09-24 07:49 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-09-24 07:45 . 2012-09-26 09:18 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 16:10 . 2011-05-17 07:28 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 12:10 . 2011-01-12 15:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-24 12:10 . 2011-01-12 15:50 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:18 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-17 13:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2012-07-06 13:58 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-05-07 06:02 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-17 13:44 1866112 ----a-w- c:\windows\system32\win32k.sys
2011-11-13 22:12 . 2011-11-13 22:07 325952 ----a-w- c:\program files\lua5.1.dll
2011-11-13 22:12 . 2011-11-13 22:07 1341440 ----a-w- c:\program files\uninstall.exe
2011-10-02 01:25 . 2011-09-23 14:11 317440 ----a-w- c:\program files\gproxy.exe
2011-09-25 22:18 . 2011-09-25 22:18 98816 ----a-w- c:\program files\euroloader.exe
2011-08-26 15:06 . 2011-08-26 15:04 81229680 ----a-w- c:\program files\iTunesSetup.exe
2011-05-13 10:33 . 2011-09-23 14:11 3336 ----a-w- c:\program files\eurobattle.reg
2011-04-24 00:30 . 2011-09-23 14:11 68608 ----a-w- c:\program files\w3lh.dll
2010-09-04 13:48 . 2010-09-04 13:48 440184 ----a-w- c:\program files\launcher.exe
2010-03-11 08:00 . 2011-09-23 14:11 118784 ----a-w- c:\program files\pdcurses.dll
2009-05-19 15:39 . 2009-05-19 15:30 17551992 ----a-w- c:\program files\GIMP_Portable_2.6.6.paf_EN.exe
2003-04-10 16:56 . 2011-09-23 14:11 351744 ----a-w- c:\program files\winmpq.exe
2012-07-10 13:12 . 2011-10-01 09:53 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^H^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\H\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^H^Nabídka Start^Programy^Po spuštění^Registration Assassin.LNK]
path=c:\documents and settings\H\Nabídka Start\Programy\Po spuštění\Registration Assassin.LNK
backup=c:\windows\pss\Registration Assassin.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mamka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\mamka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mamka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\mamka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53 404568 ----a-w- c:\documents and settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 23:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN GO]
2011-09-02 10:07 347008 ----a-w- c:\documents and settings\All Users\Data aplikací\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 05:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 05:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG LinkAir]
2011-05-31 06:56 2449768 ----a-w- c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 15:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-04 18:02 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\zalohahajk\\Program Files\\Valve\\hl.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\zalohahajk\\Program Files\\Valve\\hlds.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\zalohahajk\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4c.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\zalohahajk\\Program Files\\Adobe\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\zalohahajk\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\gproxy.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4836:UDP"= 4836:UDP:Windows Media Format SDK (iexplore.exe)
"4839:UDP"= 4839:UDP:Windows Media Format SDK (iexplore.exe)
"4838:UDP"= 4838:UDP:Windows Media Format SDK (iexplore.exe)
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2009 15:31 691696]
R1 MpKsldce2d17a;MpKsldce2d17a;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27C52B20-2F6D-4330-BDB7-6C5CE5A1ABCE}\MpKsldce2d17a.sys [26.9.2012 11:53 29904]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [25.12.2010 20:46 47616]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 9:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 9:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 9:11 12928]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24.9.2012 18:00 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7.5.2009 14:23 1684736]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [7.7.2010 19:05 1668352]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\H\LOCALS~1\Temp\OYD6A5.tmp --> c:\docume~1\H\LOCALS~1\Temp\OYD6A5.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3.7.2012 15:00 113120]
S4 gupdate1c9fcd1a3051fda;Služba Google Update (gupdate1c9fcd1a3051fda);c:\program files\Google\Update\GoogleUpdate.exe [4.7.2009 20:02 133104]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4.7.2009 20:02 133104]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe --> c:\program files\ICQ6Toolbar\ICQ Service.exe [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLDCE2D17A
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 16:10]
.
2012-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-04 20:44]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 18:02]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 18:02]
.
2012-09-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
2012-09-26 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 15:03]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://www.miga.cz/WinWebPush.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4yax725e.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-ICQ - c:\program files\ICQ7.6\ICQ.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
MSConfigStartUp-UnHackMe Monitor - c:\program files\UnHackMe\hackmon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-26 12:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\H\LOCALS~1\Temp\OYD6A5.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-2025429265-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,d9,01,31,f5,25,ef,49,be,87,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,d9,01,31,f5,25,ef,49,be,87,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Celkový čas: 2012-09-26 12:13:36
ComboFix-quarantined-files.txt 2012-09-26 10:13
.
Před spuštěním: Volných bajtů: 44 141 035 520
Po spuštění: Volných bajtů: 44 760 424 448
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D9738F8DE532D22F22ADB10331329C8E

Na ten Avast použij TENTO Cleaner, restartuj do Nouzového režimu a v něm utilitku spusť.


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

dobré ráno,
tak se podařio vše, restart bez problémů. log :

ComboFix 12-09-26.06 - Administrator 27.09.2012 9:05.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1461 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Uninstall.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\tempxtrs.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Service_ICQ Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-27 do 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 07:13 . 2012-09-27 07:13 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27C52B20-2F6D-4330-BDB7-6C5CE5A1ABCE}\MpKslef1ec7d7.sys
2012-09-26 12:38 . 2012-09-26 12:38 -------- d-----w- c:\windows\system32\NtmsData
2012-09-25 13:51 . 2012-08-29 23:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27C52B20-2F6D-4330-BDB7-6C5CE5A1ABCE}\mpengine.dll
2012-09-25 13:42 . 2012-09-26 11:02 -------- d-----w- c:\program files\trend micro
2012-09-25 10:36 . 2012-09-25 13:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RegRun
2012-09-25 10:27 . 2012-09-25 10:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-09-25 10:27 . 2012-09-25 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-25 10:26 . 2012-09-25 10:26 2 --shatr- c:\windows\winstart.bat
2012-09-25 10:26 . 2012-09-25 13:39 -------- d-----w- c:\program files\UnHackMe
2012-09-24 15:59 . 2012-09-24 16:10 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-24 13:29 . 2012-08-29 23:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-24 13:29 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-24 13:26 . 2012-09-26 11:14 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-24 12:32 . 2012-09-24 12:32 -------- d-----w- c:\program files\Common Files\Java
2012-09-24 12:11 . 2012-09-24 12:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ask
2012-09-24 12:10 . 2012-09-24 12:10 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 12:07 . 2012-09-24 15:54 -------- d-----w- c:\program files\CCleaner
2012-09-24 08:08 . 2012-09-24 08:08 -------- d-----w- c:\windows\system32\winrm
2012-09-24 08:08 . 2012-09-24 08:08 -------- d-----w- c:\windows\system32\GroupPolicy
2012-09-24 08:08 . 2012-09-24 08:08 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-09-24 08:04 . 2012-08-28 15:18 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-09-24 07:56 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-09-24 07:56 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-09-24 07:49 . 2012-06-02 13:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-09-24 07:45 . 2012-09-26 13:58 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 16:10 . 2011-05-17 07:28 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 12:10 . 2011-01-12 15:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-24 12:10 . 2011-01-12 15:50 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 20:03 . 2012-03-20 18:44 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:18 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2004-08-17 13:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2012-07-06 13:58 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2009-05-07 06:02 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2004-08-17 13:44 1866112 ----a-w- c:\windows\system32\win32k.sys
2011-11-13 22:12 . 2011-11-13 22:07 325952 ----a-w- c:\program files\lua5.1.dll
2011-10-02 01:25 . 2011-09-23 14:11 317440 ----a-w- c:\program files\gproxy.exe
2011-09-25 22:18 . 2011-09-25 22:18 98816 ----a-w- c:\program files\euroloader.exe
2011-08-26 15:06 . 2011-08-26 15:04 81229680 ----a-w- c:\program files\iTunesSetup.exe
2011-05-13 10:33 . 2011-09-23 14:11 3336 ----a-w- c:\program files\eurobattle.reg
2011-04-24 00:30 . 2011-09-23 14:11 68608 ----a-w- c:\program files\w3lh.dll
2010-09-04 13:48 . 2010-09-04 13:48 440184 ----a-w- c:\program files\launcher.exe
2010-03-11 08:00 . 2011-09-23 14:11 118784 ----a-w- c:\program files\pdcurses.dll
2009-05-19 15:39 . 2009-05-19 15:30 17551992 ----a-w- c:\program files\GIMP_Portable_2.6.6.paf_EN.exe
2003-04-10 16:56 . 2011-09-23 14:11 351744 ----a-w- c:\program files\winmpq.exe
2012-07-10 13:12 . 2011-10-01 09:53 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk
backup=c:\windows\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^H^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\H\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^H^Nabídka Start^Programy^Po spuštění^Registration Assassin.LNK]
path=c:\documents and settings\H\Nabídka Start\Programy\Po spuštění\Registration Assassin.LNK
backup=c:\windows\pss\Registration Assassin.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mamka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\mamka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^mamka^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\mamka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53 404568 ----a-w- c:\documents and settings\All Users\Data aplikací\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 23:06 1848648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN GO]
2011-09-02 10:07 347008 ----a-w- c:\documents and settings\All Users\Data aplikací\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 05:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 05:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG LinkAir]
2011-05-31 06:56 2449768 ----a-w- c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-09-12 15:19 947176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-07-04 18:02 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\zalohahajk\\Program Files\\Valve\\hl.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\zalohahajk\\Program Files\\Valve\\hlds.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\zalohahajk\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4c.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\zalohahajk\\Program Files\\Adobe\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\zalohahajk\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\gproxy.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4836:UDP"= 4836:UDP:Windows Media Format SDK (iexplore.exe)
"4839:UDP"= 4839:UDP:Windows Media Format SDK (iexplore.exe)
"4838:UDP"= 4838:UDP:Windows Media Format SDK (iexplore.exe)
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.5.2009 15:31 691696]
R1 MpKslef1ec7d7;MpKslef1ec7d7;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27C52B20-2F6D-4330-BDB7-6C5CE5A1ABCE}\MpKslef1ec7d7.sys [27.9.2012 9:13 29904]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [25.12.2010 20:46 47616]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29.9.2009 9:11 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29.9.2009 9:11 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29.9.2009 9:11 12928]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [24.9.2012 18:00 250288]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7.5.2009 14:23 1684736]
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [7.7.2010 19:05 1668352]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\H\LOCALS~1\Temp\OYD6A5.tmp --> c:\docume~1\H\LOCALS~1\Temp\OYD6A5.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [3.7.2012 15:00 113120]
S4 gupdate1c9fcd1a3051fda;Služba Google Update (gupdate1c9fcd1a3051fda);c:\program files\Google\Update\GoogleUpdate.exe [4.7.2009 20:02 133104]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4.7.2009 20:02 133104]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSLEF1EC7D7
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 16:10]
.
2012-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-09-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-04 20:44]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 18:02]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-04 18:02]
.
2012-09-26 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://www.miga.cz/WinWebPush.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\4yax725e.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-27 09:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\H\LOCALS~1\Temp\OYD6A5.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-2025429265-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,d9,01,31,f5,25,ef,49,be,87,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,d9,01,31,f5,25,ef,49,be,87,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1828)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2012-09-27 09:16:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-27 07:16
.
Před spuštěním: Volných bajtů: 44 604 510 208
Po spuštění: Volných bajtů: 44 554 842 112
.
- - End Of File - - A12438B2D66BEE0751DA203ADEC756C2

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Abychom tam nemuseli znovu pouštět ComboFix najdi a smaž :

c:\documents and settings\All Users\Data aplikací\Ask

Pak dej vědět jaký je stav PC.

dobré ráno,

všechno provedeno, řekl bych že nabíhání PC se zrychlilo o 25procent..


díky moc, hezký den

Není zač a