Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes Vyřešeno

[AleRx8]

Čau, dneska jsem jaksi stahoval to, co jsem neměl, a tady je výsledek:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4379

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.8.2010 16:43:09
mbam-log-2010-08-16 (16-43-09).txt

Typ skenu: Rychlý sken
Skenované objekty: 140764
Uplynulý čas: 4 minuta(y), 4 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 24
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 7
Infikované soubory: 6

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
E:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
E:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
E:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
E:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
E:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
E:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
E:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

Infikované soubory:
E:\Users\AleRx8\Desktop\SmileyCentralPFSetup2.3.69.8.ZNman000.exe (Adware.MyWebSearch) -> No action taken.
E:\Program Files\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> No action taken.
E:\$RECYCLE.BIN\S-1-5-21-1786341700-570025950-2881891393-1000\$RYFQ4CI.5055\Acronis True Image Home 2010 13.0.5055.exe (Trojan.Downloader) -> No action taken.
E:\Users\AleRx8\AppData\Local\temp\Rar$EX00.347\Acronis True Image Home 2010 13.0.5055.exe (Trojan.Downloader) -> No action taken.
E:\Users\AleRx8\AppData\Local\temp\Rar$EX00.466\Acronis True Image Home 2010 13.0.5055.exe (Trojan.Downloader) -> No action taken.
E:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.

Všechny nálezy jsem po vložení logu odstranil.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:42, on 16.8.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
E:\Windows\system32\taskhost.exe
E:\Windows\system32\Dwm.exe
E:\Windows\Explorer.EXE
E:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
E:\Program Files\Ocster Backup\bin\backupClient-ox.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Users\AleRx8\Desktop\hijackthis.exe
E:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml ... raKAoa.ncA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ocster Backup] "E:\Program Files\Ocster Backup\bin\backupClient-ox.exe" --hidden
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-21-1786341700-570025950-2881891393-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '_ocster_backup_')
O4 - HKUS\S-1-5-21-1786341700-570025950-2881891393-1005\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User '_ocster_backup_')
O8 - Extra context menu item: Download all by FlashGet3 - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: e:\program files\vmware\vmware player\vsocklib.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - E:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - E:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - E:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - E:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - E:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Ocster Backup (ocster_backup) - Unknown owner - e:\Program Files\Ocster Backup\bin\backupService-ox.exe
O23 - Service: PnkBstrA - Unknown owner - E:\Windows\system32\PnkBstrA.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - E:\Program Files\Soluto\SolutoService.exe
O23 - Service: Steam Client Service - Valve Corporation - E:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - E:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\Windows\system32\vmnat.exe
O23 - Service: XobniService - Xobni Corporation - E:\Program Files\Xobni\XobniService.exe

--
End of file - 6372 bytes

[Reklama]

[AleRx8]

Tak, hijackthis log už je tam taky

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml ... raKAoa.ncA
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[AleRx8]

Díky

ComboFix 10-08-16.03 - AleRx8 17.08.2010 7:35.3.4 - x86
Microsoft Windows 7 Ultimate N 6.1.7600.0.1250.420.1033.18.3071.2323 [GMT 2:00]
Spuštěný z: e:\users\AleRx8\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\program files\FlashGet Network
e:\program files\FlashGet Network\FlashGet 3\adns.dll
e:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
e:\program files\FlashGet Network\FlashGet 3\BugReport.dll
e:\program files\FlashGet Network\FlashGet 3\BugReport.exe
e:\program files\FlashGet Network\FlashGet 3\cd1.ico
e:\program files\FlashGet Network\FlashGet 3\ckcore.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
e:\program files\FlashGet Network\FlashGet 3\commonlib.dll
e:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
e:\program files\FlashGet Network\FlashGet 3\config\clients.met
e:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
e:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
e:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
e:\program files\FlashGet Network\FlashGet 3\config\known.met
e:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
e:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
e:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
e:\program files\FlashGet Network\FlashGet 3\config\server.met
e:\program files\FlashGet Network\FlashGet 3\config\server_met.old
e:\program files\FlashGet Network\FlashGet 3\config\upload.met
e:\program files\FlashGet Network\FlashGet 3\corestat.dll
e:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
e:\program files\FlashGet Network\FlashGet 3\fg.ico
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
e:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
e:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
e:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
e:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
e:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
e:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
e:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
e:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
e:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
e:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
e:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
e:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
e:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
e:\program files\FlashGet Network\FlashGet 3\game.ico
e:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
e:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
e:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
e:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
e:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
e:\program files\FlashGet Network\FlashGet 3\libem.dll
e:\program files\FlashGet Network\FlashGet 3\license.txt
e:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
e:\program files\FlashGet Network\FlashGet 3\P2PCore.dll
e:\program files\FlashGet Network\FlashGet 3\P2SCore.dll
e:\program files\FlashGet Network\FlashGet 3\perf.ini
e:\program files\FlashGet Network\FlashGet 3\pncrt.dll
e:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
e:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_clock.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_disk.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
e:\program files\FlashGet Network\FlashGet 3\skin\international\Gray\BarSet.png
e:\program files\FlashGet Network\FlashGet 3\storage.dll
e:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
e:\program files\FlashGet Network\FlashGet 3\uninst.exe
e:\program files\FlashGet Network\FlashGet 3\VodCore.dll
e:\program files\FlashGet Network\FlashGet 3\zlib.dll
e:\users\AleRx8\AppData\Roaming\BITS
e:\users\AleRx8\AppData\Roaming\BITS\BITS.ini
e:\users\AleRx8\AppData\Roaming\BITS\DHTTable.dat
e:\users\AleRx8\AppData\Roaming\BITS\P2PCfg.ini
e:\users\AleRx8\AppData\Roaming\BITS\ProxyList.ini
e:\users\AleRx8\AppData\Roaming\BITS\pstat.dat
e:\users\AleRx8\AppData\Roaming\BITS\pup.dat
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200443.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200443.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200449.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200449.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200450.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200450.torrent.bits
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200450.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200450.torrent.statistic
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610203905.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610203905.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626110536.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626110536.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626115313.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626115313.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626115332.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626115332.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100807094542.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100807094542.torrent.filelist
e:\users\AleRx8\AppData\Roaming\FlashGetBHO
e:\users\AleRx8\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
e:\users\AleRx8\AppData\Roaming\FlashGetBHO\FlashGetHook.dll
e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
e:\windows\system32\secushr.dat
e:\windows\system32\secustat.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-17 do 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 05:40 . 2010-08-17 05:41 -------- d-----w- e:\users\AleRx8\AppData\Local\temp
2010-08-17 05:40 . 2010-08-17 05:40 -------- d-----w- e:\users\Default\AppData\Local\temp
2010-08-17 05:40 . 2010-08-17 05:40 -------- d-----w- e:\users\_ocster_backup_\AppData\Local\temp
2010-08-16 15:37 . 2010-08-16 15:37 -------- d-----w- e:\users\AleRx8\AppData\Local\AOL
2010-08-16 11:38 . 2010-08-16 11:40 -------- d-----w- e:\program files\MP3Gain
2010-08-16 07:26 . 2010-08-16 07:30 -------- d-----w- E:\Zálohy
2010-08-15 14:27 . 2010-08-15 14:27 -------- d-----w- e:\users\AleRx8\.Clock-on-Desktop
2010-08-15 14:26 . 2010-08-15 14:26 -------- d-----w- e:\program files\Posibolt Software
2010-08-14 13:13 . 2010-08-14 13:13 -------- d-----w- e:\program files\SopCast
2010-08-13 07:33 . 2009-11-25 16:40 307200 ----a-w- e:\windows\system32\Mp3Ctrl.dll
2010-08-13 07:33 . 2009-09-26 09:00 580096 ----a-w- e:\windows\system32\lame.exe
2010-08-13 07:33 . 2009-09-26 09:00 496640 ----a-w- e:\windows\system32\lame_enc.dll
2010-08-13 07:33 . 2009-07-23 15:28 86016 ----a-w- e:\windows\system32\akrip32.dll
2010-08-13 07:33 . 2009-07-23 15:28 131176 ----a-w- e:\windows\system32\mp3gain.exe
2010-08-13 07:33 . 2003-04-18 14:46 1233920 ----a-w- e:\windows\system32\msxml4.dll
2010-08-13 07:33 . 2003-04-18 14:29 82432 ----a-w- e:\windows\system32\msxml4r.dll
2010-08-13 07:33 . 2010-08-13 07:33 -------- d-----w- e:\program files\Zortam Mp3 Media Studio
2010-08-12 11:40 . 2010-08-12 11:40 -------- d-----w- e:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2010-08-12 10:38 . 2010-08-12 10:38 -------- d-----w- e:\programdata\ATI
2010-08-12 10:37 . 2010-08-12 10:37 -------- d-----w- e:\program files\Common Files\ATI Technologies
2010-08-12 10:36 . 2010-08-12 10:36 -------- d-----w- e:\program files\ATI
2010-08-11 09:41 . 2010-08-11 09:41 -------- d-----w- e:\program files\NVIDIA Corporation
2010-08-11 09:40 . 2010-08-11 09:40 -------- d-----w- e:\windows\F9835182794B4F24902AE2CA9D43380F.TMP
2010-08-11 09:30 . 2010-08-11 09:41 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-08-11 07:26 . 2010-08-11 07:26 75776 ----a-w- e:\windows\cadkasdeinst01e.exe
2010-08-11 07:26 . 2010-08-11 07:26 -------- d-----w- e:\program files\Your monster voice 1
2010-08-10 11:19 . 2010-08-10 11:20 -------- d-----w- e:\program files\Free Screen Recorder
2010-08-10 07:44 . 2010-06-02 02:55 74072 ----a-w- e:\windows\system32\XAPOFX1_5.dll
2010-08-10 07:44 . 2010-06-02 02:55 527192 ----a-w- e:\windows\system32\XAudio2_7.dll
2010-08-10 07:44 . 2010-06-02 02:55 239960 ----a-w- e:\windows\system32\xactengine3_7.dll
2010-08-10 07:44 . 2010-05-26 09:41 470880 ----a-w- e:\windows\system32\d3dx10_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 248672 ----a-w- e:\windows\system32\d3dx11_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 2106216 ----a-w- e:\windows\system32\D3DCompiler_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 1998168 ----a-w- e:\windows\system32\D3DX9_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 1868128 ----a-w- e:\windows\system32\d3dcsx_43.dll
2010-08-07 08:06 . 2010-08-07 08:06 -------- d-----w- E:\found.000
2010-08-07 07:39 . 2010-08-07 07:39 -------- d-----w- e:\programdata\Comodo Downloader
2010-08-06 14:21 . 2010-08-06 14:24 -------- d-----w- e:\program files\TDU 2
2010-08-06 13:53 . 2010-08-06 15:28 -------- d-----w- e:\program files\My Program
2010-08-06 07:04 . 2010-08-06 07:04 -------- d-----w- e:\program files\Nufsoft
2010-08-06 07:03 . 2010-08-05 15:56 7474910 ----a-w- e:\program files\NatureIllusionStudioStandardEdition.exe
2010-08-05 16:10 . 2010-08-05 16:10 -------- d-----w- e:\program files\uTorrent
2010-08-05 16:10 . 2010-08-05 16:15 -------- d-----w- e:\users\AleRx8\AppData\Roaming\uTorrent
2010-08-05 10:44 . 2010-08-05 10:44 -------- d-----w- e:\program files\maComfort
2010-08-05 10:44 . 2010-08-05 10:44 -------- d-----w- e:\users\AleRx8\AppData\Roaming\maComfort
2010-08-05 10:42 . 2010-08-05 10:42 -------- d-----w- e:\users\AleRx8\AppData\Local\Google Translator
2010-08-03 09:13 . 2010-08-03 09:13 -------- d-sh--w- e:\programdata\SecuROM
2010-08-03 08:07 . 2010-08-03 08:07 -------- d-----w- e:\program files\1AVStreamer
2010-08-03 05:16 . 2010-08-03 05:16 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Avira
2010-08-02 06:01 . 2010-08-02 06:01 -------- d-----w- e:\users\AleRx8\DoctorWeb
2010-07-31 15:40 . 2010-07-31 15:46 -------- d-----w- e:\users\AleRx8\AppData\Local\VMware
2010-07-31 15:40 . 2010-07-31 15:41 -------- d-----w- e:\users\AleRx8\AppData\Roaming\VMware
2010-07-31 15:33 . 2010-07-31 15:33 921608 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\uninstall.exe
2010-07-31 15:33 . 2010-07-31 15:31 581632 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\module_core.dll
2010-07-31 15:33 . 2010-07-31 15:31 356352 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\module_ws.dll
2010-07-31 15:33 . 2010-07-31 15:31 968752 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib64.dll
2010-07-31 15:33 . 2010-07-31 15:31 932400 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib64.exe
2010-07-31 15:33 . 2010-07-31 15:31 760368 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib.dll
2010-07-31 15:33 . 2010-07-31 15:31 760368 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vminstutil.dll
2010-07-31 15:33 . 2010-07-31 15:31 707120 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib.exe
2010-07-31 15:33 . 2010-05-20 22:39 334384 ----a-w- e:\windows\system32\vmnetdhcp.exe
2010-07-31 15:33 . 2010-05-20 22:39 399920 ----a-w- e:\windows\system32\vmnat.exe
2010-07-31 15:33 . 2010-05-20 22:37 26288 ----a-w- e:\windows\system32\drivers\vmnetuserif.sys
2010-07-31 15:32 . 2010-05-20 22:38 760368 ----a-w- e:\windows\system32\vnetlib.dll
2010-07-31 15:32 . 2010-05-20 22:38 24624 ----a-w- e:\windows\system32\drivers\VMkbd.sys
2010-07-31 15:32 . 2010-07-31 15:32 -------- d-----w- e:\program files\Common Files\VMware
2010-07-31 15:32 . 2010-08-17 05:32 -------- d-----w- e:\programdata\VMware
2010-07-31 15:32 . 2010-07-31 15:32 -------- d-----w- e:\program files\VMware
2010-07-31 14:35 . 2010-07-31 14:35 39424 ----a-w- e:\windows\zipinst.exe
2010-07-31 14:35 . 2010-07-31 14:35 2853 ----a-w- e:\programdata\Microsoft\Windows\Start Menu\Programs\Landvermesser\Finderbar\eraserd.pif
2010-07-31 14:35 . 2010-07-31 14:35 -------- d--h--w- e:\windows\PIF
2010-07-31 14:35 . 2010-07-31 15:02 -------- d-----w- e:\program files\Finderbar 1.5
2010-07-31 14:33 . 2010-07-31 14:33 -------- d-----w- e:\program files\RocketDock
2010-07-31 14:23 . 2010-07-31 14:23 -------- d-----w- e:\users\AleRx8\AppData\Local\Stardock
2010-07-31 14:12 . 2010-07-31 14:12 -------- d-----w- e:\program files\iPod
2010-07-31 14:12 . 2010-07-31 14:12 -------- d-----w- e:\program files\iTunes
2010-07-31 14:08 . 2010-07-31 14:08 72488 ----a-w- e:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-23 07:21 . 2010-07-23 07:21 -------- d-----w- e:\program files\Common Files\Java
2010-07-23 07:20 . 2010-07-23 07:20 423656 ----a-w- e:\windows\system32\deployJava1.dll
2010-07-23 07:20 . 2010-07-23 07:20 -------- d-----w- e:\program files\Java
2010-07-22 08:00 . 2010-07-22 08:00 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Creative
2010-07-20 12:51 . 2010-07-20 12:51 -------- d-----w- e:\users\AleRx8\AppData\Local\Bump Technologies, Inc
2010-07-20 12:50 . 2010-07-20 12:50 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Bump Technologies, Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 15:50 . 2010-01-18 16:02 -------- d-----w- e:\users\AleRx8\AppData\Roaming\ICQ
2010-08-16 08:14 . 2010-02-01 12:04 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Azureus
2010-08-16 07:24 . 2010-08-16 07:22 -------- d--h--w- e:\programdata\sysnfxo
2010-08-16 07:23 . 2010-08-16 07:22 -------- d-----w- e:\program files\Ocster Backup
2010-08-16 07:22 . 2010-08-16 07:22 -------- d-----w- e:\programdata\Ocster Backup
2010-08-14 13:02 . 2010-02-12 06:02 -------- d-----w- e:\program files\Opera
2010-08-13 08:15 . 2010-01-18 16:02 -------- d-----w- e:\program files\ICQ7.0
2010-08-13 07:39 . 2010-05-01 18:14 -------- d-----w- e:\program files\Steam
2010-08-13 04:56 . 2010-05-30 07:59 -------- d-----w- e:\program files\Capture-A-ScreenShot
2010-08-12 10:36 . 2010-05-01 17:16 -------- d-----w- e:\program files\ATI Technologies
2010-08-10 07:44 . 2010-01-20 16:26 -------- d-----w- e:\program files\AGEIA Technologies
2010-08-07 07:25 . 2010-01-18 15:44 -------- d-----w- e:\users\AleRx8\AppData\Roaming\vlc
2010-08-05 08:30 . 2010-06-07 13:22 -------- d-----w- e:\program files\WinUtilities
2010-08-03 09:11 . 2010-01-20 15:25 -------- d-----w- e:\program files\Rockstar Games
2010-08-03 09:11 . 2010-01-16 13:15 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-08-03 08:49 . 2010-06-30 08:28 -------- d-----w- e:\program files\Metin2
2010-08-02 05:45 . 2010-01-19 15:09 -------- d-----w- e:\users\AleRx8\AppData\Roaming\IObit
2010-07-31 15:32 . 2010-01-17 18:28 285446 ----a-w- e:\windows\system32\perfc005.dat
2010-07-31 15:32 . 2010-01-17 18:28 1111182 ----a-w- e:\windows\system32\perfh005.dat
2010-07-31 14:17 . 2009-07-13 23:40 249856 ----a-w- e:\windows\system32\uxtheme.dll
2010-07-31 14:17 . 2009-07-13 23:39 2755072 ----a-w- e:\windows\system32\themeui.dll
2010-07-31 14:17 . 2009-07-13 23:39 37376 ----a-w- e:\windows\system32\themeservice.dll
2010-07-31 14:12 . 2010-01-19 15:26 -------- d-----w- e:\program files\Common Files\Apple
2010-07-31 14:08 . 2010-02-01 06:13 -------- d-----w- e:\program files\Safari
2010-07-22 07:59 . 2010-07-22 07:59 -------- d-----w- e:\programdata\Creative
2010-07-22 07:59 . 2010-07-22 07:59 -------- d--h--w- e:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
2010-07-22 07:59 . 2010-07-22 07:59 -------- d-----w- e:\program files\Creative
2010-07-22 07:59 . 2010-07-22 07:59 2422433 ----a-w- e:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe
2010-07-22 07:59 . 2010-07-22 07:59 -------- d--h--w- e:\programdata\{83F61D74-0DA9-475B-BAF3-D4F153A02B30}
2010-07-15 09:17 . 2010-07-15 09:17 10536 ----a-w- e:\windows\system32\drivers\hmonitor45.sys
2010-07-15 09:17 . 2010-07-15 09:17 -------- d-----w- e:\program files\Hmonitor
2010-07-15 09:16 . 2010-07-15 09:16 -------- d-----w- e:\program files\SpeedFan
2010-07-15 09:12 . 2010-07-15 09:12 -------- d-----w- e:\program files\Lavalys
2010-07-14 07:21 . 2010-07-14 07:21 -------- d-----w- e:\users\AleRx8\AppData\Roaming\FUEL
2010-07-14 06:52 . 2010-06-05 15:56 -------- d-----w- e:\program files\Codemasters
2010-07-13 18:09 . 2010-07-13 18:01 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Mount&Blade
2010-07-13 18:03 . 2010-07-13 18:01 -------- d-----w- e:\program files\Mount&Blade
2010-07-13 17:34 . 2010-07-13 17:29 -------- d-----w- e:\program files\Paradox Interactive
2010-07-13 17:16 . 2010-07-13 17:16 -------- d-----w- e:\program files\WMV9_VCM
2010-07-13 17:07 . 2010-04-30 15:09 -------- d-----w- e:\program files\1C Company
2010-07-13 16:49 . 2010-07-03 07:51 4068624 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\eawebkit.dll
2010-07-13 16:49 . 2010-07-03 07:51 267536 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.dll
2010-07-13 16:49 . 2010-07-03 07:51 1791248 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.native.dll
2010-07-13 16:49 . 2010-07-03 07:51 10691856 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\nfsw.exe
2010-07-07 02:29 . 2010-07-07 02:29 5882368 ----a-w- e:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55 15461888 ----a-w- e:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54 143360 ----a-w- e:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2010-05-05 02:19 513024 ----a-w- e:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51 446464 ----a-w- e:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51 380928 ----a-w- e:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50 176128 ----a-w- e:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49 159744 ----a-w- e:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 356352 ----a-w- e:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 278528 ----a-w- e:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49 11776 ----a-w- e:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49 43520 ----a-w- e:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2010-05-05 02:08 3826688 ----a-w- e:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29 46080 ----a-w- e:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29 44032 ----a-w- e:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-07-07 01:28 3975680 ----a-w- e:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27 4323840 ----a-w- e:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2010-02-03 03:23 50176 ----a-w- e:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23 3058688 ----a-w- e:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16 237568 ----a-w- e:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 12800 ----a-w- e:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 16896 ----a-w- e:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 210944 ----a-w- e:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2010-04-07 01:22 30208 ----a-w- e:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-07-07 01:14 22528 ----a-w- e:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-07-07 01:14 53248 ----a-w- e:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- e:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- e:\windows\system32\amdpcom32.dll
2010-07-03 08:11 . 2010-07-03 07:15 -------- d-----w- e:\program files\jv16 PowerTools 2009
2010-07-03 07:57 . 2010-07-03 07:57 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Need for Speed World
2010-07-03 07:51 . 2010-07-03 07:51 462864 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\d3dx10_37.dll
2010-07-03 07:51 . 2010-07-03 07:51 3786760 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\d3dx9_37.dll
2010-07-03 07:43 . 2010-07-03 07:43 883670 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbcl.dll
2010-07-03 07:43 . 2010-07-03 07:43 57344 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbag.dll
2010-07-03 07:38 . 2010-07-03 07:38 -------- d-----w- e:\programdata\Electronic Arts
2010-07-03 07:38 . 2010-07-03 07:38 -------- d-----w- e:\program files\Electronic Arts
2010-07-03 07:27 . 2010-07-03 07:27 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Uniblue
2010-07-03 07:27 . 2010-07-03 07:27 -------- d-----w- e:\program files\Uniblue
2010-07-03 07:24 . 2010-07-03 07:24 -------- d-----w- e:\programdata\Avira
2010-07-03 07:24 . 2010-07-03 07:24 -------- d-----w- e:\program files\Avira
2010-07-03 07:22 . 2010-01-20 14:40 -------- d-----w- e:\programdata\Alwil Software
2010-07-03 07:17 . 2010-01-18 15:57 -------- d-----w- e:\program files\Ashampoo
2010-07-03 07:15 . 2010-07-03 07:15 23 --sha-w- e:\windows\system32\fbdaabb3.dat
2010-07-02 14:52 . 2010-07-02 14:52 -------- d-----w- e:\program files\iPhone Explorer
2010-06-29 15:47 . 2010-06-29 15:46 7377592 ----a-w- e:\users\AleRx8\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build09.exe
2010-06-27 08:02 . 2010-01-18 15:54 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Ashampoo
2010-06-26 11:42 . 2010-06-26 11:41 -------- d-----w- e:\program files\SliderDock
2010-06-26 09:29 . 2010-06-26 09:29 71992 ----a-w- e:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-26 09:19 . 2010-06-26 09:19 152160 ---ha-w- e:\windows\system32\mlfcache.dat
2010-06-26 07:20 . 2010-06-26 07:19 -------- d-----w- e:\program files\The KMPlayer
2010-06-26 06:13 . 2010-06-26 06:13 -------- d-----w- e:\program files\Disney Interactive Studios
2010-06-26 05:36 . 2010-01-28 14:23 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Hamachi
2010-06-26 05:15 . 2010-06-26 05:15 -------- d-----w- e:\program files\Hamachi
2010-06-26 05:15 . 2010-06-26 05:15 25280 ----a-w- e:\windows\system32\drivers\hamachi.sys
2010-06-24 15:06 . 2010-06-24 15:06 -------- d-----w- e:\program files\Web Page Maker V2
2010-06-24 14:47 . 2010-06-24 14:47 -------- d-----w- e:\program files\Bonjour
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- e:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- e:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"Ocster Backup"="e:\program files\Ocster Backup\bin\backupClient-ox.exe" [2010-08-12 61208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

R0 PCGenFAM;PCGenFAM;e:\windows\system32\DRIVERS\PCGenFAM.sys [2010-06-17 179656]
R2 SolutoService;Soluto PCGenome Core Service;e:\program files\Soluto\SolutoService.exe [2010-06-17 338464]
R3 cpuz128;cpuz128;e:\users\AleRx8\AppData\Local\Temp\cpuz_x32.sys [x]
R3 CTUPnPSv;Creative Centrale Media Server;e:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 DfSdkS;Defragmentation-Service;e:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R3 GPU-Z;GPU-Z;e:\users\AleRx8\AppData\Local\Temp\GPU-Z.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;e:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 npggsvc;nProtect GameGuard Service;e:\windows\system32\GameMon.des [2009-10-11 3369044]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;e:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-08 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;e:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 XobniService;XobniService;e:\program files\Xobni\XobniService.exe [2009-10-12 46824]
R4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;e:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 sptd;sptd;e:\windows\system32\Drivers\sptd.sys [2010-06-17 697328]
S1 Hmonitor45;Hmonitor45;e:\windows\system32\drivers\hmonitor45.sys [2010-07-15 10536]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ocster_backup;Ocster Backup;e:\program files\Ocster Backup\bin\backupService-ox.exe [2010-08-12 18200]
S2 SCRCAMHRDRV;ScreenCamera HR;e:\windows\system32\DRIVERS\SCRCAMHRDRV.sys [2010-03-01 234800]
S2 vmci;VMware vmci;e:\windows\system32\Drivers\vmci.sys [2010-05-20 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;e:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;e:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;e:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-06-26 286208]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Obsah adresáře 'Naplánované úlohy'

2010-06-21 e:\windows\Tasks\AWC Startup.job
- e:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-01-19 15:33]

2010-08-14 e:\windows\Tasks\AWC Update.job
- e:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-01-19 14:18]

2010-05-30 e:\windows\Tasks\SmartDefrag.job
- e:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-05-29 10:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml ... raKAoa.ncA
IE: Download all by FlashGet3 - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: ????3?? - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
LSP: e:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\
FF - component: e:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: e:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll

---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-FlashGet 3.5 - e:\program files\FlashGet Network\FlashGet 3\uninst.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="e:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="e:\\Users\\AleRx8\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="e:\\Users\\AleRx8\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:44,be,19,e7,c0,91,a3,a6,cf,d0,b6,88,f4,9f,f1,94,fc,00,fa,e7,bf,73,d1,
39,f3,9a,eb,da,f8,59,76,3b,fa,8a,cb,09,15,1d,89,a5,58,72,be,3a,b4,f6,17,d3,\
"??"=hex:45,20,e8,79,3b,03,2f,15,59,18,e4,56,b1,f7,d1,2f

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\SecuROM\License information*]
"datasecu"=hex:f5,f0,42,f6,1e,2d,db,a2,0d,42,16,60,a2,28,40,c0,76,b8,43,90,15,
5c,19,95,54,c5,94,7a,b3,f8,1f,55,52,a1,f7,83,b2,55,c1,04,f6,42,e9,30,97,b0,\
"rkeysecu"=hex:c0,ec,6f,3d,7c,b4,5d,e0,8f,cc,6a,00,a1,85,b0,1b
.
Celkový čas: 2010-08-17 07:42:08
ComboFix-quarantined-files.txt 2010-08-17 05:42

Před spuštěním: Volných bajtů: 226 438 397 952
Po spuštění: Volných bajtů: 226 376 130 560

- - End Of File - - 53DEABBEA4497F4726816BEF2FE47570


Co tak koukám, tak ComboFixu se opravdu nelíbí FlashGet (je to sice program na prd, stahování se mi zdá pomalejší než přes prohlížeč, ale je to zajímavé...)

[jaro3]

Co tak koukám, tak ComboFixu se opravdu nelíbí FlashGet (je to sice program na prd, stahování se mi zdá pomalejší než přes prohlížeč, ale je to zajímavé...) ---nelíbí se mu jen nákazy ve FlashGet..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
e:\windows\system32\perfc005.dat
e:\windows\system32\perfh005.dat
e:\windows\system32\mlfcache.dat

Folder::
e:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
e:\windows\F9835182794B4F24902AE2CA9D43380F.TMP
E:\found.000
e:\windows\system32\mlfcache.dat

DirLook::
e:\programdata\Comodo Downloader
e:\programdata\sysnfxo

Driver::
cpuz128
GPU-Z

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=-

DDS::
uStart Page = hxxp://home.mywebsearch.com/index.jhtml ... raKAoa.ncA

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
e:\windows\system32\Mp3Ctrl.dll
e:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe
e:\windows\system32\drivers\hmonitor45.sys
e:\windows\system32\fbdaabb3.dat
e:\users\AleRx8\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build09.exe

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

[AleRx8]

ComboFix 10-08-16.03 - AleRx8 17.08.2010 10:10:40.4.4 - x86
Microsoft Windows 7 Ultimate N 6.1.7600.0.1250.420.1033.18.3071.2113 [GMT 2:00]
Spuštěný z: e:\users\AleRx8\Desktop\ComboFix.exe
Použité ovládací přepínače :: e:\users\AleRx8\Desktop\CFScript.txt

FILE ::
"e:\windows\system32\mlfcache.dat"
"e:\windows\system32\perfc005.dat"
"e:\windows\system32\perfh005.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\found.000
e:\found.000\dir0000.chk\00010017.ci
e:\found.000\dir0000.chk\00010017.dir
e:\found.000\dir0000.chk\00010017.wid
e:\found.000\file0000.chk
e:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
e:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll
e:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseData.ini
e:\windows\F9835182794B4F24902AE2CA9D43380F.TMP
e:\windows\F9835182794B4F24902AE2CA9D43380F.TMP\WiseCustomCalla.dll
e:\windows\system32\mlfcache.dat
e:\windows\system32\perfc005.dat
e:\windows\system32\perfh005.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ128
-------\Legacy_GPU-Z
-------\Service_cpuz128
-------\Service_GPU-Z


((((((((((((((((((((((((( Soubory vytvořené od 2010-07-17 do 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 08:15 . 2010-08-17 08:15 -------- d-----w- e:\users\Public\AppData\Local\temp
2010-08-17 08:15 . 2010-08-17 08:15 -------- d-----w- e:\users\Default\AppData\Local\temp
2010-08-16 15:37 . 2010-08-16 15:37 -------- d-----w- e:\users\AleRx8\AppData\Local\AOL
2010-08-16 11:38 . 2010-08-16 11:40 -------- d-----w- e:\program files\MP3Gain
2010-08-16 07:26 . 2010-08-16 07:30 -------- d-----w- E:\Zálohy
2010-08-15 14:27 . 2010-08-15 14:27 -------- d-----w- e:\users\AleRx8\.Clock-on-Desktop
2010-08-15 14:26 . 2010-08-15 14:26 -------- d-----w- e:\program files\Posibolt Software
2010-08-14 13:13 . 2010-08-14 13:13 -------- d-----w- e:\program files\SopCast
2010-08-13 07:33 . 2009-11-25 16:40 307200 ----a-w- e:\windows\system32\Mp3Ctrl.dll
2010-08-13 07:33 . 2009-09-26 09:00 580096 ----a-w- e:\windows\system32\lame.exe
2010-08-13 07:33 . 2009-09-26 09:00 496640 ----a-w- e:\windows\system32\lame_enc.dll
2010-08-13 07:33 . 2009-07-23 15:28 86016 ----a-w- e:\windows\system32\akrip32.dll
2010-08-13 07:33 . 2009-07-23 15:28 131176 ----a-w- e:\windows\system32\mp3gain.exe
2010-08-13 07:33 . 2003-04-18 14:46 1233920 ----a-w- e:\windows\system32\msxml4.dll
2010-08-13 07:33 . 2003-04-18 14:29 82432 ----a-w- e:\windows\system32\msxml4r.dll
2010-08-13 07:33 . 2010-08-13 07:33 -------- d-----w- e:\program files\Zortam Mp3 Media Studio
2010-08-12 10:38 . 2010-08-12 10:38 -------- d-----w- e:\programdata\ATI
2010-08-12 10:37 . 2010-08-12 10:37 -------- d-----w- e:\program files\Common Files\ATI Technologies
2010-08-12 10:36 . 2010-08-12 10:36 -------- d-----w- e:\program files\ATI
2010-08-11 09:41 . 2010-08-11 09:41 -------- d-----w- e:\program files\NVIDIA Corporation
2010-08-11 09:30 . 2010-08-11 09:41 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-08-11 07:26 . 2010-08-11 07:26 75776 ----a-w- e:\windows\cadkasdeinst01e.exe
2010-08-11 07:26 . 2010-08-11 07:26 -------- d-----w- e:\program files\Your monster voice 1
2010-08-10 11:19 . 2010-08-10 11:20 -------- d-----w- e:\program files\Free Screen Recorder
2010-08-10 07:44 . 2010-06-02 02:55 74072 ----a-w- e:\windows\system32\XAPOFX1_5.dll
2010-08-10 07:44 . 2010-06-02 02:55 527192 ----a-w- e:\windows\system32\XAudio2_7.dll
2010-08-10 07:44 . 2010-06-02 02:55 239960 ----a-w- e:\windows\system32\xactengine3_7.dll
2010-08-10 07:44 . 2010-05-26 09:41 470880 ----a-w- e:\windows\system32\d3dx10_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 248672 ----a-w- e:\windows\system32\d3dx11_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 2106216 ----a-w- e:\windows\system32\D3DCompiler_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 1998168 ----a-w- e:\windows\system32\D3DX9_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 1868128 ----a-w- e:\windows\system32\d3dcsx_43.dll
2010-08-07 07:39 . 2010-08-07 07:39 -------- d-----w- e:\programdata\Comodo Downloader
2010-08-06 14:21 . 2010-08-06 14:24 -------- d-----w- e:\program files\TDU 2
2010-08-06 13:53 . 2010-08-06 15:28 -------- d-----w- e:\program files\My Program
2010-08-06 07:04 . 2010-08-06 07:04 -------- d-----w- e:\program files\Nufsoft
2010-08-06 07:03 . 2010-08-05 15:56 7474910 ----a-w- e:\program files\NatureIllusionStudioStandardEdition.exe
2010-08-05 16:10 . 2010-08-05 16:10 -------- d-----w- e:\program files\uTorrent
2010-08-05 16:10 . 2010-08-05 16:15 -------- d-----w- e:\users\AleRx8\AppData\Roaming\uTorrent
2010-08-05 10:44 . 2010-08-05 10:44 -------- d-----w- e:\program files\maComfort
2010-08-05 10:44 . 2010-08-05 10:44 -------- d-----w- e:\users\AleRx8\AppData\Roaming\maComfort
2010-08-05 10:42 . 2010-08-05 10:42 -------- d-----w- e:\users\AleRx8\AppData\Local\Google Translator
2010-08-03 09:13 . 2010-08-03 09:13 -------- d-sh--w- e:\programdata\SecuROM
2010-08-03 08:07 . 2010-08-03 08:07 -------- d-----w- e:\program files\1AVStreamer
2010-08-03 05:16 . 2010-08-03 05:16 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Avira
2010-08-02 06:01 . 2010-08-02 06:01 -------- d-----w- e:\users\AleRx8\DoctorWeb
2010-07-31 15:40 . 2010-07-31 15:46 -------- d-----w- e:\users\AleRx8\AppData\Local\VMware
2010-07-31 15:40 . 2010-07-31 15:41 -------- d-----w- e:\users\AleRx8\AppData\Roaming\VMware
2010-07-31 15:33 . 2010-07-31 15:33 921608 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\uninstall.exe
2010-07-31 15:33 . 2010-07-31 15:31 581632 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\module_core.dll
2010-07-31 15:33 . 2010-07-31 15:31 356352 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\module_ws.dll
2010-07-31 15:33 . 2010-07-31 15:31 968752 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib64.dll
2010-07-31 15:33 . 2010-07-31 15:31 932400 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib64.exe
2010-07-31 15:33 . 2010-07-31 15:31 760368 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib.dll
2010-07-31 15:33 . 2010-07-31 15:31 760368 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vminstutil.dll
2010-07-31 15:33 . 2010-07-31 15:31 707120 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib.exe
2010-07-31 15:33 . 2010-05-20 22:39 334384 ----a-w- e:\windows\system32\vmnetdhcp.exe
2010-07-31 15:33 . 2010-05-20 22:39 399920 ----a-w- e:\windows\system32\vmnat.exe
2010-07-31 15:33 . 2010-05-20 22:37 26288 ----a-w- e:\windows\system32\drivers\vmnetuserif.sys
2010-07-31 15:32 . 2010-05-20 22:38 760368 ----a-w- e:\windows\system32\vnetlib.dll
2010-07-31 15:32 . 2010-05-20 22:38 24624 ----a-w- e:\windows\system32\drivers\VMkbd.sys
2010-07-31 15:32 . 2010-07-31 15:32 -------- d-----w- e:\program files\Common Files\VMware
2010-07-31 15:32 . 2010-08-17 08:17 -------- d-----w- e:\programdata\VMware
2010-07-31 15:32 . 2010-07-31 15:32 -------- d-----w- e:\program files\VMware
2010-07-31 14:35 . 2010-07-31 14:35 39424 ----a-w- e:\windows\zipinst.exe
2010-07-31 14:35 . 2010-07-31 14:35 2853 ----a-w- e:\programdata\Microsoft\Windows\Start Menu\Programs\Landvermesser\Finderbar\eraserd.pif
2010-07-31 14:35 . 2010-07-31 14:35 -------- d--h--w- e:\windows\PIF
2010-07-31 14:35 . 2010-07-31 15:02 -------- d-----w- e:\program files\Finderbar 1.5
2010-07-31 14:33 . 2010-07-31 14:33 -------- d-----w- e:\program files\RocketDock
2010-07-31 14:23 . 2010-07-31 14:23 -------- d-----w- e:\users\AleRx8\AppData\Local\Stardock
2010-07-31 14:12 . 2010-07-31 14:12 -------- d-----w- e:\program files\iPod
2010-07-31 14:12 . 2010-07-31 14:12 -------- d-----w- e:\program files\iTunes
2010-07-31 14:08 . 2010-07-31 14:08 72488 ----a-w- e:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-23 07:21 . 2010-07-23 07:21 -------- d-----w- e:\program files\Common Files\Java
2010-07-23 07:20 . 2010-07-23 07:20 423656 ----a-w- e:\windows\system32\deployJava1.dll
2010-07-23 07:20 . 2010-07-23 07:20 -------- d-----w- e:\program files\Java
2010-07-22 08:00 . 2010-07-22 08:00 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Creative
2010-07-20 12:51 . 2010-07-20 12:51 -------- d-----w- e:\users\AleRx8\AppData\Local\Bump Technologies, Inc
2010-07-20 12:50 . 2010-07-20 12:50 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Bump Technologies, Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 08:09 . 2010-01-18 16:02 -------- d-----w- e:\users\AleRx8\AppData\Roaming\ICQ
2010-08-17 07:30 . 2010-01-21 06:01 -------- d-----w- e:\programdata\Microsoft Help
2010-08-17 06:18 . 2010-01-19 15:09 -------- d-----w- e:\users\AleRx8\AppData\Roaming\IObit
2010-08-16 08:14 . 2010-02-01 12:04 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Azureus
2010-08-16 07:24 . 2010-08-16 07:22 -------- d--h--w- e:\programdata\sysnfxo
2010-08-16 07:23 . 2010-08-16 07:22 -------- d-----w- e:\program files\Ocster Backup
2010-08-16 07:22 . 2010-08-16 07:22 -------- d-----w- e:\programdata\Ocster Backup
2010-08-14 13:02 . 2010-02-12 06:02 -------- d-----w- e:\program files\Opera
2010-08-13 08:15 . 2010-01-18 16:02 -------- d-----w- e:\program files\ICQ7.0
2010-08-13 07:39 . 2010-05-01 18:14 -------- d-----w- e:\program files\Steam
2010-08-13 04:56 . 2010-05-30 07:59 -------- d-----w- e:\program files\Capture-A-ScreenShot
2010-08-12 10:36 . 2010-05-01 17:16 -------- d-----w- e:\program files\ATI Technologies
2010-08-10 07:44 . 2010-01-20 16:26 -------- d-----w- e:\program files\AGEIA Technologies
2010-08-07 07:25 . 2010-01-18 15:44 -------- d-----w- e:\users\AleRx8\AppData\Roaming\vlc
2010-08-05 08:30 . 2010-06-07 13:22 -------- d-----w- e:\program files\WinUtilities
2010-08-03 09:11 . 2010-01-20 15:25 -------- d-----w- e:\program files\Rockstar Games
2010-08-03 09:11 . 2010-01-16 13:15 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-08-03 08:49 . 2010-06-30 08:28 -------- d-----w- e:\program files\Metin2
2010-07-31 14:17 . 2009-07-13 23:40 249856 ----a-w- e:\windows\system32\uxtheme.dll
2010-07-31 14:17 . 2009-07-13 23:39 2755072 ----a-w- e:\windows\system32\themeui.dll
2010-07-31 14:17 . 2009-07-13 23:39 37376 ----a-w- e:\windows\system32\themeservice.dll
2010-07-31 14:12 . 2010-01-19 15:26 -------- d-----w- e:\program files\Common Files\Apple
2010-07-31 14:08 . 2010-02-01 06:13 -------- d-----w- e:\program files\Safari
2010-07-22 07:59 . 2010-07-22 07:59 -------- d-----w- e:\programdata\Creative
2010-07-22 07:59 . 2010-07-22 07:59 -------- d--h--w- e:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
2010-07-22 07:59 . 2010-07-22 07:59 -------- d-----w- e:\program files\Creative
2010-07-22 07:59 . 2010-07-22 07:59 2422433 ----a-w- e:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe
2010-07-22 07:59 . 2010-07-22 07:59 -------- d--h--w- e:\programdata\{83F61D74-0DA9-475B-BAF3-D4F153A02B30}
2010-07-15 09:17 . 2010-07-15 09:17 10536 ----a-w- e:\windows\system32\drivers\hmonitor45.sys
2010-07-15 09:17 . 2010-07-15 09:17 -------- d-----w- e:\program files\Hmonitor
2010-07-15 09:16 . 2010-07-15 09:16 -------- d-----w- e:\program files\SpeedFan
2010-07-15 09:12 . 2010-07-15 09:12 -------- d-----w- e:\program files\Lavalys
2010-07-14 07:21 . 2010-07-14 07:21 -------- d-----w- e:\users\AleRx8\AppData\Roaming\FUEL
2010-07-14 06:52 . 2010-06-05 15:56 -------- d-----w- e:\program files\Codemasters
2010-07-13 18:09 . 2010-07-13 18:01 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Mount&Blade
2010-07-13 18:03 . 2010-07-13 18:01 -------- d-----w- e:\program files\Mount&Blade
2010-07-13 17:34 . 2010-07-13 17:29 -------- d-----w- e:\program files\Paradox Interactive
2010-07-13 17:16 . 2010-07-13 17:16 -------- d-----w- e:\program files\WMV9_VCM
2010-07-13 17:07 . 2010-04-30 15:09 -------- d-----w- e:\program files\1C Company
2010-07-13 16:49 . 2010-07-03 07:51 4068624 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\eawebkit.dll
2010-07-13 16:49 . 2010-07-03 07:51 267536 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.dll
2010-07-13 16:49 . 2010-07-03 07:51 1791248 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.native.dll
2010-07-13 16:49 . 2010-07-03 07:51 10691856 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\nfsw.exe
2010-07-07 02:29 . 2010-07-07 02:29 5882368 ----a-w- e:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55 15461888 ----a-w- e:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54 143360 ----a-w- e:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2010-05-05 02:19 513024 ----a-w- e:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51 446464 ----a-w- e:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51 380928 ----a-w- e:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50 176128 ----a-w- e:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49 159744 ----a-w- e:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 356352 ----a-w- e:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 278528 ----a-w- e:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49 11776 ----a-w- e:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49 43520 ----a-w- e:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2010-05-05 02:08 3826688 ----a-w- e:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29 46080 ----a-w- e:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29 44032 ----a-w- e:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-07-07 01:28 3975680 ----a-w- e:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27 4323840 ----a-w- e:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2010-02-03 03:23 50176 ----a-w- e:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23 3058688 ----a-w- e:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16 237568 ----a-w- e:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 12800 ----a-w- e:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 16896 ----a-w- e:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 210944 ----a-w- e:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2010-04-07 01:22 30208 ----a-w- e:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-07-07 01:14 22528 ----a-w- e:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-07-07 01:14 53248 ----a-w- e:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- e:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- e:\windows\system32\amdpcom32.dll
2010-07-03 08:11 . 2010-07-03 07:15 -------- d-----w- e:\program files\jv16 PowerTools 2009
2010-07-03 07:57 . 2010-07-03 07:57 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Need for Speed World
2010-07-03 07:51 . 2010-07-03 07:51 462864 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\d3dx10_37.dll
2010-07-03 07:51 . 2010-07-03 07:51 3786760 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\d3dx9_37.dll
2010-07-03 07:43 . 2010-07-03 07:43 883670 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbcl.dll
2010-07-03 07:43 . 2010-07-03 07:43 57344 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbag.dll
2010-07-03 07:38 . 2010-07-03 07:38 -------- d-----w- e:\programdata\Electronic Arts
2010-07-03 07:38 . 2010-07-03 07:38 -------- d-----w- e:\program files\Electronic Arts
2010-07-03 07:27 . 2010-07-03 07:27 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Uniblue
2010-07-03 07:27 . 2010-07-03 07:27 -------- d-----w- e:\program files\Uniblue
2010-07-03 07:24 . 2010-07-03 07:24 -------- d-----w- e:\programdata\Avira
2010-07-03 07:24 . 2010-07-03 07:24 -------- d-----w- e:\program files\Avira
2010-07-03 07:22 . 2010-01-20 14:40 -------- d-----w- e:\programdata\Alwil Software
2010-07-03 07:17 . 2010-01-18 15:57 -------- d-----w- e:\program files\Ashampoo
2010-07-03 07:15 . 2010-07-03 07:15 23 --sha-w- e:\windows\system32\fbdaabb3.dat
2010-07-02 14:52 . 2010-07-02 14:52 -------- d-----w- e:\program files\iPhone Explorer
2010-06-29 15:47 . 2010-06-29 15:46 7377592 ----a-w- e:\users\AleRx8\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build09.exe
2010-06-27 08:02 . 2010-01-18 15:54 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Ashampoo
2010-06-26 11:42 . 2010-06-26 11:41 -------- d-----w- e:\program files\SliderDock
2010-06-26 09:29 . 2010-06-26 09:29 71992 ----a-w- e:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-26 07:20 . 2010-06-26 07:19 -------- d-----w- e:\program files\The KMPlayer
2010-06-26 06:13 . 2010-06-26 06:13 -------- d-----w- e:\program files\Disney Interactive Studios
2010-06-26 05:36 . 2010-01-28 14:23 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Hamachi
2010-06-26 05:15 . 2010-06-26 05:15 -------- d-----w- e:\program files\Hamachi
2010-06-26 05:15 . 2010-06-26 05:15 25280 ----a-w- e:\windows\system32\drivers\hamachi.sys
2010-06-24 15:06 . 2010-06-24 15:06 -------- d-----w- e:\program files\Web Page Maker V2
2010-06-24 14:47 . 2010-06-24 14:47 -------- d-----w- e:\program files\Bonjour
2010-06-24 14:46 . 2010-06-24 14:46 72504 ----a-w- e:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-24 14:07 . 2010-06-24 14:07 -------- d-----w- e:\program files\GamePark
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- e:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- e:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of e:\programdata\Comodo Downloader ----


---- Directory of e:\programdata\sysnfxo ----

2010-08-16 07:24 . 2010-08-16 07:24 94 ----a-w- e:\programdata\sysnfxo\ultraEngage


((((((((((((((((((((((((((((( SnapShot@2010-08-17_05.41.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 13:09 . 2010-08-17 07:52 16384 e:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-16 13:09 . 2010-08-16 11:23 16384 e:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-16 13:09 . 2010-08-16 11:23 32768 e:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-16 13:09 . 2010-08-17 07:52 32768 e:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:08 . 2010-08-16 11:23 16384 e:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:08 . 2010-08-17 07:52 16384 e:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-01 08:33 . 2010-08-17 06:57 16384 e:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-01 08:33 . 2010-08-17 05:27 16384 e:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-01 17:02 . 2010-08-16 15:10 32768 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-01 17:02 . 2010-08-17 08:00 32768 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-01 17:02 . 2010-08-16 15:10 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-02-01 17:02 . 2010-08-17 08:00 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-02-01 17:02 . 2010-08-17 08:00 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-01 17:02 . 2010-08-16 15:10 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-01 08:33 . 2010-08-17 05:27 32768 e:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-01 08:33 . 2010-08-17 08:00 32768 e:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-01 08:33 . 2010-08-17 06:57 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-01 08:33 . 2010-08-17 05:27 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-17 05:30 . 2010-08-17 05:30 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-17 05:30 . 2010-08-17 08:16 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-17 05:30 . 2010-08-17 05:30 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-17 05:30 . 2010-08-17 08:16 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:21 . 2010-08-14 13:13 245760 e:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:21 . 2010-08-17 07:52 245760 e:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"Ocster Backup"="e:\program files\Ocster Backup\bin\backupClient-ox.exe" [2010-08-12 61208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R0 PCGenFAM;PCGenFAM;e:\windows\system32\DRIVERS\PCGenFAM.sys [2010-06-17 179656]
R3 CTUPnPSv;Creative Centrale Media Server;e:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 DfSdkS;Defragmentation-Service;e:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R3 MatSvc;Microsoft Automated Troubleshooting Service;e:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 npggsvc;nProtect GameGuard Service;e:\windows\system32\GameMon.des [2009-10-11 3369044]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;e:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-08 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;e:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 XobniService;XobniService;e:\program files\Xobni\XobniService.exe [2009-10-12 46824]
R4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;e:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 sptd;sptd;e:\windows\system32\Drivers\sptd.sys [2010-06-17 697328]
S1 Hmonitor45;Hmonitor45;e:\windows\system32\drivers\hmonitor45.sys [2010-07-15 10536]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ocster_backup;Ocster Backup;e:\program files\Ocster Backup\bin\backupService-ox.exe [2010-08-12 18200]
S2 SCRCAMHRDRV;ScreenCamera HR;e:\windows\system32\DRIVERS\SCRCAMHRDRV.sys [2010-03-01 234800]
S2 SolutoService;Soluto PCGenome Core Service;e:\program files\Soluto\SolutoService.exe [2010-06-17 338464]
S2 vmci;VMware vmci;e:\windows\system32\Drivers\vmci.sys [2010-05-20 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;e:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;e:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;e:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-06-26 286208]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Obsah adresáře 'Naplánované úlohy'

2010-06-21 e:\windows\Tasks\AWC Startup.job
- e:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-01-19 15:33]
.
.
------- Doplňkový sken -------
.
IE: Download all by FlashGet3 - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: ????3?? - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
LSP: e:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\
FF - component: e:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="e:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="e:\\Users\\AleRx8\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="e:\\Users\\AleRx8\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:44,be,19,e7,c0,91,a3,a6,cf,d0,b6,88,f4,9f,f1,94,fc,00,fa,e7,bf,73,d1,
39,f3,9a,eb,da,f8,59,76,3b,fa,8a,cb,09,15,1d,89,a5,58,72,be,3a,b4,f6,17,d3,\
"??"=hex:45,20,e8,79,3b,03,2f,15,59,18,e4,56,b1,f7,d1,2f

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\SecuROM\License information*]
"datasecu"=hex:f5,f0,42,f6,1e,2d,db,a2,0d,42,16,60,a2,28,40,c0,76,b8,43,90,15,
5c,19,95,54,c5,94,7a,b3,f8,1f,55,52,a1,f7,83,b2,55,c1,04,f6,42,e9,30,97,b0,\
"rkeysecu"=hex:c0,ec,6f,3d,7c,b4,5d,e0,8f,cc,6a,00,a1,85,b0,1b
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2312)
e:\program files\RocketDock\RocketDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
e:\windows\system32\WUDFHost.exe
e:\windows\system32\atieclxx.exe
e:\windows\system32\taskhost.exe
e:\program files\Avira\AntiVir Desktop\avguard.exe
e:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Creative\Shared Files\CTDevSrv.exe
e:\program files\Avira\AntiVir Desktop\avshadow.exe
e:\windows\system32\conhost.exe
e:\windows\system32\conhost.exe
e:\windows\system32\vmnat.exe
e:\windows\system32\vmnetdhcp.exe
e:\program files\VMware\VMware Player\vmware-authd.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
e:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-08-17 10:22:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-17 08:22
ComboFix2.txt 2010-08-17 05:42

Před spuštěním: Volných bajtů: 226 030 567 424
Po spuštění: Volných bajtů: 225 838 522 368

- - End Of File - - B11068D8C293265F8CDD726241F8209A


HJT:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:09, on 17.8.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
E:\Windows\system32\taskhost.exe
E:\Windows\system32\Dwm.exe
E:\Program Files\Ocster Backup\bin\backupClient-ox.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Windows\Explorer.exe
E:\Windows\system32\notepad.exe
E:\Program Files\Opera\opera.exe
E:\Users\AleRx8\Desktop\hijackthis.exe
E:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ocster Backup] "E:\Program Files\Ocster Backup\bin\backupClient-ox.exe" --hidden
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-21-1786341700-570025950-2881891393-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '_ocster_backup_')
O4 - HKUS\S-1-5-21-1786341700-570025950-2881891393-1005\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User '_ocster_backup_')
O8 - Extra context menu item: Download all by FlashGet3 - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: e:\program files\vmware\vmware player\vsocklib.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - E:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - E:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - E:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - E:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - E:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Ocster Backup (ocster_backup) - Unknown owner - e:\Program Files\Ocster Backup\bin\backupService-ox.exe
O23 - Service: PnkBstrA - Unknown owner - E:\Windows\system32\PnkBstrA.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - E:\Program Files\Soluto\SolutoService.exe
O23 - Service: Steam Client Service - Valve Corporation - E:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - E:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\Windows\system32\vmnat.exe
O23 - Service: XobniService - Xobni Corporation - E:\Program Files\Xobni\XobniService.exe

--
End of file - 5804 bytes




http://www.virustotal.com/file-scan/rep ... 1282033832
http://www.virustotal.com/file-scan/rep ... 1282034039
http://www.virustotal.com/file-scan/rep ... 1282034148
http://www.virustotal.com/file-scan/rep ... 1282034477
http://www.virustotal.com/file-scan/rep ... 1282034714

[AleRx8]

Už by to mělo být všechno

[jaro3]

Fajn.

Tuto prázdnou složku smaž:
e:\programdata\sysnfxo

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (file missing)

e:\windows\system32\Mp3Ctrl.dll---smažeme v OTL.

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

Až budu mít chvilku , kouknu se.

[AleRx8]

OTL logy.rar

Má to moc znaků, tudíž jsem to musel zararovat

(22.71 KiB) Staženo 9 x

[jaro3]

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV - (VBoxNetFlt) -- E:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\Windows\SYSTEM32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
@Alternate Data Stream - 600 bytes -> E:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 194 bytes -> E:\ProgramData\TEMP:CAEDBDA6
@Alternate Data Stream - 185 bytes -> E:\ProgramData\TEMP:85551434
@Alternate Data Stream - 142 bytes -> E:\ProgramData\TEMP:820563D3
@Alternate Data Stream - 122 bytes -> E:\ProgramData\TEMP:7FDCA119

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
E:\ProgramData\sysnfxo
E:\Windows\tasks\SA.DAT
E:\Users\AleRx8\Desktop\T-Cleaner.exe
e:\windows\system32\Mp3Ctrl.dll
E:\Users\AleRx8\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Reg
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[AleRx8]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service VBoxNetFlt stopped successfully!
Service VBoxNetFlt deleted successfully!
File E:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS E:\ProgramData\TEMP:05EE1EEF deleted successfully.
ADS E:\ProgramData\TEMP:CAEDBDA6 deleted successfully.
ADS E:\ProgramData\TEMP:85551434 deleted successfully.
ADS E:\ProgramData\TEMP:820563D3 deleted successfully.
ADS E:\ProgramData\TEMP:7FDCA119 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
c:\windows\Tasks\1-Click Maintenance.job moved successfully.
c:\windows\Tasks\Ad-Aware Update (Daily 1).job moved successfully.
c:\windows\Tasks\Ad-Aware Update (Daily 2).job moved successfully.
c:\windows\Tasks\Ad-Aware Update (Daily 3).job moved successfully.
c:\windows\Tasks\Ad-Aware Update (Daily 4).job moved successfully.
c:\windows\Tasks\Ad-Aware Update (Weekly).job moved successfully.
c:\windows\Tasks\AppleSoftwareUpdate.job moved successfully.
c:\windows\Tasks\AWC AutoSweep.job moved successfully.
c:\windows\Tasks\Google Software Updater.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\Tasks\SmartDefrag.job moved successfully.
c:\windows\Tasks\User_Feed_Synchronization-{2498F1D9-1D26-4824-BAD2-0BEBA0B63F62}.job moved successfully.
File\Folder C:\*.tmp not found.
E:\ProgramData\sysnfxo folder moved successfully.
E:\Windows\tasks\SA.DAT moved successfully.
E:\Users\AleRx8\Desktop\T-Cleaner.exe moved successfully.
e:\windows\system32\Mp3Ctrl.dll moved successfully.
E:\Users\AleRx8\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: AleRx8
->Temp folder emptied: 3413 bytes
->Temporary Internet Files folder emptied: 6604306 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17446920 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 13754192 bytes
->Flash cache emptied: 1200 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: _ocster_backup_
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1977 bytes
RecycleBin emptied: 41984 bytes

Total Files Cleaned = 38.00 mb


[EMPTYFLASH]

User: AleRx8
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: _ocster_backup_

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08182010_101537

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[jaro3]

Spusť OTL a klikni na Vyčisti.

Pak můžeš OTL smazat , C:\_OTL

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.