
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
RunDLL sshnas21.dll
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
RunDLL sshnas21.dll
Mam problem, pri spusteni PC se mi zobrazi hlaska:
RunDLL Při spučtění souboru C:\Windows\system32\sshnas21.dll doslo k problemu. Uvedeny modul nebyl nalezen.
A jeste pred tim nez se mi tam zacala zobrazovat mi AVG 9 Free nasel na tomto miste Trojky kun FakeAV.FT
Mam Win 7 32bit upgradovany z Win vista 32bit
Poradte prosim jak to mam odstranit
RunDLL Při spučtění souboru C:\Windows\system32\sshnas21.dll doslo k problemu. Uvedeny modul nebyl nalezen.
A jeste pred tim nez se mi tam zacala zobrazovat mi AVG 9 Free nasel na tomto miste Trojky kun FakeAV.FT
Mam Win 7 32bit upgradovany z Win vista 32bit
Poradte prosim jak to mam odstranit
- Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: RunDLL sshnas21.dll
Pravděpodobně byl ten soubor nakažený a AVG ho smazal.
~~~
Random's System Information Tool
ComboFix
~~~
Random's System Information Tool
- Stáhněte a uložte na Plochu RSIT.
- Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
- Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
- Pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt
- Obsah tohoto logu vložte do svého příspěvku.
ComboFix
- Stáhněte a uložte na Plochu ComboFix.
- Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
- Spusťte ho s administrátorským oprávněním.
- Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'.
- Budete také dotázáni na instalaci konzole pro zotavení, taktéž klikněte na 'Ano'.
- Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat.
- Váš PC bude pravděpodobně restartován, tak se toho nelekněte.
- Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
- Po skončení skenu (či následném restartu) na Vás 'vypadne' log, který vkopírujete ve formě textu sem.
- Pokud žádný log 'nevypadne', naleznete jej v umístění C:\ComboFix.txt
inactive
Re: RunDLL sshnas21.dll
A jak mam odstranit tu hlasku ktera mi vyskakuje pri spusteni PC ze mi chybi ten sshnas21.dll?
- Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
-
- Návštěvník
- Příspěvky: 1
- Registrován: 09 úno 2010 22:24
Re: RunDLL sshnas21.dll
Mám stejný problém !!
Logfile of random's system information tool 1.06 (written by random/random)
Run by Aleš at 2010-02-09 22:20:47
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 44 GB (41%) free of 106 GB
Total RAM: 2812 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:52, on 9.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Users\ALE~1\AppData\Local\Temp\Kwc.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\System32\mobsync.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Users\ALE~1\AppData\Local\Temp\Kwd.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet download manager\IDMan.exe
C:\Program Files\Internet download manager\IEMonitor.exe
C:\Dowloand\RSIT.exe
C:\Program Files\trend micro\Aleš.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-zones.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-zones.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-zones.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet download manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Users\ALE~1\AppData\Local\Temp\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [F5JMWNZTHI] C:\Users\ALE~1\AppData\Local\Temp\Kwd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet download manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet download manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet download manager\IEGetAll.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\windows\runservice.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 9918 bytes
======Scheduled tasks folder======
C:\windows\tasks\HPCeeScheduleForAleš.job
C:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet download manager\IDMIECC.dll [2007-09-28 95664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
BHO_Startup Class - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2008-05-14 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2008-05-21 58128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LosAlamos"=C:\Users\ALE~1\AppData\Local\Temp\sshnas21.dll [2010-02-08 175104]
"F5JMWNZTHI"=C:\Users\ALE~1\AppData\Local\Temp\Kwd.exe [2010-02-08 132608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5JMWNZTHI]
C:\Users\ALE~1\AppData\Local\Temp\Kwd.exe [2010-02-08 132608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f207920-fbfe-11dd-b274-002186c5552e}]
shell\AutoRun\command - H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛
shell\Explore\command - H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛
shell\open\command - H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5b7881f-14bc-11de-9d71-002186c5552e}]
shell\AutoRun\command - G:\EXTRACTOR.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5b78824-14bc-11de-9d71-002186c5552e}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f39dab8e-a9ba-11de-99d3-002186c5552e}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======File associations======
.js - edit - C:\windows\System32\Notepad.exe %1
.js - open - C:\windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-02-09 22:20:48 ----D---- C:\Program Files\trend micro
2010-02-09 22:20:47 ----D---- C:\rsit
2010-02-08 16:57:32 ----D---- C:\Program Files\Visual Tarot 2009
2010-02-08 00:02:55 ----A---- C:\windows\system32\tr98s2n61c.dll
2010-02-07 21:00:57 ----D---- C:\Program Files\Change7 Tarot
2010-02-05 21:25:26 ----D---- C:\Users\Aleš\AppData\Roaming\AnvSoft
2010-02-05 21:25:22 ----D---- C:\Program Files\AnvSoft
2010-02-03 00:47:06 ----D---- C:\Program Files\numerist
2010-01-23 21:59:13 ----A---- C:\windows\system32\mshtml.dll
2010-01-23 21:59:12 ----A---- C:\windows\system32\ieframe.dll
2010-01-23 21:59:11 ----A---- C:\windows\system32\iertutil.dll
2010-01-23 21:59:09 ----A---- C:\windows\system32\wininet.dll
2010-01-23 21:59:09 ----A---- C:\windows\system32\urlmon.dll
2010-01-23 21:59:08 ----A---- C:\windows\system32\occache.dll
2010-01-23 21:59:08 ----A---- C:\windows\system32\msfeeds.dll
2010-01-23 21:59:08 ----A---- C:\windows\system32\ieui.dll
2010-01-23 21:59:08 ----A---- C:\windows\system32\iedkcs32.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\msfeedssync.exe
2010-01-23 21:59:07 ----A---- C:\windows\system32\msfeedsbs.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\jsproxy.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\ieUnatt.exe
2010-01-23 21:59:07 ----A---- C:\windows\system32\iesysprep.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\iesetup.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\iernonce.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\iepeers.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\ie4uinit.exe
2010-01-13 20:45:05 ----A---- C:\windows\system32\t2embed.dll
2010-01-13 20:45:05 ----A---- C:\windows\system32\fontsub.dll
======List of files/folders modified in the last 1 months======
2010-02-09 22:21:01 ----D---- C:\windows\Temp
2010-02-09 22:20:48 ----RD---- C:\Program Files
2010-02-09 22:20:38 ----D---- C:\Dowloand
2010-02-09 22:20:29 ----D---- C:\Users\Aleš\AppData\Roaming\IDM
2010-02-09 22:20:28 ----D---- C:\Users\Aleš\AppData\Roaming\DMCache
2010-02-09 22:09:49 ----D---- C:\windows\system32\Tasks
2010-02-09 22:09:48 ----D---- C:\windows\Tasks
2010-02-09 21:38:31 ----D---- C:\windows\System32
2010-02-09 21:38:31 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-02-09 21:38:30 ----D---- C:\windows\inf
2010-02-09 21:32:09 ----A---- C:\windows\system32\rpcnetp.exe
2010-02-09 21:32:06 ----A---- C:\windows\system32\rpcnet.dll
2010-02-09 21:32:05 ----D---- C:\ProgramData\hpqLog
2010-02-09 21:31:27 ----D---- C:\windows\system32\Msdtc
2010-02-09 21:31:24 ----D---- C:\windows\system32\wbem
2010-02-09 21:31:24 ----D---- C:\Windows
2010-02-09 21:30:18 ----D---- C:\windows\system32\config
2010-02-09 21:30:07 ----D---- C:\windows\system32\spool
2010-02-09 21:30:07 ----D---- C:\windows\system32\catroot2
2010-02-09 21:30:07 ----D---- C:\Users\Aleš\AppData\Roaming\uTorrent
2010-02-09 21:30:07 ----D---- C:\Users\Aleš\AppData\Roaming\IrfanView
2010-02-09 21:30:07 ----D---- C:\Users\Aleš\AppData\Roaming\GHISLER
2010-02-09 21:30:06 ----D---- C:\windows\registration
2010-02-09 21:28:21 ----SHD---- C:\System Volume Information
2010-02-09 21:02:35 ----D---- C:\windows\tracing
2010-02-08 17:02:52 ----D---- C:\windows\AppPatch
2010-02-08 14:54:19 ----D---- C:\Users\Aleš\AppData\Roaming\Skype
2010-02-08 13:59:36 ----D---- C:\Users\Aleš\AppData\Roaming\skypePM
2010-02-08 00:04:27 ----SHD---- C:\windows\Installer
2010-02-03 19:55:34 ----D---- C:\Program Files\ATI
2010-02-03 18:14:24 ----D---- C:\windows\winsxs
2010-01-30 22:43:18 ----D---- C:\Program Files\Common Files\Nero
2010-01-30 22:41:41 ----D---- C:\ProgramData\Nero
2010-01-30 21:38:14 ----A---- C:\fftrlog.txt
2010-01-30 21:38:12 ----A---- C:\windows\J_A_D.ini
2010-01-27 21:15:56 ----D---- C:\Program Files\Internet Explorer
2010-01-27 20:53:08 ----D---- C:\windows\system32\catroot
2010-01-26 18:45:55 ----SD---- C:\Users\Aleš\AppData\Roaming\Microsoft
2010-01-24 22:12:40 ----D---- C:\windows\system32\migration
2010-01-14 11:12:06 ----N---- C:\windows\system32\MpSigStub.exe
2010-01-13 22:59:44 ----D---- C:\Program Files\Windows Mail
2010-01-10 22:45:08 ----D---- C:\Westwood
2010-01-10 20:59:23 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2008-05-30 12496]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2009-06-15 279712]
R2 Ethpdrv;Ethernet Packet Driver; C:\windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2009-06-15 25888]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2008-08-07 34608]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2008-04-11 382464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2009-11-04 5079040]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl6.sys [2008-03-21 1207288]
R3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2008-05-28 80424]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2008-05-28 81960]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2008-05-28 16168]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2008-04-14 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 Pcouffin;Low level access layer for CD devices; C:\windows\System32\Drivers\Pcouffin.sys [2009-04-27 47360]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2009-03-27 1810992]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk60x86.sys [2008-12-09 311808]
S3 awj13djc;awj13djc; C:\windows\system32\drivers\awj13djc.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IpwP;IPWireless 3G Network Adapter; C:\windows\system32\DRIVERS\ipw3gnet.sys [2008-03-27 51040]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 usb_rndisx;Adaptér USB RNDIS; C:\windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576]
R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2007-10-19 86016]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2009-11-04 172032]
R2 ASBroker;Logon Session Broker; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-02 18944]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-30 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-14 77824]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2008-08-07 24880]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LicCtrlService;LicCtrl Service; C:\windows\runservice.exe [2009-04-04 2560]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\windows\system32\rpcnet.exe [2009-06-05 56680]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2009-09-12 181312]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2008-01-21 21504]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-12-14 435016]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Aleš at 2010-02-09 22:20:47
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 44 GB (41%) free of 106 GB
Total RAM: 2812 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:52, on 9.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Users\ALE~1\AppData\Local\Temp\Kwc.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\System32\mobsync.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashLogV.exe
C:\Users\ALE~1\AppData\Local\Temp\Kwd.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet download manager\IDMan.exe
C:\Program Files\Internet download manager\IEMonitor.exe
C:\Dowloand\RSIT.exe
C:\Program Files\trend micro\Aleš.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-zones.cz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-zones.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-zones.cz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet download manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Users\ALE~1\AppData\Local\Temp\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [F5JMWNZTHI] C:\Users\ALE~1\AppData\Local\Temp\Kwd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet download manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet download manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet download manager\IEGetAll.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos-be ... canner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\windows\runservice.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 9918 bytes
======Scheduled tasks folder======
C:\windows\tasks\HPCeeScheduleForAleš.job
C:\windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet download manager\IDMIECC.dll [2007-09-28 95664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
BHO_Startup Class - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2008-05-14 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2008-05-21 58128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LosAlamos"=C:\Users\ALE~1\AppData\Local\Temp\sshnas21.dll [2010-02-08 175104]
"F5JMWNZTHI"=C:\Users\ALE~1\AppData\Local\Temp\Kwd.exe [2010-02-08 132608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5JMWNZTHI]
C:\Users\ALE~1\AppData\Local\Temp\Kwd.exe [2010-02-08 132608]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f207920-fbfe-11dd-b274-002186c5552e}]
shell\AutoRun\command - H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛
shell\Explore\command - H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛
shell\open\command - H:\cold\hott\±Ą¶ş˛ ¸ĄĽů˛Ż˛
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5b7881f-14bc-11de-9d71-002186c5552e}]
shell\AutoRun\command - G:\EXTRACTOR.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5b78824-14bc-11de-9d71-002186c5552e}]
shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f39dab8e-a9ba-11de-99d3-002186c5552e}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======File associations======
.js - edit - C:\windows\System32\Notepad.exe %1
.js - open - C:\windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-02-09 22:20:48 ----D---- C:\Program Files\trend micro
2010-02-09 22:20:47 ----D---- C:\rsit
2010-02-08 16:57:32 ----D---- C:\Program Files\Visual Tarot 2009
2010-02-08 00:02:55 ----A---- C:\windows\system32\tr98s2n61c.dll
2010-02-07 21:00:57 ----D---- C:\Program Files\Change7 Tarot
2010-02-05 21:25:26 ----D---- C:\Users\Aleš\AppData\Roaming\AnvSoft
2010-02-05 21:25:22 ----D---- C:\Program Files\AnvSoft
2010-02-03 00:47:06 ----D---- C:\Program Files\numerist
2010-01-23 21:59:13 ----A---- C:\windows\system32\mshtml.dll
2010-01-23 21:59:12 ----A---- C:\windows\system32\ieframe.dll
2010-01-23 21:59:11 ----A---- C:\windows\system32\iertutil.dll
2010-01-23 21:59:09 ----A---- C:\windows\system32\wininet.dll
2010-01-23 21:59:09 ----A---- C:\windows\system32\urlmon.dll
2010-01-23 21:59:08 ----A---- C:\windows\system32\occache.dll
2010-01-23 21:59:08 ----A---- C:\windows\system32\msfeeds.dll
2010-01-23 21:59:08 ----A---- C:\windows\system32\ieui.dll
2010-01-23 21:59:08 ----A---- C:\windows\system32\iedkcs32.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\msfeedssync.exe
2010-01-23 21:59:07 ----A---- C:\windows\system32\msfeedsbs.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\jsproxy.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\ieUnatt.exe
2010-01-23 21:59:07 ----A---- C:\windows\system32\iesysprep.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\iesetup.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\iernonce.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\iepeers.dll
2010-01-23 21:59:07 ----A---- C:\windows\system32\ie4uinit.exe
2010-01-13 20:45:05 ----A---- C:\windows\system32\t2embed.dll
2010-01-13 20:45:05 ----A---- C:\windows\system32\fontsub.dll
======List of files/folders modified in the last 1 months======
2010-02-09 22:21:01 ----D---- C:\windows\Temp
2010-02-09 22:20:48 ----RD---- C:\Program Files
2010-02-09 22:20:38 ----D---- C:\Dowloand
2010-02-09 22:20:29 ----D---- C:\Users\Aleš\AppData\Roaming\IDM
2010-02-09 22:20:28 ----D---- C:\Users\Aleš\AppData\Roaming\DMCache
2010-02-09 22:09:49 ----D---- C:\windows\system32\Tasks
2010-02-09 22:09:48 ----D---- C:\windows\Tasks
2010-02-09 21:38:31 ----D---- C:\windows\System32
2010-02-09 21:38:31 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-02-09 21:38:30 ----D---- C:\windows\inf
2010-02-09 21:32:09 ----A---- C:\windows\system32\rpcnetp.exe
2010-02-09 21:32:06 ----A---- C:\windows\system32\rpcnet.dll
2010-02-09 21:32:05 ----D---- C:\ProgramData\hpqLog
2010-02-09 21:31:27 ----D---- C:\windows\system32\Msdtc
2010-02-09 21:31:24 ----D---- C:\windows\system32\wbem
2010-02-09 21:31:24 ----D---- C:\Windows
2010-02-09 21:30:18 ----D---- C:\windows\system32\config
2010-02-09 21:30:07 ----D---- C:\windows\system32\spool
2010-02-09 21:30:07 ----D---- C:\windows\system32\catroot2
2010-02-09 21:30:07 ----D---- C:\Users\Aleš\AppData\Roaming\uTorrent
2010-02-09 21:30:07 ----D---- C:\Users\Aleš\AppData\Roaming\IrfanView
2010-02-09 21:30:07 ----D---- C:\Users\Aleš\AppData\Roaming\GHISLER
2010-02-09 21:30:06 ----D---- C:\windows\registration
2010-02-09 21:28:21 ----SHD---- C:\System Volume Information
2010-02-09 21:02:35 ----D---- C:\windows\tracing
2010-02-08 17:02:52 ----D---- C:\windows\AppPatch
2010-02-08 14:54:19 ----D---- C:\Users\Aleš\AppData\Roaming\Skype
2010-02-08 13:59:36 ----D---- C:\Users\Aleš\AppData\Roaming\skypePM
2010-02-08 00:04:27 ----SHD---- C:\windows\Installer
2010-02-03 19:55:34 ----D---- C:\Program Files\ATI
2010-02-03 18:14:24 ----D---- C:\windows\winsxs
2010-01-30 22:43:18 ----D---- C:\Program Files\Common Files\Nero
2010-01-30 22:41:41 ----D---- C:\ProgramData\Nero
2010-01-30 21:38:14 ----A---- C:\fftrlog.txt
2010-01-30 21:38:12 ----A---- C:\windows\J_A_D.ini
2010-01-27 21:15:56 ----D---- C:\Program Files\Internet Explorer
2010-01-27 20:53:08 ----D---- C:\windows\system32\catroot
2010-01-26 18:45:55 ----SD---- C:\Users\Aleš\AppData\Roaming\Microsoft
2010-01-24 22:12:40 ----D---- C:\windows\system32\migration
2010-01-14 11:12:06 ----N---- C:\windows\system32\MpSigStub.exe
2010-01-13 22:59:44 ----D---- C:\Program Files\Windows Mail
2010-01-10 22:45:08 ----D---- C:\Westwood
2010-01-10 20:59:23 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2008-05-30 12496]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2009-06-15 279712]
R2 Ethpdrv;Ethernet Packet Driver; C:\windows\system32\DRIVERS\ethpdrv.sys [2007-08-01 16376]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2009-06-15 25888]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2008-08-07 34608]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2008-04-11 382464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-11-21 1204128]
R3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2009-11-04 5079040]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl6.sys [2008-03-21 1207288]
R3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2008-05-28 80424]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2008-05-28 81960]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2008-05-28 16168]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2008-04-14 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 Pcouffin;Low level access layer for CD devices; C:\windows\System32\Drivers\Pcouffin.sys [2009-04-27 47360]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2009-03-27 1810992]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk60x86.sys [2008-12-09 311808]
S3 awj13djc;awj13djc; C:\windows\system32\drivers\awj13djc.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IpwP;IPWireless 3G Network Adapter; C:\windows\system32\DRIVERS\ipw3gnet.sys [2008-03-27 51040]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 usb_rndisx;Adaptér USB RNDIS; C:\windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576]
R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2007-10-19 86016]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2009-11-04 172032]
R2 ASBroker;Logon Session Broker; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 ASChannel;Local Communication Channel; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-02 18944]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-30 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-14 77824]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2008-08-07 24880]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LicCtrlService;LicCtrl Service; C:\windows\runservice.exe [2009-04-04 2560]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\windows\system32\rpcnet.exe [2009-06-05 56680]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [2009-09-12 181312]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-17 1021256]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2008-01-21 21504]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\windows\system32\svchost.exe [2008-01-21 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-12-14 435016]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
- Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: RunDLL sshnas21.dll
No do systemu se dostanu ale stve me jak se to tam porad zobrazuje pri startu.
- Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: RunDLL sshnas21.dll
Tak udělejte uvedený postup, ať můžeme pokračovat, samozřejmě tento problém vyřešíme. 

inactive
Re: RunDLL sshnas21.dll
Diky a jaky postup? 

- Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: RunDLL sshnas21.dll
Můj druhý příspěvek...
~~~
Random's System Information Tool
ComboFix
~~~
Random's System Information Tool
- Stáhněte a uložte na Plochu RSIT.
- Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
- Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
- Pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt
- Obsah tohoto logu vložte do svého příspěvku.
ComboFix
- Stáhněte a uložte na Plochu ComboFix.
- Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
- Spusťte ho s administrátorským oprávněním.
- Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'.
- Budete také dotázáni na instalaci konzole pro zotavení, taktéž klikněte na 'Ano'.
- Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat.
- Váš PC bude pravděpodobně restartován, tak se toho nelekněte.
- Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
- Po skončení skenu (či následném restartu) na Vás 'vypadne' log, který vkopírujete ve formě textu sem.
- Pokud žádný log 'nevypadne', naleznete jej v umístění C:\ComboFix.txt
inactive
Re: RunDLL sshnas21.dll
Tady davam log z combofixu:
ComboFix 10-02-09.04 - lukeec 10.02.2010 19:14:03.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3037.2352 [GMT 1:00]
Spuštěný z: c:\users\lukeec\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je vypnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\components\config.ini
c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Search Settings
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\users\lukeec\AppData\Roaming\inst.exe
c:\windows\msvrc20.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 18:20 . 2010-02-10 18:20 -------- d-----w- c:\users\lukeec\AppData\Local\temp
2010-02-10 18:20 . 2010-02-10 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-10 14:58 . 2010-02-10 14:58 -------- d-----w- c:\users\lukeec\AppData\Roaming\Leadertech
2010-02-10 14:43 . 2010-02-10 14:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-09 18:13 . 2010-02-09 18:01 298104 ----a-w- c:\windows\system32\imon.dll
2010-02-09 18:13 . 2010-02-09 18:01 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-02-09 18:13 . 2010-02-09 18:01 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-02-09 14:36 . 2010-02-10 17:33 -------- d-----w- c:\program files\trend micro
2010-02-09 14:36 . 2010-02-09 14:36 -------- d-----w- C:\rsit
2010-02-07 11:01 . 2010-02-07 11:01 -------- d-----w- c:\users\lukeec\AppData\Local\PunkBuster
2010-02-07 10:48 . 2010-02-07 11:11 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-07 10:48 . 2010-02-07 11:18 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-07 10:48 . 2010-02-07 10:48 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-07 10:48 . 2010-02-07 10:48 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-02-06 22:20 . 2010-02-06 22:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-06 16:44 . 2010-02-06 16:44 -------- d-----w- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP
2010-02-06 09:41 . 2010-02-06 09:41 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-03 18:28 . 2010-02-03 18:28 -------- d-----w- c:\users\lukeec\AppData\Local\BC
2010-02-03 18:28 . 2010-02-03 18:28 -------- d-----w- c:\programdata\BC
2010-01-27 06:01 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 06:01 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-24 10:30 . 2010-02-06 09:20 -------- d-----w- c:\programdata\Codemasters
2010-01-24 09:40 . 2010-01-24 09:40 -------- d-----w- c:\program files\ESET
2010-01-23 18:59 . 2008-03-03 13:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2010-01-23 09:39 . 2010-01-24 10:40 -------- d-----w- c:\program files\Moon Valley Software
2010-01-22 16:59 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 15:00 . 2010-01-21 15:00 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-01-20 15:04 . 2010-01-20 15:04 -------- d-----w- c:\programdata\Solidshield
2010-01-18 16:00 . 2010-01-18 16:00 -------- d-----w- c:\users\lukeec\AppData\Local\AOL
2010-01-15 20:34 . 2010-01-15 20:35 -------- d-----w- c:\users\lukeec\AppData\Local\NFS Underground 2
2010-01-13 14:15 . 2010-01-13 14:15 -------- d-----w- c:\program files\Common Files\Microsoft Games
2010-01-13 09:06 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 09:06 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 17:07 . 2009-11-18 16:41 -------- d-----w- c:\users\lukeec\AppData\Roaming\ICQ
2010-02-10 14:42 . 2009-07-14 08:44 622660 ----a-w- c:\windows\system32\perfh005.dat
2010-02-10 14:42 . 2009-07-14 08:44 118810 ----a-w- c:\windows\system32\perfc005.dat
2010-02-10 14:07 . 2009-11-18 15:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 13:58 . 2009-12-02 15:50 -------- d-----w- c:\users\lukeec\AppData\Roaming\Skype
2010-02-10 13:46 . 2009-12-02 15:54 -------- d-----w- c:\users\lukeec\AppData\Roaming\skypePM
2010-02-09 20:56 . 2009-11-26 20:48 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-09 18:12 . 2009-11-18 17:25 -------- d-----w- c:\programdata\avg9
2010-02-07 10:48 . 2010-02-07 10:48 138056 ----a-w- c:\users\lukeec\AppData\Roaming\PnkBstrK.sys
2010-02-06 16:44 . 2009-11-26 20:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-24 10:27 . 2009-12-12 11:35 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-24 10:27 . 2009-12-12 11:35 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-24 10:27 . 2009-12-12 11:35 -------- d-----w- c:\program files\OpenAL
2010-01-19 05:50 . 2009-11-18 16:42 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-18 16:00 . 2009-11-18 16:42 -------- d-----w- c:\programdata\ICQ
2010-01-13 15:07 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-01-10 19:38 . 2010-01-10 18:29 -------- d-----w- c:\users\lukeec\AppData\Roaming\Nero
2010-01-10 18:29 . 2010-01-10 18:28 -------- d-----w- c:\program files\Common Files\Nero
2010-01-10 18:28 . 2010-01-10 18:28 -------- d-----w- c:\programdata\Nero
2010-01-10 13:39 . 2010-01-10 13:39 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-01-09 17:17 . 2010-01-09 17:17 -------- d-----w- c:\program files\WEBZEN
2010-01-08 22:01 . 2009-12-06 18:07 -------- d-----w- c:\users\lukeec\AppData\Roaming\Vso
2010-01-08 22:01 . 2010-01-08 21:45 94208 ----a-w- c:\users\lukeec\AppData\Roaming\ezplay.sys
2010-01-08 22:01 . 2009-12-06 18:07 47360 ----a-w- c:\users\lukeec\AppData\Roaming\pcouffin.sys
2010-01-08 21:45 . 2010-01-08 21:45 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
2010-01-07 20:51 . 2010-01-07 20:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 20:51 . 2010-01-07 20:51 -------- d-----w- c:\program files\Java
2010-01-01 11:46 . 2010-01-01 11:46 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-12-31 12:33 . 2009-11-18 16:19 -------- d-----w- c:\programdata\NVIDIA
2009-12-31 12:21 . 2009-12-31 12:19 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-31 11:30 . 2009-12-31 11:29 -------- d-----w- c:\programdata\PCPitstop
2009-12-30 12:57 . 2009-11-18 15:58 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-29 22:45 . 2009-12-29 22:45 -------- d-----w- c:\programdata\Electronic Arts
2009-12-26 19:42 . 2009-12-26 19:42 -------- d-----w- c:\programdata\Apple Computer
2009-12-26 19:41 . 2009-12-26 19:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-26 19:41 . 2009-12-26 19:41 -------- d-----w- c:\programdata\Apple
2009-12-26 19:41 . 2009-12-26 19:41 -------- d-----w- c:\program files\Apple Software Update
2009-12-24 13:59 . 2009-12-24 13:59 -------- d-----w- c:\users\lukeec\AppData\Roaming\Touchstone
2009-12-23 20:36 . 2009-12-23 20:36 -------- d-----w- c:\programdata\vsosdk
2009-12-23 12:18 . 2009-12-23 12:18 -------- d-----w- c:\program files\WMV9_VCM
2009-12-22 19:14 . 2009-12-22 19:14 -------- d-----w- c:\program files\Application Updater
2009-12-22 19:00 . 2009-12-06 18:07 -------- d-----w- c:\program files\VSO
2009-12-14 15:48 . 2009-12-14 15:48 -------- d-----w- c:\users\lukeec\AppData\Roaming\Ashampoo
2009-12-13 15:06 . 2009-12-13 14:46 -------- d-----w- c:\program files\Common Files\Steam
2009-12-12 19:50 . 2009-11-18 15:56 61736 ----a-w- c:\users\lukeec\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-06 18:07 . 2009-12-06 18:07 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-02 15:54 . 2009-12-02 15:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-26 20:49 . 2009-11-26 20:49 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-26 20:48 . 2009-11-26 20:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-11-24 14:27 . 2010-01-09 17:17 53616 ----a-w- c:\windows\system32\CMStarter_Eng.dll
2009-11-24 14:27 . 2010-01-09 17:17 53616 ----a-w- c:\windows\system32\CMStarter_Kor.dll
2009-11-24 14:27 . 2010-01-09 17:17 364912 ----a-w- c:\windows\system32\CMStarterCore.exe
2009-11-20 19:33 . 2009-11-20 19:33 87144 ----a-w- c:\windows\system32\nvhotkey.dll
2009-11-20 19:33 . 2009-11-20 19:33 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33 . 2009-11-20 19:33 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-11-20 19:33 . 2009-11-20 19:33 1323624 ----a-w- c:\windows\system32\nvsvcr.dll
2009-11-20 19:33 . 2009-11-20 19:33 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33 . 2009-11-20 19:33 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33 . 2009-11-20 19:33 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-19 20:42 . 2009-11-18 16:02 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-19 14:24 . 2009-11-19 14:24 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-13 08:47 . 2009-11-13 08:47 58368 ----a-w- c:\windows\system32\drivers\L1C62x86.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_P.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="c:\hry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe" [2010-02-10 306088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-02 482360]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"QuickTime Task"="c:\programy\quickgimd\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-07 149280]
"nod32kui"="c:\programy\NOD\nod32kui.exe" [2010-02-09 949376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\programy\PowerISO\PWRISOVM.EXE
R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [9.2.2010 19:13 15424]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.7.2009 0:52 48128]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16.12.2009 17:38 375296]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.1.2010 17:01 246520]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\System32\drivers\L1C62x86.sys [13.11.2009 9:47 58368]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\System32\drivers\NETw5s32.sys [15.9.2009 19:40 6114816]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14.7.2009 0:52 14336]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [19.11.2009 15:24 691696]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\System32\drivers\netw5v32.sys [10.6.2009 22:18 4231168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNman000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\programy\icq\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\users\lukeec\AppData\Roaming\Mozilla\Firefox\Profiles\ae5zpljk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://btjunkie.org/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: c:\programy\mozila\components\xpinstal.dll
---- NASTAVENÍ FIREFOXU ----
c:\programy\mozila\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\programy\mozila\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\programy\mozila\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\programy\mozila\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\programy\mozila\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/updat ... oz:version}&");
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/looku ... oz:version}&");
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\SearchSettings.dll
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\SearchSettings.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-02-10 19:26:51
ComboFix-quarantined-files.txt 2010-02-10 18:26
Před spuštěním: Volných bajtů: 54 303 637 504
Po spuštění: Volných bajtů: 53 995 184 128
- - End Of File - - AEC7D8EDD080300C8CE526918BA6F204
ComboFix 10-02-09.04 - lukeec 10.02.2010 19:14:03.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3037.2352 [GMT 1:00]
Spuštěný z: c:\users\lukeec\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je vypnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\components\config.ini
c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\program files\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Search Settings
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\users\lukeec\AppData\Roaming\inst.exe
c:\windows\msvrc20.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-10 do 2010-02-10 )))))))))))))))))))))))))))))))
.
2010-02-10 18:20 . 2010-02-10 18:20 -------- d-----w- c:\users\lukeec\AppData\Local\temp
2010-02-10 18:20 . 2010-02-10 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-10 14:58 . 2010-02-10 14:58 -------- d-----w- c:\users\lukeec\AppData\Roaming\Leadertech
2010-02-10 14:43 . 2010-02-10 14:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-09 18:13 . 2010-02-09 18:01 298104 ----a-w- c:\windows\system32\imon.dll
2010-02-09 18:13 . 2010-02-09 18:01 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2010-02-09 18:13 . 2010-02-09 18:01 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2010-02-09 14:36 . 2010-02-10 17:33 -------- d-----w- c:\program files\trend micro
2010-02-09 14:36 . 2010-02-09 14:36 -------- d-----w- C:\rsit
2010-02-07 11:01 . 2010-02-07 11:01 -------- d-----w- c:\users\lukeec\AppData\Local\PunkBuster
2010-02-07 10:48 . 2010-02-07 11:11 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-07 10:48 . 2010-02-07 11:18 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-07 10:48 . 2010-02-07 10:48 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-07 10:48 . 2010-02-07 10:48 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-02-06 22:20 . 2010-02-06 22:20 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-06 16:44 . 2010-02-06 16:44 -------- d-----w- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP
2010-02-06 09:41 . 2010-02-06 09:41 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-03 18:28 . 2010-02-03 18:28 -------- d-----w- c:\users\lukeec\AppData\Local\BC
2010-02-03 18:28 . 2010-02-03 18:28 -------- d-----w- c:\programdata\BC
2010-01-27 06:01 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 06:01 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-24 10:30 . 2010-02-06 09:20 -------- d-----w- c:\programdata\Codemasters
2010-01-24 09:40 . 2010-01-24 09:40 -------- d-----w- c:\program files\ESET
2010-01-23 18:59 . 2008-03-03 13:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2010-01-23 09:39 . 2010-01-24 10:40 -------- d-----w- c:\program files\Moon Valley Software
2010-01-22 16:59 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 15:00 . 2010-01-21 15:00 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2010-01-20 15:04 . 2010-01-20 15:04 -------- d-----w- c:\programdata\Solidshield
2010-01-18 16:00 . 2010-01-18 16:00 -------- d-----w- c:\users\lukeec\AppData\Local\AOL
2010-01-15 20:34 . 2010-01-15 20:35 -------- d-----w- c:\users\lukeec\AppData\Local\NFS Underground 2
2010-01-13 14:15 . 2010-01-13 14:15 -------- d-----w- c:\program files\Common Files\Microsoft Games
2010-01-13 09:06 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 09:06 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 17:07 . 2009-11-18 16:41 -------- d-----w- c:\users\lukeec\AppData\Roaming\ICQ
2010-02-10 14:42 . 2009-07-14 08:44 622660 ----a-w- c:\windows\system32\perfh005.dat
2010-02-10 14:42 . 2009-07-14 08:44 118810 ----a-w- c:\windows\system32\perfc005.dat
2010-02-10 14:07 . 2009-11-18 15:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 13:58 . 2009-12-02 15:50 -------- d-----w- c:\users\lukeec\AppData\Roaming\Skype
2010-02-10 13:46 . 2009-12-02 15:54 -------- d-----w- c:\users\lukeec\AppData\Roaming\skypePM
2010-02-09 20:56 . 2009-11-26 20:48 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-09 18:12 . 2009-11-18 17:25 -------- d-----w- c:\programdata\avg9
2010-02-07 10:48 . 2010-02-07 10:48 138056 ----a-w- c:\users\lukeec\AppData\Roaming\PnkBstrK.sys
2010-02-06 16:44 . 2009-11-26 20:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-24 10:27 . 2009-12-12 11:35 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-24 10:27 . 2009-12-12 11:35 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-24 10:27 . 2009-12-12 11:35 -------- d-----w- c:\program files\OpenAL
2010-01-19 05:50 . 2009-11-18 16:42 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-18 16:00 . 2009-11-18 16:42 -------- d-----w- c:\programdata\ICQ
2010-01-13 15:07 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-01-10 19:38 . 2010-01-10 18:29 -------- d-----w- c:\users\lukeec\AppData\Roaming\Nero
2010-01-10 18:29 . 2010-01-10 18:28 -------- d-----w- c:\program files\Common Files\Nero
2010-01-10 18:28 . 2010-01-10 18:28 -------- d-----w- c:\programdata\Nero
2010-01-10 13:39 . 2010-01-10 13:39 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-01-09 17:17 . 2010-01-09 17:17 -------- d-----w- c:\program files\WEBZEN
2010-01-08 22:01 . 2009-12-06 18:07 -------- d-----w- c:\users\lukeec\AppData\Roaming\Vso
2010-01-08 22:01 . 2010-01-08 21:45 94208 ----a-w- c:\users\lukeec\AppData\Roaming\ezplay.sys
2010-01-08 22:01 . 2009-12-06 18:07 47360 ----a-w- c:\users\lukeec\AppData\Roaming\pcouffin.sys
2010-01-08 21:45 . 2010-01-08 21:45 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
2010-01-07 20:51 . 2010-01-07 20:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-07 20:51 . 2010-01-07 20:51 -------- d-----w- c:\program files\Java
2010-01-01 11:46 . 2010-01-01 11:46 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-12-31 12:33 . 2009-11-18 16:19 -------- d-----w- c:\programdata\NVIDIA
2009-12-31 12:21 . 2009-12-31 12:19 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-31 11:30 . 2009-12-31 11:29 -------- d-----w- c:\programdata\PCPitstop
2009-12-30 12:57 . 2009-11-18 15:58 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-29 22:45 . 2009-12-29 22:45 -------- d-----w- c:\programdata\Electronic Arts
2009-12-26 19:42 . 2009-12-26 19:42 -------- d-----w- c:\programdata\Apple Computer
2009-12-26 19:41 . 2009-12-26 19:41 -------- d-----w- c:\program files\Common Files\Apple
2009-12-26 19:41 . 2009-12-26 19:41 -------- d-----w- c:\programdata\Apple
2009-12-26 19:41 . 2009-12-26 19:41 -------- d-----w- c:\program files\Apple Software Update
2009-12-24 13:59 . 2009-12-24 13:59 -------- d-----w- c:\users\lukeec\AppData\Roaming\Touchstone
2009-12-23 20:36 . 2009-12-23 20:36 -------- d-----w- c:\programdata\vsosdk
2009-12-23 12:18 . 2009-12-23 12:18 -------- d-----w- c:\program files\WMV9_VCM
2009-12-22 19:14 . 2009-12-22 19:14 -------- d-----w- c:\program files\Application Updater
2009-12-22 19:00 . 2009-12-06 18:07 -------- d-----w- c:\program files\VSO
2009-12-14 15:48 . 2009-12-14 15:48 -------- d-----w- c:\users\lukeec\AppData\Roaming\Ashampoo
2009-12-13 15:06 . 2009-12-13 14:46 -------- d-----w- c:\program files\Common Files\Steam
2009-12-12 19:50 . 2009-11-18 15:56 61736 ----a-w- c:\users\lukeec\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-06 18:07 . 2009-12-06 18:07 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-02 15:54 . 2009-12-02 15:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-26 20:49 . 2009-11-26 20:49 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-11-26 20:48 . 2009-11-26 20:48 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-11-24 14:27 . 2010-01-09 17:17 53616 ----a-w- c:\windows\system32\CMStarter_Eng.dll
2009-11-24 14:27 . 2010-01-09 17:17 53616 ----a-w- c:\windows\system32\CMStarter_Kor.dll
2009-11-24 14:27 . 2010-01-09 17:17 364912 ----a-w- c:\windows\system32\CMStarterCore.exe
2009-11-20 19:33 . 2009-11-20 19:33 87144 ----a-w- c:\windows\system32\nvhotkey.dll
2009-11-20 19:33 . 2009-11-20 19:33 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33 . 2009-11-20 19:33 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-11-20 19:33 . 2009-11-20 19:33 1323624 ----a-w- c:\windows\system32\nvsvcr.dll
2009-11-20 19:33 . 2009-11-20 19:33 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33 . 2009-11-20 19:33 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33 . 2009-11-20 19:33 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-19 20:42 . 2009-11-18 16:02 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-19 14:24 . 2009-11-19 14:24 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-13 08:47 . 2009-11-13 08:47 58368 ----a-w- c:\windows\system32\drivers\L1C62x86.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_P.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="c:\hry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe" [2010-02-10 306088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2009-07-02 482360]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"QuickTime Task"="c:\programy\quickgimd\QTTask.exe" [2009-09-05 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-07 149280]
"nod32kui"="c:\programy\NOD\nod32kui.exe" [2010-02-09 949376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\programy\PowerISO\PWRISOVM.EXE
R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [9.2.2010 19:13 15424]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.7.2009 0:52 48128]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [16.12.2009 17:38 375296]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [18.1.2010 17:01 246520]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\System32\drivers\L1C62x86.sys [13.11.2009 9:47 58368]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\System32\drivers\NETw5s32.sys [15.9.2009 19:40 6114816]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\System32\drivers\vwifimp.sys [14.7.2009 0:52 14336]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [19.11.2009 15:24 691696]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\System32\drivers\netw5v32.sys [10.6.2009 22:18 4231168]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNman000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\programy\icq\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\users\lukeec\AppData\Roaming\Mozilla\Firefox\Profiles\ae5zpljk.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://btjunkie.org/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: c:\programy\mozila\components\xpinstal.dll
---- NASTAVENÍ FIREFOXU ----
c:\programy\mozila\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\programy\mozila\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\programy\mozila\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\programy\mozila\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\programy\mozila\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/updat ... oz:version}&");
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/looku ... oz:version}&");
c:\programy\mozila\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\SearchSettings.dll
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\SearchSettings.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-02-10 19:26:51
ComboFix-quarantined-files.txt 2010-02-10 18:26
Před spuštěním: Volných bajtů: 54 303 637 504
Po spuštění: Volných bajtů: 53 995 184 128
- - End Of File - - AEC7D8EDD080300C8CE526918BA6F204
Re: RunDLL sshnas21.dll
Dobrý večer, záskok za kolegu
Gamemon používáte?
Odinstalujte Asktoolbar
Odinstalujte ten nelegální Nod
Podle pravidel fóra se zde nelegálním softwarem nezabýváme,
Obstarejte si legální zabezpečení PC, pak zde vložte log z RSITU a budeme pokračovat
Vyberte si třeba free Avast nebo Aviru a nějaký firewall viewtopic.php?f=29&t=6152 + viewtopic.php?f=41&t=6523.





Obstarejte si legální zabezpečení PC, pak zde vložte log z RSITU a budeme pokračovat

Vyberte si třeba free Avast nebo Aviru a nějaký firewall viewtopic.php?f=29&t=6152 + viewtopic.php?f=41&t=6523.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data

Chcete podpořit naše forum? Informace zde

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.