PC-HELP.CZ

Čau, dneska jsem jaksi stahoval to, co jsem neměl, a tady je výsledek:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4379

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.8.2010 16:43:09
mbam-log-2010-08-16 (16-43-09).txt

Typ skenu: Rychlý sken
Skenované objekty: 140764
Uplynulý čas: 4 minuta(y), 4 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 24
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 7
Infikované soubory: 6

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
E:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
E:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
E:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
E:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
E:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
E:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
E:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

Infikované soubory:
E:\Users\AleRx8\Desktop\SmileyCentralPFSetup2.3.69.8.ZNman000.exe (Adware.MyWebSearch) -> No action taken.
E:\Program Files\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> No action taken.
E:\$RECYCLE.BIN\S-1-5-21-1786341700-570025950-2881891393-1000\$RYFQ4CI.5055\Acronis True Image Home 2010 13.0.5055.exe (Trojan.Downloader) -> No action taken.
E:\Users\AleRx8\AppData\Local\temp\Rar$EX00.347\Acronis True Image Home 2010 13.0.5055.exe (Trojan.Downloader) -> No action taken.
E:\Users\AleRx8\AppData\Local\temp\Rar$EX00.466\Acronis True Image Home 2010 13.0.5055.exe (Trojan.Downloader) -> No action taken.
E:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.

Všechny nálezy jsem po vložení logu odstranil.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:42, on 16.8.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
E:\Windows\system32\taskhost.exe
E:\Windows\system32\Dwm.exe
E:\Windows\Explorer.EXE
E:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
E:\Program Files\Ocster Backup\bin\backupClient-ox.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Users\AleRx8\Desktop\hijackthis.exe
E:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml ... raKAoa.ncA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ocster Backup] "E:\Program Files\Ocster Backup\bin\backupClient-ox.exe" --hidden
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-21-1786341700-570025950-2881891393-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '_ocster_backup_')
O4 - HKUS\S-1-5-21-1786341700-570025950-2881891393-1005\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User '_ocster_backup_')
O8 - Extra context menu item: Download all by FlashGet3 - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: e:\program files\vmware\vmware player\vsocklib.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - E:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - E:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - E:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - E:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - E:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Ocster Backup (ocster_backup) - Unknown owner - e:\Program Files\Ocster Backup\bin\backupService-ox.exe
O23 - Service: PnkBstrA - Unknown owner - E:\Windows\system32\PnkBstrA.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - E:\Program Files\Soluto\SolutoService.exe
O23 - Service: Steam Client Service - Valve Corporation - E:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - E:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\Windows\system32\vmnat.exe
O23 - Service: XobniService - Xobni Corporation - E:\Program Files\Xobni\XobniService.exe

--
End of file - 6372 bytes

Tak, hijackthis log už je tam taky

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml ... raKAoa.ncA
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Díky

ComboFix 10-08-16.03 - AleRx8 17.08.2010 7:35.3.4 - x86
Microsoft Windows 7 Ultimate N 6.1.7600.0.1250.420.1033.18.3071.2323 [GMT 2:00]
Spuštěný z: e:\users\AleRx8\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\program files\FlashGet Network
e:\program files\FlashGet Network\FlashGet 3\adns.dll
e:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
e:\program files\FlashGet Network\FlashGet 3\BugReport.dll
e:\program files\FlashGet Network\FlashGet 3\BugReport.exe
e:\program files\FlashGet Network\FlashGet 3\cd1.ico
e:\program files\FlashGet Network\FlashGet 3\ckcore.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
e:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
e:\program files\FlashGet Network\FlashGet 3\commonlib.dll
e:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
e:\program files\FlashGet Network\FlashGet 3\config\clients.met
e:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
e:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
e:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
e:\program files\FlashGet Network\FlashGet 3\config\known.met
e:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
e:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
e:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
e:\program files\FlashGet Network\FlashGet 3\config\server.met
e:\program files\FlashGet Network\FlashGet 3\config\server_met.old
e:\program files\FlashGet Network\FlashGet 3\config\upload.met
e:\program files\FlashGet Network\FlashGet 3\corestat.dll
e:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
e:\program files\FlashGet Network\FlashGet 3\fg.ico
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
e:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
e:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
e:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
e:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
e:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
e:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
e:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
e:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
e:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
e:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
e:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
e:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
e:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
e:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
e:\program files\FlashGet Network\FlashGet 3\game.ico
e:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
e:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
e:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
e:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
e:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
e:\program files\FlashGet Network\FlashGet 3\libem.dll
e:\program files\FlashGet Network\FlashGet 3\license.txt
e:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
e:\program files\FlashGet Network\FlashGet 3\P2PCore.dll
e:\program files\FlashGet Network\FlashGet 3\P2SCore.dll
e:\program files\FlashGet Network\FlashGet 3\perf.ini
e:\program files\FlashGet Network\FlashGet 3\pncrt.dll
e:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
e:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_clock.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\bmsgbox_disk.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
e:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
e:\program files\FlashGet Network\FlashGet 3\skin\international\Gray\BarSet.png
e:\program files\FlashGet Network\FlashGet 3\storage.dll
e:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
e:\program files\FlashGet Network\FlashGet 3\uninst.exe
e:\program files\FlashGet Network\FlashGet 3\VodCore.dll
e:\program files\FlashGet Network\FlashGet 3\zlib.dll
e:\users\AleRx8\AppData\Roaming\BITS
e:\users\AleRx8\AppData\Roaming\BITS\BITS.ini
e:\users\AleRx8\AppData\Roaming\BITS\DHTTable.dat
e:\users\AleRx8\AppData\Roaming\BITS\P2PCfg.ini
e:\users\AleRx8\AppData\Roaming\BITS\ProxyList.ini
e:\users\AleRx8\AppData\Roaming\BITS\pstat.dat
e:\users\AleRx8\AppData\Roaming\BITS\pup.dat
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200443.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200443.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200449.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200449.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200450.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200450.torrent.bits
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200450.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610200450.torrent.statistic
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610203905.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100610203905.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626110536.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626110536.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626115313.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626115313.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626115332.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100626115332.torrent.filelist
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100807094542.torrent
e:\users\AleRx8\AppData\Roaming\BITS\Torrent\20100807094542.torrent.filelist
e:\users\AleRx8\AppData\Roaming\FlashGetBHO
e:\users\AleRx8\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
e:\users\AleRx8\AppData\Roaming\FlashGetBHO\FlashGetHook.dll
e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
e:\windows\system32\secushr.dat
e:\windows\system32\secustat.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-17 do 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 05:40 . 2010-08-17 05:41 -------- d-----w- e:\users\AleRx8\AppData\Local\temp
2010-08-17 05:40 . 2010-08-17 05:40 -------- d-----w- e:\users\Default\AppData\Local\temp
2010-08-17 05:40 . 2010-08-17 05:40 -------- d-----w- e:\users\_ocster_backup_\AppData\Local\temp
2010-08-16 15:37 . 2010-08-16 15:37 -------- d-----w- e:\users\AleRx8\AppData\Local\AOL
2010-08-16 11:38 . 2010-08-16 11:40 -------- d-----w- e:\program files\MP3Gain
2010-08-16 07:26 . 2010-08-16 07:30 -------- d-----w- E:\Zálohy
2010-08-15 14:27 . 2010-08-15 14:27 -------- d-----w- e:\users\AleRx8\.Clock-on-Desktop
2010-08-15 14:26 . 2010-08-15 14:26 -------- d-----w- e:\program files\Posibolt Software
2010-08-14 13:13 . 2010-08-14 13:13 -------- d-----w- e:\program files\SopCast
2010-08-13 07:33 . 2009-11-25 16:40 307200 ----a-w- e:\windows\system32\Mp3Ctrl.dll
2010-08-13 07:33 . 2009-09-26 09:00 580096 ----a-w- e:\windows\system32\lame.exe
2010-08-13 07:33 . 2009-09-26 09:00 496640 ----a-w- e:\windows\system32\lame_enc.dll
2010-08-13 07:33 . 2009-07-23 15:28 86016 ----a-w- e:\windows\system32\akrip32.dll
2010-08-13 07:33 . 2009-07-23 15:28 131176 ----a-w- e:\windows\system32\mp3gain.exe
2010-08-13 07:33 . 2003-04-18 14:46 1233920 ----a-w- e:\windows\system32\msxml4.dll
2010-08-13 07:33 . 2003-04-18 14:29 82432 ----a-w- e:\windows\system32\msxml4r.dll
2010-08-13 07:33 . 2010-08-13 07:33 -------- d-----w- e:\program files\Zortam Mp3 Media Studio
2010-08-12 11:40 . 2010-08-12 11:40 -------- d-----w- e:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2010-08-12 10:38 . 2010-08-12 10:38 -------- d-----w- e:\programdata\ATI
2010-08-12 10:37 . 2010-08-12 10:37 -------- d-----w- e:\program files\Common Files\ATI Technologies
2010-08-12 10:36 . 2010-08-12 10:36 -------- d-----w- e:\program files\ATI
2010-08-11 09:41 . 2010-08-11 09:41 -------- d-----w- e:\program files\NVIDIA Corporation
2010-08-11 09:40 . 2010-08-11 09:40 -------- d-----w- e:\windows\F9835182794B4F24902AE2CA9D43380F.TMP
2010-08-11 09:30 . 2010-08-11 09:41 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-08-11 07:26 . 2010-08-11 07:26 75776 ----a-w- e:\windows\cadkasdeinst01e.exe
2010-08-11 07:26 . 2010-08-11 07:26 -------- d-----w- e:\program files\Your monster voice 1
2010-08-10 11:19 . 2010-08-10 11:20 -------- d-----w- e:\program files\Free Screen Recorder
2010-08-10 07:44 . 2010-06-02 02:55 74072 ----a-w- e:\windows\system32\XAPOFX1_5.dll
2010-08-10 07:44 . 2010-06-02 02:55 527192 ----a-w- e:\windows\system32\XAudio2_7.dll
2010-08-10 07:44 . 2010-06-02 02:55 239960 ----a-w- e:\windows\system32\xactengine3_7.dll
2010-08-10 07:44 . 2010-05-26 09:41 470880 ----a-w- e:\windows\system32\d3dx10_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 248672 ----a-w- e:\windows\system32\d3dx11_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 2106216 ----a-w- e:\windows\system32\D3DCompiler_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 1998168 ----a-w- e:\windows\system32\D3DX9_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 1868128 ----a-w- e:\windows\system32\d3dcsx_43.dll
2010-08-07 08:06 . 2010-08-07 08:06 -------- d-----w- E:\found.000
2010-08-07 07:39 . 2010-08-07 07:39 -------- d-----w- e:\programdata\Comodo Downloader
2010-08-06 14:21 . 2010-08-06 14:24 -------- d-----w- e:\program files\TDU 2
2010-08-06 13:53 . 2010-08-06 15:28 -------- d-----w- e:\program files\My Program
2010-08-06 07:04 . 2010-08-06 07:04 -------- d-----w- e:\program files\Nufsoft
2010-08-06 07:03 . 2010-08-05 15:56 7474910 ----a-w- e:\program files\NatureIllusionStudioStandardEdition.exe
2010-08-05 16:10 . 2010-08-05 16:10 -------- d-----w- e:\program files\uTorrent
2010-08-05 16:10 . 2010-08-05 16:15 -------- d-----w- e:\users\AleRx8\AppData\Roaming\uTorrent
2010-08-05 10:44 . 2010-08-05 10:44 -------- d-----w- e:\program files\maComfort
2010-08-05 10:44 . 2010-08-05 10:44 -------- d-----w- e:\users\AleRx8\AppData\Roaming\maComfort
2010-08-05 10:42 . 2010-08-05 10:42 -------- d-----w- e:\users\AleRx8\AppData\Local\Google Translator
2010-08-03 09:13 . 2010-08-03 09:13 -------- d-sh--w- e:\programdata\SecuROM
2010-08-03 08:07 . 2010-08-03 08:07 -------- d-----w- e:\program files\1AVStreamer
2010-08-03 05:16 . 2010-08-03 05:16 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Avira
2010-08-02 06:01 . 2010-08-02 06:01 -------- d-----w- e:\users\AleRx8\DoctorWeb
2010-07-31 15:40 . 2010-07-31 15:46 -------- d-----w- e:\users\AleRx8\AppData\Local\VMware
2010-07-31 15:40 . 2010-07-31 15:41 -------- d-----w- e:\users\AleRx8\AppData\Roaming\VMware
2010-07-31 15:33 . 2010-07-31 15:33 921608 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\uninstall.exe
2010-07-31 15:33 . 2010-07-31 15:31 581632 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\module_core.dll
2010-07-31 15:33 . 2010-07-31 15:31 356352 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\module_ws.dll
2010-07-31 15:33 . 2010-07-31 15:31 968752 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib64.dll
2010-07-31 15:33 . 2010-07-31 15:31 932400 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib64.exe
2010-07-31 15:33 . 2010-07-31 15:31 760368 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib.dll
2010-07-31 15:33 . 2010-07-31 15:31 760368 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vminstutil.dll
2010-07-31 15:33 . 2010-07-31 15:31 707120 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib.exe
2010-07-31 15:33 . 2010-05-20 22:39 334384 ----a-w- e:\windows\system32\vmnetdhcp.exe
2010-07-31 15:33 . 2010-05-20 22:39 399920 ----a-w- e:\windows\system32\vmnat.exe
2010-07-31 15:33 . 2010-05-20 22:37 26288 ----a-w- e:\windows\system32\drivers\vmnetuserif.sys
2010-07-31 15:32 . 2010-05-20 22:38 760368 ----a-w- e:\windows\system32\vnetlib.dll
2010-07-31 15:32 . 2010-05-20 22:38 24624 ----a-w- e:\windows\system32\drivers\VMkbd.sys
2010-07-31 15:32 . 2010-07-31 15:32 -------- d-----w- e:\program files\Common Files\VMware
2010-07-31 15:32 . 2010-08-17 05:32 -------- d-----w- e:\programdata\VMware
2010-07-31 15:32 . 2010-07-31 15:32 -------- d-----w- e:\program files\VMware
2010-07-31 14:35 . 2010-07-31 14:35 39424 ----a-w- e:\windows\zipinst.exe
2010-07-31 14:35 . 2010-07-31 14:35 2853 ----a-w- e:\programdata\Microsoft\Windows\Start Menu\Programs\Landvermesser\Finderbar\eraserd.pif
2010-07-31 14:35 . 2010-07-31 14:35 -------- d--h--w- e:\windows\PIF
2010-07-31 14:35 . 2010-07-31 15:02 -------- d-----w- e:\program files\Finderbar 1.5
2010-07-31 14:33 . 2010-07-31 14:33 -------- d-----w- e:\program files\RocketDock
2010-07-31 14:23 . 2010-07-31 14:23 -------- d-----w- e:\users\AleRx8\AppData\Local\Stardock
2010-07-31 14:12 . 2010-07-31 14:12 -------- d-----w- e:\program files\iPod
2010-07-31 14:12 . 2010-07-31 14:12 -------- d-----w- e:\program files\iTunes
2010-07-31 14:08 . 2010-07-31 14:08 72488 ----a-w- e:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-23 07:21 . 2010-07-23 07:21 -------- d-----w- e:\program files\Common Files\Java
2010-07-23 07:20 . 2010-07-23 07:20 423656 ----a-w- e:\windows\system32\deployJava1.dll
2010-07-23 07:20 . 2010-07-23 07:20 -------- d-----w- e:\program files\Java
2010-07-22 08:00 . 2010-07-22 08:00 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Creative
2010-07-20 12:51 . 2010-07-20 12:51 -------- d-----w- e:\users\AleRx8\AppData\Local\Bump Technologies, Inc
2010-07-20 12:50 . 2010-07-20 12:50 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Bump Technologies, Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 15:50 . 2010-01-18 16:02 -------- d-----w- e:\users\AleRx8\AppData\Roaming\ICQ
2010-08-16 08:14 . 2010-02-01 12:04 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Azureus
2010-08-16 07:24 . 2010-08-16 07:22 -------- d--h--w- e:\programdata\sysnfxo
2010-08-16 07:23 . 2010-08-16 07:22 -------- d-----w- e:\program files\Ocster Backup
2010-08-16 07:22 . 2010-08-16 07:22 -------- d-----w- e:\programdata\Ocster Backup
2010-08-14 13:02 . 2010-02-12 06:02 -------- d-----w- e:\program files\Opera
2010-08-13 08:15 . 2010-01-18 16:02 -------- d-----w- e:\program files\ICQ7.0
2010-08-13 07:39 . 2010-05-01 18:14 -------- d-----w- e:\program files\Steam
2010-08-13 04:56 . 2010-05-30 07:59 -------- d-----w- e:\program files\Capture-A-ScreenShot
2010-08-12 10:36 . 2010-05-01 17:16 -------- d-----w- e:\program files\ATI Technologies
2010-08-10 07:44 . 2010-01-20 16:26 -------- d-----w- e:\program files\AGEIA Technologies
2010-08-07 07:25 . 2010-01-18 15:44 -------- d-----w- e:\users\AleRx8\AppData\Roaming\vlc
2010-08-05 08:30 . 2010-06-07 13:22 -------- d-----w- e:\program files\WinUtilities
2010-08-03 09:11 . 2010-01-20 15:25 -------- d-----w- e:\program files\Rockstar Games
2010-08-03 09:11 . 2010-01-16 13:15 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-08-03 08:49 . 2010-06-30 08:28 -------- d-----w- e:\program files\Metin2
2010-08-02 05:45 . 2010-01-19 15:09 -------- d-----w- e:\users\AleRx8\AppData\Roaming\IObit
2010-07-31 15:32 . 2010-01-17 18:28 285446 ----a-w- e:\windows\system32\perfc005.dat
2010-07-31 15:32 . 2010-01-17 18:28 1111182 ----a-w- e:\windows\system32\perfh005.dat
2010-07-31 14:17 . 2009-07-13 23:40 249856 ----a-w- e:\windows\system32\uxtheme.dll
2010-07-31 14:17 . 2009-07-13 23:39 2755072 ----a-w- e:\windows\system32\themeui.dll
2010-07-31 14:17 . 2009-07-13 23:39 37376 ----a-w- e:\windows\system32\themeservice.dll
2010-07-31 14:12 . 2010-01-19 15:26 -------- d-----w- e:\program files\Common Files\Apple
2010-07-31 14:08 . 2010-02-01 06:13 -------- d-----w- e:\program files\Safari
2010-07-22 07:59 . 2010-07-22 07:59 -------- d-----w- e:\programdata\Creative
2010-07-22 07:59 . 2010-07-22 07:59 -------- d--h--w- e:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
2010-07-22 07:59 . 2010-07-22 07:59 -------- d-----w- e:\program files\Creative
2010-07-22 07:59 . 2010-07-22 07:59 2422433 ----a-w- e:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe
2010-07-22 07:59 . 2010-07-22 07:59 -------- d--h--w- e:\programdata\{83F61D74-0DA9-475B-BAF3-D4F153A02B30}
2010-07-15 09:17 . 2010-07-15 09:17 10536 ----a-w- e:\windows\system32\drivers\hmonitor45.sys
2010-07-15 09:17 . 2010-07-15 09:17 -------- d-----w- e:\program files\Hmonitor
2010-07-15 09:16 . 2010-07-15 09:16 -------- d-----w- e:\program files\SpeedFan
2010-07-15 09:12 . 2010-07-15 09:12 -------- d-----w- e:\program files\Lavalys
2010-07-14 07:21 . 2010-07-14 07:21 -------- d-----w- e:\users\AleRx8\AppData\Roaming\FUEL
2010-07-14 06:52 . 2010-06-05 15:56 -------- d-----w- e:\program files\Codemasters
2010-07-13 18:09 . 2010-07-13 18:01 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Mount&Blade
2010-07-13 18:03 . 2010-07-13 18:01 -------- d-----w- e:\program files\Mount&Blade
2010-07-13 17:34 . 2010-07-13 17:29 -------- d-----w- e:\program files\Paradox Interactive
2010-07-13 17:16 . 2010-07-13 17:16 -------- d-----w- e:\program files\WMV9_VCM
2010-07-13 17:07 . 2010-04-30 15:09 -------- d-----w- e:\program files\1C Company
2010-07-13 16:49 . 2010-07-03 07:51 4068624 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\eawebkit.dll
2010-07-13 16:49 . 2010-07-03 07:51 267536 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.dll
2010-07-13 16:49 . 2010-07-03 07:51 1791248 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.native.dll
2010-07-13 16:49 . 2010-07-03 07:51 10691856 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\nfsw.exe
2010-07-07 02:29 . 2010-07-07 02:29 5882368 ----a-w- e:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55 15461888 ----a-w- e:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54 143360 ----a-w- e:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2010-05-05 02:19 513024 ----a-w- e:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51 446464 ----a-w- e:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51 380928 ----a-w- e:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50 176128 ----a-w- e:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49 159744 ----a-w- e:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 356352 ----a-w- e:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 278528 ----a-w- e:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49 11776 ----a-w- e:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49 43520 ----a-w- e:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2010-05-05 02:08 3826688 ----a-w- e:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29 46080 ----a-w- e:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29 44032 ----a-w- e:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-07-07 01:28 3975680 ----a-w- e:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27 4323840 ----a-w- e:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2010-02-03 03:23 50176 ----a-w- e:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23 3058688 ----a-w- e:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16 237568 ----a-w- e:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 12800 ----a-w- e:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 16896 ----a-w- e:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 210944 ----a-w- e:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2010-04-07 01:22 30208 ----a-w- e:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-07-07 01:14 22528 ----a-w- e:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-07-07 01:14 53248 ----a-w- e:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- e:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- e:\windows\system32\amdpcom32.dll
2010-07-03 08:11 . 2010-07-03 07:15 -------- d-----w- e:\program files\jv16 PowerTools 2009
2010-07-03 07:57 . 2010-07-03 07:57 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Need for Speed World
2010-07-03 07:51 . 2010-07-03 07:51 462864 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\d3dx10_37.dll
2010-07-03 07:51 . 2010-07-03 07:51 3786760 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\d3dx9_37.dll
2010-07-03 07:43 . 2010-07-03 07:43 883670 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbcl.dll
2010-07-03 07:43 . 2010-07-03 07:43 57344 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbag.dll
2010-07-03 07:38 . 2010-07-03 07:38 -------- d-----w- e:\programdata\Electronic Arts
2010-07-03 07:38 . 2010-07-03 07:38 -------- d-----w- e:\program files\Electronic Arts
2010-07-03 07:27 . 2010-07-03 07:27 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Uniblue
2010-07-03 07:27 . 2010-07-03 07:27 -------- d-----w- e:\program files\Uniblue
2010-07-03 07:24 . 2010-07-03 07:24 -------- d-----w- e:\programdata\Avira
2010-07-03 07:24 . 2010-07-03 07:24 -------- d-----w- e:\program files\Avira
2010-07-03 07:22 . 2010-01-20 14:40 -------- d-----w- e:\programdata\Alwil Software
2010-07-03 07:17 . 2010-01-18 15:57 -------- d-----w- e:\program files\Ashampoo
2010-07-03 07:15 . 2010-07-03 07:15 23 --sha-w- e:\windows\system32\fbdaabb3.dat
2010-07-02 14:52 . 2010-07-02 14:52 -------- d-----w- e:\program files\iPhone Explorer
2010-06-29 15:47 . 2010-06-29 15:46 7377592 ----a-w- e:\users\AleRx8\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build09.exe
2010-06-27 08:02 . 2010-01-18 15:54 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Ashampoo
2010-06-26 11:42 . 2010-06-26 11:41 -------- d-----w- e:\program files\SliderDock
2010-06-26 09:29 . 2010-06-26 09:29 71992 ----a-w- e:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-26 09:19 . 2010-06-26 09:19 152160 ---ha-w- e:\windows\system32\mlfcache.dat
2010-06-26 07:20 . 2010-06-26 07:19 -------- d-----w- e:\program files\The KMPlayer
2010-06-26 06:13 . 2010-06-26 06:13 -------- d-----w- e:\program files\Disney Interactive Studios
2010-06-26 05:36 . 2010-01-28 14:23 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Hamachi
2010-06-26 05:15 . 2010-06-26 05:15 -------- d-----w- e:\program files\Hamachi
2010-06-26 05:15 . 2010-06-26 05:15 25280 ----a-w- e:\windows\system32\drivers\hamachi.sys
2010-06-24 15:06 . 2010-06-24 15:06 -------- d-----w- e:\program files\Web Page Maker V2
2010-06-24 14:47 . 2010-06-24 14:47 -------- d-----w- e:\program files\Bonjour
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- e:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- e:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"Ocster Backup"="e:\program files\Ocster Backup\bin\backupClient-ox.exe" [2010-08-12 61208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

R0 PCGenFAM;PCGenFAM;e:\windows\system32\DRIVERS\PCGenFAM.sys [2010-06-17 179656]
R2 SolutoService;Soluto PCGenome Core Service;e:\program files\Soluto\SolutoService.exe [2010-06-17 338464]
R3 cpuz128;cpuz128;e:\users\AleRx8\AppData\Local\Temp\cpuz_x32.sys [x]
R3 CTUPnPSv;Creative Centrale Media Server;e:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 DfSdkS;Defragmentation-Service;e:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R3 GPU-Z;GPU-Z;e:\users\AleRx8\AppData\Local\Temp\GPU-Z.sys [x]
R3 MatSvc;Microsoft Automated Troubleshooting Service;e:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 npggsvc;nProtect GameGuard Service;e:\windows\system32\GameMon.des [2009-10-11 3369044]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;e:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-08 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;e:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 XobniService;XobniService;e:\program files\Xobni\XobniService.exe [2009-10-12 46824]
R4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;e:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 sptd;sptd;e:\windows\system32\Drivers\sptd.sys [2010-06-17 697328]
S1 Hmonitor45;Hmonitor45;e:\windows\system32\drivers\hmonitor45.sys [2010-07-15 10536]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ocster_backup;Ocster Backup;e:\program files\Ocster Backup\bin\backupService-ox.exe [2010-08-12 18200]
S2 SCRCAMHRDRV;ScreenCamera HR;e:\windows\system32\DRIVERS\SCRCAMHRDRV.sys [2010-03-01 234800]
S2 vmci;VMware vmci;e:\windows\system32\Drivers\vmci.sys [2010-05-20 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;e:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;e:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;e:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-06-26 286208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Obsah adresáře 'Naplánované úlohy'

2010-06-21 e:\windows\Tasks\AWC Startup.job
- e:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-01-19 15:33]

2010-08-14 e:\windows\Tasks\AWC Update.job
- e:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-01-19 14:18]

2010-05-30 e:\windows\Tasks\SmartDefrag.job
- e:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-05-29 10:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml ... raKAoa.ncA
IE: Download all by FlashGet3 - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: ????3?? - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
LSP: e:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\
FF - component: e:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: e:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll

---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-FlashGet 3.5 - e:\program files\FlashGet Network\FlashGet 3\uninst.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="e:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="e:\\Users\\AleRx8\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="e:\\Users\\AleRx8\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:44,be,19,e7,c0,91,a3,a6,cf,d0,b6,88,f4,9f,f1,94,fc,00,fa,e7,bf,73,d1,
39,f3,9a,eb,da,f8,59,76,3b,fa,8a,cb,09,15,1d,89,a5,58,72,be,3a,b4,f6,17,d3,\
"??"=hex:45,20,e8,79,3b,03,2f,15,59,18,e4,56,b1,f7,d1,2f

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\SecuROM\License information*]
"datasecu"=hex:f5,f0,42,f6,1e,2d,db,a2,0d,42,16,60,a2,28,40,c0,76,b8,43,90,15,
5c,19,95,54,c5,94,7a,b3,f8,1f,55,52,a1,f7,83,b2,55,c1,04,f6,42,e9,30,97,b0,\
"rkeysecu"=hex:c0,ec,6f,3d,7c,b4,5d,e0,8f,cc,6a,00,a1,85,b0,1b
.
Celkový čas: 2010-08-17 07:42:08
ComboFix-quarantined-files.txt 2010-08-17 05:42

Před spuštěním: Volných bajtů: 226 438 397 952
Po spuštění: Volných bajtů: 226 376 130 560

- - End Of File - - 53DEABBEA4497F4726816BEF2FE47570

Co tak koukám, tak ComboFixu se opravdu nelíbí FlashGet (je to sice program na prd, stahování se mi zdá pomalejší než přes prohlížeč, ale je to zajímavé...)

Co tak koukám, tak ComboFixu se opravdu nelíbí FlashGet (je to sice program na prd, stahování se mi zdá pomalejší než přes prohlížeč, ale je to zajímavé...) ---nelíbí se mu jen nákazy ve FlashGet..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
e:\windows\system32\perfc005.dat
e:\windows\system32\perfh005.dat
e:\windows\system32\mlfcache.dat

Folder::
e:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
e:\windows\F9835182794B4F24902AE2CA9D43380F.TMP
E:\found.000
e:\windows\system32\mlfcache.dat

DirLook::
e:\programdata\Comodo Downloader
e:\programdata\sysnfxo

Driver::
cpuz128
GPU-Z

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=- 

DDS::
uStart Page = hxxp://home.mywebsearch.com/index.jhtml ... raKAoa.ncA

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
e:\windows\system32\Mp3Ctrl.dll
e:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe
e:\windows\system32\drivers\hmonitor45.sys
e:\windows\system32\fbdaabb3.dat
e:\users\AleRx8\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build09.exe

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

ComboFix 10-08-16.03 - AleRx8 17.08.2010 10:10:40.4.4 - x86
Microsoft Windows 7 Ultimate N 6.1.7600.0.1250.420.1033.18.3071.2113 [GMT 2:00]
Spuštěný z: e:\users\AleRx8\Desktop\ComboFix.exe
Použité ovládací přepínače :: e:\users\AleRx8\Desktop\CFScript.txt

FILE ::
"e:\windows\system32\mlfcache.dat"
"e:\windows\system32\perfc005.dat"
"e:\windows\system32\perfh005.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\found.000
e:\found.000\dir0000.chk\00010017.ci
e:\found.000\dir0000.chk\00010017.dir
e:\found.000\dir0000.chk\00010017.wid
e:\found.000\file0000.chk
e:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
e:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll
e:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseData.ini
e:\windows\F9835182794B4F24902AE2CA9D43380F.TMP
e:\windows\F9835182794B4F24902AE2CA9D43380F.TMP\WiseCustomCalla.dll
e:\windows\system32\mlfcache.dat
e:\windows\system32\perfc005.dat
e:\windows\system32\perfh005.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ128
-------\Legacy_GPU-Z
-------\Service_cpuz128
-------\Service_GPU-Z

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-17 do 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 08:15 . 2010-08-17 08:15 -------- d-----w- e:\users\Public\AppData\Local\temp
2010-08-17 08:15 . 2010-08-17 08:15 -------- d-----w- e:\users\Default\AppData\Local\temp
2010-08-16 15:37 . 2010-08-16 15:37 -------- d-----w- e:\users\AleRx8\AppData\Local\AOL
2010-08-16 11:38 . 2010-08-16 11:40 -------- d-----w- e:\program files\MP3Gain
2010-08-16 07:26 . 2010-08-16 07:30 -------- d-----w- E:\Zálohy
2010-08-15 14:27 . 2010-08-15 14:27 -------- d-----w- e:\users\AleRx8\.Clock-on-Desktop
2010-08-15 14:26 . 2010-08-15 14:26 -------- d-----w- e:\program files\Posibolt Software
2010-08-14 13:13 . 2010-08-14 13:13 -------- d-----w- e:\program files\SopCast
2010-08-13 07:33 . 2009-11-25 16:40 307200 ----a-w- e:\windows\system32\Mp3Ctrl.dll
2010-08-13 07:33 . 2009-09-26 09:00 580096 ----a-w- e:\windows\system32\lame.exe
2010-08-13 07:33 . 2009-09-26 09:00 496640 ----a-w- e:\windows\system32\lame_enc.dll
2010-08-13 07:33 . 2009-07-23 15:28 86016 ----a-w- e:\windows\system32\akrip32.dll
2010-08-13 07:33 . 2009-07-23 15:28 131176 ----a-w- e:\windows\system32\mp3gain.exe
2010-08-13 07:33 . 2003-04-18 14:46 1233920 ----a-w- e:\windows\system32\msxml4.dll
2010-08-13 07:33 . 2003-04-18 14:29 82432 ----a-w- e:\windows\system32\msxml4r.dll
2010-08-13 07:33 . 2010-08-13 07:33 -------- d-----w- e:\program files\Zortam Mp3 Media Studio
2010-08-12 10:38 . 2010-08-12 10:38 -------- d-----w- e:\programdata\ATI
2010-08-12 10:37 . 2010-08-12 10:37 -------- d-----w- e:\program files\Common Files\ATI Technologies
2010-08-12 10:36 . 2010-08-12 10:36 -------- d-----w- e:\program files\ATI
2010-08-11 09:41 . 2010-08-11 09:41 -------- d-----w- e:\program files\NVIDIA Corporation
2010-08-11 09:30 . 2010-08-11 09:41 -------- d-----w- e:\program files\Common Files\Wise Installation Wizard
2010-08-11 07:26 . 2010-08-11 07:26 75776 ----a-w- e:\windows\cadkasdeinst01e.exe
2010-08-11 07:26 . 2010-08-11 07:26 -------- d-----w- e:\program files\Your monster voice 1
2010-08-10 11:19 . 2010-08-10 11:20 -------- d-----w- e:\program files\Free Screen Recorder
2010-08-10 07:44 . 2010-06-02 02:55 74072 ----a-w- e:\windows\system32\XAPOFX1_5.dll
2010-08-10 07:44 . 2010-06-02 02:55 527192 ----a-w- e:\windows\system32\XAudio2_7.dll
2010-08-10 07:44 . 2010-06-02 02:55 239960 ----a-w- e:\windows\system32\xactengine3_7.dll
2010-08-10 07:44 . 2010-05-26 09:41 470880 ----a-w- e:\windows\system32\d3dx10_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 248672 ----a-w- e:\windows\system32\d3dx11_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 2106216 ----a-w- e:\windows\system32\D3DCompiler_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 1998168 ----a-w- e:\windows\system32\D3DX9_43.dll
2010-08-10 07:44 . 2010-05-26 09:41 1868128 ----a-w- e:\windows\system32\d3dcsx_43.dll
2010-08-07 07:39 . 2010-08-07 07:39 -------- d-----w- e:\programdata\Comodo Downloader
2010-08-06 14:21 . 2010-08-06 14:24 -------- d-----w- e:\program files\TDU 2
2010-08-06 13:53 . 2010-08-06 15:28 -------- d-----w- e:\program files\My Program
2010-08-06 07:04 . 2010-08-06 07:04 -------- d-----w- e:\program files\Nufsoft
2010-08-06 07:03 . 2010-08-05 15:56 7474910 ----a-w- e:\program files\NatureIllusionStudioStandardEdition.exe
2010-08-05 16:10 . 2010-08-05 16:10 -------- d-----w- e:\program files\uTorrent
2010-08-05 16:10 . 2010-08-05 16:15 -------- d-----w- e:\users\AleRx8\AppData\Roaming\uTorrent
2010-08-05 10:44 . 2010-08-05 10:44 -------- d-----w- e:\program files\maComfort
2010-08-05 10:44 . 2010-08-05 10:44 -------- d-----w- e:\users\AleRx8\AppData\Roaming\maComfort
2010-08-05 10:42 . 2010-08-05 10:42 -------- d-----w- e:\users\AleRx8\AppData\Local\Google Translator
2010-08-03 09:13 . 2010-08-03 09:13 -------- d-sh--w- e:\programdata\SecuROM
2010-08-03 08:07 . 2010-08-03 08:07 -------- d-----w- e:\program files\1AVStreamer
2010-08-03 05:16 . 2010-08-03 05:16 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Avira
2010-08-02 06:01 . 2010-08-02 06:01 -------- d-----w- e:\users\AleRx8\DoctorWeb
2010-07-31 15:40 . 2010-07-31 15:46 -------- d-----w- e:\users\AleRx8\AppData\Local\VMware
2010-07-31 15:40 . 2010-07-31 15:41 -------- d-----w- e:\users\AleRx8\AppData\Roaming\VMware
2010-07-31 15:33 . 2010-07-31 15:33 921608 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\uninstall.exe
2010-07-31 15:33 . 2010-07-31 15:31 581632 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\module_core.dll
2010-07-31 15:33 . 2010-07-31 15:31 356352 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\module_ws.dll
2010-07-31 15:33 . 2010-07-31 15:31 968752 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib64.dll
2010-07-31 15:33 . 2010-07-31 15:31 932400 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib64.exe
2010-07-31 15:33 . 2010-07-31 15:31 760368 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib.dll
2010-07-31 15:33 . 2010-07-31 15:31 760368 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vminstutil.dll
2010-07-31 15:33 . 2010-07-31 15:31 707120 ----a-w- e:\programdata\VMware\VMware Player\Uninstaller\vnetlib.exe
2010-07-31 15:33 . 2010-05-20 22:39 334384 ----a-w- e:\windows\system32\vmnetdhcp.exe
2010-07-31 15:33 . 2010-05-20 22:39 399920 ----a-w- e:\windows\system32\vmnat.exe
2010-07-31 15:33 . 2010-05-20 22:37 26288 ----a-w- e:\windows\system32\drivers\vmnetuserif.sys
2010-07-31 15:32 . 2010-05-20 22:38 760368 ----a-w- e:\windows\system32\vnetlib.dll
2010-07-31 15:32 . 2010-05-20 22:38 24624 ----a-w- e:\windows\system32\drivers\VMkbd.sys
2010-07-31 15:32 . 2010-07-31 15:32 -------- d-----w- e:\program files\Common Files\VMware
2010-07-31 15:32 . 2010-08-17 08:17 -------- d-----w- e:\programdata\VMware
2010-07-31 15:32 . 2010-07-31 15:32 -------- d-----w- e:\program files\VMware
2010-07-31 14:35 . 2010-07-31 14:35 39424 ----a-w- e:\windows\zipinst.exe
2010-07-31 14:35 . 2010-07-31 14:35 2853 ----a-w- e:\programdata\Microsoft\Windows\Start Menu\Programs\Landvermesser\Finderbar\eraserd.pif
2010-07-31 14:35 . 2010-07-31 14:35 -------- d--h--w- e:\windows\PIF
2010-07-31 14:35 . 2010-07-31 15:02 -------- d-----w- e:\program files\Finderbar 1.5
2010-07-31 14:33 . 2010-07-31 14:33 -------- d-----w- e:\program files\RocketDock
2010-07-31 14:23 . 2010-07-31 14:23 -------- d-----w- e:\users\AleRx8\AppData\Local\Stardock
2010-07-31 14:12 . 2010-07-31 14:12 -------- d-----w- e:\program files\iPod
2010-07-31 14:12 . 2010-07-31 14:12 -------- d-----w- e:\program files\iTunes
2010-07-31 14:08 . 2010-07-31 14:08 72488 ----a-w- e:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-23 07:21 . 2010-07-23 07:21 -------- d-----w- e:\program files\Common Files\Java
2010-07-23 07:20 . 2010-07-23 07:20 423656 ----a-w- e:\windows\system32\deployJava1.dll
2010-07-23 07:20 . 2010-07-23 07:20 -------- d-----w- e:\program files\Java
2010-07-22 08:00 . 2010-07-22 08:00 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Creative
2010-07-20 12:51 . 2010-07-20 12:51 -------- d-----w- e:\users\AleRx8\AppData\Local\Bump Technologies, Inc
2010-07-20 12:50 . 2010-07-20 12:50 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Bump Technologies, Inc

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 08:09 . 2010-01-18 16:02 -------- d-----w- e:\users\AleRx8\AppData\Roaming\ICQ
2010-08-17 07:30 . 2010-01-21 06:01 -------- d-----w- e:\programdata\Microsoft Help
2010-08-17 06:18 . 2010-01-19 15:09 -------- d-----w- e:\users\AleRx8\AppData\Roaming\IObit
2010-08-16 08:14 . 2010-02-01 12:04 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Azureus
2010-08-16 07:24 . 2010-08-16 07:22 -------- d--h--w- e:\programdata\sysnfxo
2010-08-16 07:23 . 2010-08-16 07:22 -------- d-----w- e:\program files\Ocster Backup
2010-08-16 07:22 . 2010-08-16 07:22 -------- d-----w- e:\programdata\Ocster Backup
2010-08-14 13:02 . 2010-02-12 06:02 -------- d-----w- e:\program files\Opera
2010-08-13 08:15 . 2010-01-18 16:02 -------- d-----w- e:\program files\ICQ7.0
2010-08-13 07:39 . 2010-05-01 18:14 -------- d-----w- e:\program files\Steam
2010-08-13 04:56 . 2010-05-30 07:59 -------- d-----w- e:\program files\Capture-A-ScreenShot
2010-08-12 10:36 . 2010-05-01 17:16 -------- d-----w- e:\program files\ATI Technologies
2010-08-10 07:44 . 2010-01-20 16:26 -------- d-----w- e:\program files\AGEIA Technologies
2010-08-07 07:25 . 2010-01-18 15:44 -------- d-----w- e:\users\AleRx8\AppData\Roaming\vlc
2010-08-05 08:30 . 2010-06-07 13:22 -------- d-----w- e:\program files\WinUtilities
2010-08-03 09:11 . 2010-01-20 15:25 -------- d-----w- e:\program files\Rockstar Games
2010-08-03 09:11 . 2010-01-16 13:15 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-08-03 08:49 . 2010-06-30 08:28 -------- d-----w- e:\program files\Metin2
2010-07-31 14:17 . 2009-07-13 23:40 249856 ----a-w- e:\windows\system32\uxtheme.dll
2010-07-31 14:17 . 2009-07-13 23:39 2755072 ----a-w- e:\windows\system32\themeui.dll
2010-07-31 14:17 . 2009-07-13 23:39 37376 ----a-w- e:\windows\system32\themeservice.dll
2010-07-31 14:12 . 2010-01-19 15:26 -------- d-----w- e:\program files\Common Files\Apple
2010-07-31 14:08 . 2010-02-01 06:13 -------- d-----w- e:\program files\Safari
2010-07-22 07:59 . 2010-07-22 07:59 -------- d-----w- e:\programdata\Creative
2010-07-22 07:59 . 2010-07-22 07:59 -------- d--h--w- e:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
2010-07-22 07:59 . 2010-07-22 07:59 -------- d-----w- e:\program files\Creative
2010-07-22 07:59 . 2010-07-22 07:59 2422433 ----a-w- e:\programdata\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe
2010-07-22 07:59 . 2010-07-22 07:59 -------- d--h--w- e:\programdata\{83F61D74-0DA9-475B-BAF3-D4F153A02B30}
2010-07-15 09:17 . 2010-07-15 09:17 10536 ----a-w- e:\windows\system32\drivers\hmonitor45.sys
2010-07-15 09:17 . 2010-07-15 09:17 -------- d-----w- e:\program files\Hmonitor
2010-07-15 09:16 . 2010-07-15 09:16 -------- d-----w- e:\program files\SpeedFan
2010-07-15 09:12 . 2010-07-15 09:12 -------- d-----w- e:\program files\Lavalys
2010-07-14 07:21 . 2010-07-14 07:21 -------- d-----w- e:\users\AleRx8\AppData\Roaming\FUEL
2010-07-14 06:52 . 2010-06-05 15:56 -------- d-----w- e:\program files\Codemasters
2010-07-13 18:09 . 2010-07-13 18:01 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Mount&Blade
2010-07-13 18:03 . 2010-07-13 18:01 -------- d-----w- e:\program files\Mount&Blade
2010-07-13 17:34 . 2010-07-13 17:29 -------- d-----w- e:\program files\Paradox Interactive
2010-07-13 17:16 . 2010-07-13 17:16 -------- d-----w- e:\program files\WMV9_VCM
2010-07-13 17:07 . 2010-04-30 15:09 -------- d-----w- e:\program files\1C Company
2010-07-13 16:49 . 2010-07-03 07:51 4068624 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\eawebkit.dll
2010-07-13 16:49 . 2010-07-03 07:51 267536 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.dll
2010-07-13 16:49 . 2010-07-03 07:51 1791248 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.native.dll
2010-07-13 16:49 . 2010-07-03 07:51 10691856 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\nfsw.exe
2010-07-07 02:29 . 2010-07-07 02:29 5882368 ----a-w- e:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55 15461888 ----a-w- e:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54 143360 ----a-w- e:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2010-05-05 02:19 513024 ----a-w- e:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51 446464 ----a-w- e:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51 380928 ----a-w- e:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50 176128 ----a-w- e:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49 159744 ----a-w- e:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 356352 ----a-w- e:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 278528 ----a-w- e:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49 11776 ----a-w- e:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49 43520 ----a-w- e:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2010-05-05 02:08 3826688 ----a-w- e:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29 46080 ----a-w- e:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29 44032 ----a-w- e:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-07-07 01:28 3975680 ----a-w- e:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27 4323840 ----a-w- e:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2010-02-03 03:23 50176 ----a-w- e:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23 3058688 ----a-w- e:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16 237568 ----a-w- e:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 12800 ----a-w- e:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 16896 ----a-w- e:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 210944 ----a-w- e:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2010-04-07 01:22 30208 ----a-w- e:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-07-07 01:14 22528 ----a-w- e:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-07-07 01:14 53248 ----a-w- e:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- e:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- e:\windows\system32\amdpcom32.dll
2010-07-03 08:11 . 2010-07-03 07:15 -------- d-----w- e:\program files\jv16 PowerTools 2009
2010-07-03 07:57 . 2010-07-03 07:57 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Need for Speed World
2010-07-03 07:51 . 2010-07-03 07:51 462864 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\d3dx10_37.dll
2010-07-03 07:51 . 2010-07-03 07:51 3786760 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\d3dx9_37.dll
2010-07-03 07:43 . 2010-07-03 07:43 883670 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbcl.dll
2010-07-03 07:43 . 2010-07-03 07:43 57344 ----a-w- e:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbag.dll
2010-07-03 07:38 . 2010-07-03 07:38 -------- d-----w- e:\programdata\Electronic Arts
2010-07-03 07:38 . 2010-07-03 07:38 -------- d-----w- e:\program files\Electronic Arts
2010-07-03 07:27 . 2010-07-03 07:27 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Uniblue
2010-07-03 07:27 . 2010-07-03 07:27 -------- d-----w- e:\program files\Uniblue
2010-07-03 07:24 . 2010-07-03 07:24 -------- d-----w- e:\programdata\Avira
2010-07-03 07:24 . 2010-07-03 07:24 -------- d-----w- e:\program files\Avira
2010-07-03 07:22 . 2010-01-20 14:40 -------- d-----w- e:\programdata\Alwil Software
2010-07-03 07:17 . 2010-01-18 15:57 -------- d-----w- e:\program files\Ashampoo
2010-07-03 07:15 . 2010-07-03 07:15 23 --sha-w- e:\windows\system32\fbdaabb3.dat
2010-07-02 14:52 . 2010-07-02 14:52 -------- d-----w- e:\program files\iPhone Explorer
2010-06-29 15:47 . 2010-06-29 15:46 7377592 ----a-w- e:\users\AleRx8\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build09.exe
2010-06-27 08:02 . 2010-01-18 15:54 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Ashampoo
2010-06-26 11:42 . 2010-06-26 11:41 -------- d-----w- e:\program files\SliderDock
2010-06-26 09:29 . 2010-06-26 09:29 71992 ----a-w- e:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-26 07:20 . 2010-06-26 07:19 -------- d-----w- e:\program files\The KMPlayer
2010-06-26 06:13 . 2010-06-26 06:13 -------- d-----w- e:\program files\Disney Interactive Studios
2010-06-26 05:36 . 2010-01-28 14:23 -------- d-----w- e:\users\AleRx8\AppData\Roaming\Hamachi
2010-06-26 05:15 . 2010-06-26 05:15 -------- d-----w- e:\program files\Hamachi
2010-06-26 05:15 . 2010-06-26 05:15 25280 ----a-w- e:\windows\system32\drivers\hamachi.sys
2010-06-24 15:06 . 2010-06-24 15:06 -------- d-----w- e:\program files\Web Page Maker V2
2010-06-24 14:47 . 2010-06-24 14:47 -------- d-----w- e:\program files\Bonjour
2010-06-24 14:46 . 2010-06-24 14:46 72504 ----a-w- e:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-24 14:07 . 2010-06-24 14:07 -------- d-----w- e:\program files\GamePark
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- e:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- e:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of e:\programdata\Comodo Downloader ----

---- Directory of e:\programdata\sysnfxo ----

2010-08-16 07:24 . 2010-08-16 07:24 94 ----a-w- e:\programdata\sysnfxo\ultraEngage

((((((((((((((((((((((((((((( SnapShot@2010-08-17_05.41.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 13:09 . 2010-08-17 07:52 16384 e:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-16 13:09 . 2010-08-16 11:23 16384 e:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-16 13:09 . 2010-08-16 11:23 32768 e:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-16 13:09 . 2010-08-17 07:52 32768 e:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:08 . 2010-08-16 11:23 16384 e:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:08 . 2010-08-17 07:52 16384 e:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-01 08:33 . 2010-08-17 06:57 16384 e:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-01 08:33 . 2010-08-17 05:27 16384 e:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-01 17:02 . 2010-08-16 15:10 32768 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-01 17:02 . 2010-08-17 08:00 32768 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-01 17:02 . 2010-08-16 15:10 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-02-01 17:02 . 2010-08-17 08:00 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-02-01 17:02 . 2010-08-17 08:00 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-01 17:02 . 2010-08-16 15:10 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-01 08:33 . 2010-08-17 05:27 32768 e:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-01 08:33 . 2010-08-17 08:00 32768 e:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-01 08:33 . 2010-08-17 06:57 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-01 08:33 . 2010-08-17 05:27 16384 e:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-17 05:30 . 2010-08-17 05:30 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-17 05:30 . 2010-08-17 08:16 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-17 05:30 . 2010-08-17 05:30 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-17 05:30 . 2010-08-17 08:16 2048 e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:21 . 2010-08-14 13:13 245760 e:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:21 . 2010-08-17 07:52 245760 e:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="e:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"Ocster Backup"="e:\program files\Ocster Backup\bin\backupClient-ox.exe" [2010-08-12 61208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

R0 PCGenFAM;PCGenFAM;e:\windows\system32\DRIVERS\PCGenFAM.sys [2010-06-17 179656]
R3 CTUPnPSv;Creative Centrale Media Server;e:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 DfSdkS;Defragmentation-Service;e:\program files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R3 MatSvc;Microsoft Automated Troubleshooting Service;e:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 npggsvc;nProtect GameGuard Service;e:\windows\system32\GameMon.des [2009-10-11 3369044]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;e:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-08 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;e:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 XobniService;XobniService;e:\program files\Xobni\XobniService.exe [2009-10-12 46824]
R4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;e:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 sptd;sptd;e:\windows\system32\Drivers\sptd.sys [2010-06-17 697328]
S1 Hmonitor45;Hmonitor45;e:\windows\system32\drivers\hmonitor45.sys [2010-07-15 10536]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ocster_backup;Ocster Backup;e:\program files\Ocster Backup\bin\backupService-ox.exe [2010-08-12 18200]
S2 SCRCAMHRDRV;ScreenCamera HR;e:\windows\system32\DRIVERS\SCRCAMHRDRV.sys [2010-03-01 234800]
S2 SolutoService;Soluto PCGenome Core Service;e:\program files\Soluto\SolutoService.exe [2010-06-17 338464]
S2 vmci;VMware vmci;e:\windows\system32\Drivers\vmci.sys [2010-05-20 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;e:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-05-20 539184]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;e:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;e:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2007-06-26 286208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
.
Obsah adresáře 'Naplánované úlohy'

2010-06-21 e:\windows\Tasks\AWC Startup.job
- e:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-01-19 15:33]
.
.
------- Doplňkový sken -------
.
IE: Download all by FlashGet3 - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: ????3?? - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - e:\users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
LSP: e:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\
FF - component: e:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: e:\users\AleRx8\AppData\Roaming\Mozilla\Firefox\Profiles\xtna1v3q.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="e:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="e:\\Users\\AleRx8\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="e:\\Users\\AleRx8\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:44,be,19,e7,c0,91,a3,a6,cf,d0,b6,88,f4,9f,f1,94,fc,00,fa,e7,bf,73,d1,
39,f3,9a,eb,da,f8,59,76,3b,fa,8a,cb,09,15,1d,89,a5,58,72,be,3a,b4,f6,17,d3,\
"??"=hex:45,20,e8,79,3b,03,2f,15,59,18,e4,56,b1,f7,d1,2f

[HKEY_USERS\S-1-5-21-1786341700-570025950-2881891393-1000\Software\SecuROM\License information*]
"datasecu"=hex:f5,f0,42,f6,1e,2d,db,a2,0d,42,16,60,a2,28,40,c0,76,b8,43,90,15,
5c,19,95,54,c5,94,7a,b3,f8,1f,55,52,a1,f7,83,b2,55,c1,04,f6,42,e9,30,97,b0,\
"rkeysecu"=hex:c0,ec,6f,3d,7c,b4,5d,e0,8f,cc,6a,00,a1,85,b0,1b
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2312)
e:\program files\RocketDock\RocketDock.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
e:\windows\system32\WUDFHost.exe
e:\windows\system32\atieclxx.exe
e:\windows\system32\taskhost.exe
e:\program files\Avira\AntiVir Desktop\avguard.exe
e:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\Creative\Shared Files\CTDevSrv.exe
e:\program files\Avira\AntiVir Desktop\avshadow.exe
e:\windows\system32\conhost.exe
e:\windows\system32\conhost.exe
e:\windows\system32\vmnat.exe
e:\windows\system32\vmnetdhcp.exe
e:\program files\VMware\VMware Player\vmware-authd.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
e:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-08-17 10:22:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-17 08:22
ComboFix2.txt 2010-08-17 05:42

Před spuštěním: Volných bajtů: 226 030 567 424
Po spuštění: Volných bajtů: 225 838 522 368

- - End Of File - - B11068D8C293265F8CDD726241F8209A

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:09, on 17.8.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
E:\Windows\system32\taskhost.exe
E:\Windows\system32\Dwm.exe
E:\Program Files\Ocster Backup\bin\backupClient-ox.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\RocketDock\RocketDock.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
E:\Windows\Explorer.exe
E:\Windows\system32\notepad.exe
E:\Program Files\Opera\opera.exe
E:\Users\AleRx8\Desktop\hijackthis.exe
E:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Ocster Backup] "E:\Program Files\Ocster Backup\bin\backupClient-ox.exe" --hidden
O4 - HKCU\..\Run: [RocketDock] "E:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-21-1786341700-570025950-2881891393-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '_ocster_backup_')
O4 - HKUS\S-1-5-21-1786341700-570025950-2881891393-1005\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User '_ocster_backup_')
O8 - Extra context menu item: Download all by FlashGet3 - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - E:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: e:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: e:\program files\vmware\vmware player\vsocklib.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - E:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - E:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - E:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - E:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - E:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Ocster Backup (ocster_backup) - Unknown owner - e:\Program Files\Ocster Backup\bin\backupService-ox.exe
O23 - Service: PnkBstrA - Unknown owner - E:\Windows\system32\PnkBstrA.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - E:\Program Files\Soluto\SolutoService.exe
O23 - Service: Steam Client Service - Valve Corporation - E:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - E:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - E:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - E:\Windows\system32\vmnat.exe
O23 - Service: XobniService - Xobni Corporation - E:\Program Files\Xobni\XobniService.exe

--
End of file - 5804 bytes

http://www.virustotal.com/file-scan/rep ... 1282033832
http://www.virustotal.com/file-scan/rep ... 1282034039
http://www.virustotal.com/file-scan/rep ... 1282034148
http://www.virustotal.com/file-scan/rep ... 1282034477
http://www.virustotal.com/file-scan/rep ... 1282034714

Už by to mělo být všechno

Fajn.

Tuto prázdnou složku smaž:
e:\programdata\sysnfxo

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - E:\Users\AleRx8\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (file missing)

e:\windows\system32\Mp3Ctrl.dll---smažeme v OTL.

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

Až budu mít chvilku , kouknu se.

OTL logy.rar: Má to moc znaků, tudíž jsem to musel zararovat; (22.71 KiB) Staženo 9 x

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
DRV - (VBoxNetFlt) -- E:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\Windows\SYSTEM32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
@Alternate Data Stream - 600 bytes -> E:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 194 bytes -> E:\ProgramData\TEMP:CAEDBDA6
@Alternate Data Stream - 185 bytes -> E:\ProgramData\TEMP:85551434
@Alternate Data Stream - 142 bytes -> E:\ProgramData\TEMP:820563D3
@Alternate Data Stream - 122 bytes -> E:\ProgramData\TEMP:7FDCA119

:Files
C:\WINDOWS\System32\*.tmp 
C:\WINDOWS\*.tmp 
C:\WINDOWS\system32\*.tmp.dll 
C:\WINDOWS\system32\SET*.tmp 
c:\windows\Tasks\*.job 
C:\*.tmp
E:\ProgramData\sysnfxo
E:\Windows\tasks\SA.DAT
E:\Users\AleRx8\Desktop\T-Cleaner.exe
e:\windows\system32\Mp3Ctrl.dll
E:\Users\AleRx8\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Reg
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Service VBoxNetFlt stopped successfully!
Service VBoxNetFlt deleted successfully!
File E:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS E:\ProgramData\TEMP:05EE1EEF deleted successfully.
ADS E:\ProgramData\TEMP:CAEDBDA6 deleted successfully.
ADS E:\ProgramData\TEMP:85551434 deleted successfully.
ADS E:\ProgramData\TEMP:820563D3 deleted successfully.
ADS E:\ProgramData\TEMP:7FDCA119 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
c:\windows\Tasks\1-Click Maintenance.job moved successfully.
c:\windows\Tasks\Ad-Aware Update (Daily 1).job moved successfully.
c:\windows\Tasks\Ad-Aware Update (Daily 2).job moved successfully.
c:\windows\Tasks\Ad-Aware Update (Daily 3).job moved successfully.
c:\windows\Tasks\Ad-Aware Update (Daily 4).job moved successfully.
c:\windows\Tasks\Ad-Aware Update (Weekly).job moved successfully.
c:\windows\Tasks\AppleSoftwareUpdate.job moved successfully.
c:\windows\Tasks\AWC AutoSweep.job moved successfully.
c:\windows\Tasks\Google Software Updater.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\Tasks\SmartDefrag.job moved successfully.
c:\windows\Tasks\User_Feed_Synchronization-{2498F1D9-1D26-4824-BAD2-0BEBA0B63F62}.job moved successfully.
File\Folder C:\*.tmp not found.
E:\ProgramData\sysnfxo folder moved successfully.
E:\Windows\tasks\SA.DAT moved successfully.
E:\Users\AleRx8\Desktop\T-Cleaner.exe moved successfully.
e:\windows\system32\Mp3Ctrl.dll moved successfully.
E:\Users\AleRx8\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: AleRx8
->Temp folder emptied: 3413 bytes
->Temporary Internet Files folder emptied: 6604306 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17446920 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 13754192 bytes
->Flash cache emptied: 1200 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: _ocster_backup_
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1977 bytes
RecycleBin emptied: 41984 bytes

Total Files Cleaned = 38.00 mb

[EMPTYFLASH]

User: AleRx8
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: _ocster_backup_

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08182010_101537

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Spusť OTL a klikni na Vyčisti.

Pak můžeš OTL smazat , C:\_OTL

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

PC-HELP.CZ

Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes

Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes

Re: Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes

Re: Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes Vyřešeno

Re: Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes

Re: Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes

Re: Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes

Re: Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes

Re: Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes

Re: Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes

Re: Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes

Re: Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes

Re: Prosím o rychlou kontrolu logu-36 nálezů v Malwarebytes