Prosim o kontrolu logu + Vyřešeno

[Mikros]

Zdravim
Prosim o kontrolu logu protoze blbne cpu a ram je pri programech typu skype,xfire na 40% :(

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:52:46, on 3.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\inteldh\common\SWUpdateClient.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodsTlbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IntelSWUpdateClient] C:\Program Files\Intel\inteldh\common\SWUpdateClient.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - (no file)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Con. Management Engine Local Manageability Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: ME Services Manager - Intel(R) Corporation - C:\Program Files\Intel\inteldh\msm\MSM.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Armed Assault Drivers Auto Removal (pr2agmlb) (pr2agmlb) - Bohemia Interactive - C:\Windows\system32\pr2agmlb.exe
O23 - Service: Software Services Manager - Intel(R) Corporation - C:\Program Files\Intel\inteldh\common\IntelDHSvcMgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 12198 bytes

Dekuji)

[Reklama]

[memphisto]

Odinstaluj:

ICQ Toolbar
Daemon Tools Toolbar
Ask Toolbar
BS Player Toolbar
facemoods Toolbar
Xfire Toolbar

u Windows Defendera vypni rezidentní štít. Běží ti už NOD.

V logu fixni:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - (no file)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - (no file)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Mikros]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4736

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

3.10.2010 13:30:44
mbam-log-2010-10-03 (13-30-44).txt

Typ skenu: Rychlý sken
Skenované objekty: 140918
Uplynulý čas: 3 minuta(y), 51 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Users\MIKES\downloads\keygen.exe (Hacktool.Keygen) -> No action taken.

[memphisto]

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Mikros]

z MBAMU
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4736

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

3.10.2010 13:51:48
mbam-log-2010-10-03 (13-51-48).txt

Typ skenu: Rychlý sken
Skenované objekty: 141007
Uplynulý čas: 3 minuta(y), 45 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Users\MIKES\downloads\keygen.exe (Hacktool.Keygen) -> Quarantined and deleted successfully.


z ComboFixu

ComboFix 10-10-02.02 - MIKES 03.10.2010 14:09:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3067.1973 [GMT 2:00]
Spuštěný z: c:\users\MIKES\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\MIKES\Documents\cc_20101002_095554.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-03 12:18 . 2010-10-03 12:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-03 11:03 . 2010-10-03 11:03 -------- d-----w- c:\users\MIKES\AppData\Roaming\Malwarebytes
2010-10-03 11:03 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 11:03 . 2010-10-03 11:03 -------- d-----w- c:\programdata\Malwarebytes
2010-10-03 11:03 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 11:03 . 2010-10-03 11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-03 10:26 . 2010-10-03 10:58 -------- d-----w- c:\users\MIKES\DoctorWeb
2010-10-03 09:50 . 2010-10-03 09:50 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-10-02 08:18 . 2010-10-02 08:18 -------- d---a-w- c:\windows\rundll16.exe
2010-10-02 08:18 . 2010-10-02 08:18 -------- d---a-w- c:\windows\logo1_.exe
2010-10-02 07:45 . 2010-10-02 07:45 -------- d---a-w- c:\windows\VDLL.DLL
2010-10-02 07:45 . 2010-10-02 07:45 -------- d---a-w- c:\windows\system32\runouce.exe
2010-10-02 07:45 . 2010-10-02 07:45 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-10-02 07:45 . 2010-10-02 07:45 -------- d---a-w- c:\windows\logo_1.exe
2010-10-02 07:40 . 2010-10-02 07:40 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-10-02 07:40 . 2009-02-28 17:57 632080 ----a-r- c:\windows\system32\msvcr80.dll
2010-10-02 07:40 . 2009-02-28 17:57 554256 ----a-r- c:\windows\system32\msvcp80.dll
2010-10-02 07:40 . 2010-10-02 07:40 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-10-02 07:40 . 2010-10-02 07:40 -------- d-----w- c:\programdata\MicroWorld
2010-10-02 07:37 . 2010-10-02 07:37 388096 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-02 07:37 . 2010-10-02 07:37 -------- d-----w- c:\program files\Trend Micro
2010-10-01 07:38 . 2010-10-01 07:38 -------- d-----w- C:\found.000
2010-09-29 15:03 . 2010-09-29 15:03 -------- d-----w- c:\program files\Futuremark
2010-09-29 13:44 . 2010-09-29 13:44 -------- d-----w- c:\program files\Lavalys
2010-09-29 07:31 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 15:43 . 2010-09-28 15:43 -------- d-----w- c:\users\MIKES\AppData\Roaming\Planetside Software
2010-09-28 15:22 . 2010-09-28 15:42 13094 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_f3e99.exe
2010-09-28 15:22 . 2010-09-28 15:42 13094 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_12db153c.exe
2010-09-28 15:22 . 2010-09-28 15:42 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_7e87390c.exe
2010-09-28 15:22 . 2010-09-28 15:22 -------- d-----w- c:\program files\Planetside Software
2010-09-26 18:02 . 2010-09-28 15:43 -------- d-----w- c:\users\MIKES\AppData\Roaming\uk.co.planetside
2010-09-26 17:50 . 2010-09-26 17:50 4710 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}\_294823.exe
2010-09-26 17:50 . 2010-09-26 17:50 4710 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}\_18be6784.exe
2010-09-26 17:50 . 2010-09-26 17:50 -------- d-----w- c:\program files\Terragen
2010-09-26 17:49 . 2010-09-26 18:07 -------- d-----w- c:\program files\KigoImageConverter
2010-09-21 14:33 . 2010-09-21 14:37 -------- d-----w- c:\users\MIKES\AppData\Roaming\mIRC
2010-09-21 14:33 . 2010-09-21 14:33 -------- d-----w- c:\program files\mIRC
2010-09-17 13:03 . 2010-09-17 13:03 -------- d-----w- c:\program files\FlashFire
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
2010-09-17 12:55 . 2010-09-17 12:57 -------- d-----w- c:\program files\Microsoft Bootvis
2010-09-15 17:34 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 17:34 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 17:34 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:34 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 18:16 . 2010-09-08 18:16 -------- d-----w- c:\users\MIKES\AppData\Local\Canon Easy-PhotoPrint EX
2010-09-05 12:30 . 2010-09-05 12:30 -------- d-----w- c:\users\MIKES\AppData\Roaming\Get from YouTube
2010-09-05 12:11 . 2010-09-05 12:11 -------- d-----w- c:\program files\Vstplugins

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 12:04 . 2010-03-22 14:23 -------- d-----w- c:\users\MIKES\AppData\Roaming\Xfire
2010-10-03 11:56 . 2010-03-29 16:31 -------- d-----w- c:\program files\Common Files\Akamai
2010-10-03 11:56 . 2009-12-17 16:19 -------- d-----w- c:\users\MIKES\AppData\Roaming\uTorrent
2010-10-03 09:48 . 2009-12-17 12:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-10-03 09:46 . 2009-12-17 16:37 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-03 09:39 . 2009-12-17 16:37 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-03 08:25 . 2010-04-29 12:48 -------- d-----w- c:\users\MIKES\AppData\Roaming\HLSW
2010-10-03 08:24 . 2010-04-04 14:49 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-10-01 18:56 . 2009-12-17 12:25 -------- d-----w- c:\users\MIKES\AppData\Roaming\Skype
2010-10-01 15:26 . 2009-12-17 12:26 -------- d-----w- c:\users\MIKES\AppData\Roaming\skypePM
2010-10-01 14:05 . 2010-08-27 15:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-01 08:34 . 2010-03-30 04:55 -------- d-----w- c:\programdata\FLEXnet
2010-10-01 07:57 . 2010-03-22 14:23 -------- d-----w- c:\programdata\Xfire
2010-09-29 15:10 . 2009-12-17 13:30 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-26 12:22 . 2009-12-17 15:41 -------- d-----w- c:\programdata\Media Center Programs
2010-09-26 12:10 . 2009-12-17 13:32 -------- d-----w- c:\program files\Ubisoft
2010-09-26 12:10 . 2009-12-16 07:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-26 10:46 . 2009-12-17 12:59 -------- d-----w- c:\program files\Steam
2010-09-25 16:18 . 2009-12-22 19:15 -------- d-----w- c:\users\MIKES\AppData\Roaming\Vso
2010-09-20 05:16 . 2008-01-21 06:46 675204 ----a-w- c:\windows\system32\perfh005.dat
2010-09-20 05:16 . 2008-01-21 06:46 146788 ----a-w- c:\windows\system32\perfc005.dat
2010-09-20 05:11 . 2009-12-17 15:24 -------- d-----w- c:\programdata\CanonIJPLM
2010-09-16 10:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-13 04:40 . 2009-12-17 16:20 -------- d-----w- c:\program files\uTorrent
2010-09-06 18:49 . 2010-08-26 10:56 -------- d-----w- c:\users\MIKES\AppData\Roaming\Cool Record Edit Pro
2010-09-06 14:26 . 2009-12-16 07:24 -------- d--h--w- c:\program files\Temp
2010-09-06 14:25 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-06 14:25 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-06 14:25 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-06 14:25 . 2009-12-16 07:24 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-09-06 14:15 . 2009-12-16 07:17 1356 ----a-w- c:\users\MIKES\AppData\Local\d3d9caps.dat
2010-09-06 14:15 . 2010-08-11 01:22 1100 ----a-w- c:\users\MIKES\AppData\Local\d3d8caps.dat
2010-09-05 12:12 . 2010-04-17 15:39 -------- d-----w- c:\program files\Sony
2010-09-05 12:09 . 2010-04-17 15:39 -------- d-----w- c:\program files\Sony Setup
2010-09-05 11:18 . 2010-04-14 13:54 -------- d-----w- c:\users\MIKES\AppData\Roaming\Sony
2010-09-05 11:17 . 2010-04-14 15:27 -------- d-----w- c:\programdata\Sony
2010-09-01 11:14 . 2010-03-30 04:51 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-31 12:26 . 2010-08-31 11:08 -------- d-----w- c:\program files\2K Games
2010-08-31 11:14 . 2009-12-17 12:59 -------- d-----w- c:\program files\Common Files\Steam
2010-08-30 17:59 . 2010-08-30 17:59 -------- d-----w- c:\program files\Electronic Arts
2010-08-29 13:06 . 2010-08-29 13:06 -------- d-----w- c:\programdata\ATI
2010-08-29 13:03 . 2009-12-16 07:50 -------- d-----w- c:\program files\ATI
2010-08-29 13:03 . 2010-08-29 13:01 -------- d-----w- c:\program files\ATI Technologies
2010-08-27 13:08 . 2010-08-27 13:03 -------- d-----w- c:\programdata\Symantec
2010-08-27 13:03 . 2010-08-27 13:03 -------- d-----w- c:\programdata\Norton
2010-08-27 13:03 . 2010-08-27 13:03 -------- d-----w- c:\program files\Norton Security Scan
2010-08-27 13:03 . 2010-08-27 13:03 -------- d-----w- c:\programdata\NortonInstaller
2010-08-27 13:03 . 2010-08-27 13:03 -------- d-----w- c:\program files\NortonInstaller
2010-08-27 10:45 . 2010-08-18 08:23 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-27 10:37 . 2010-08-27 10:37 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-27 10:37 . 2010-08-18 08:18 -------- d-----w- c:\programdata\DivX
2010-08-27 10:37 . 2010-08-18 08:19 -------- d-----w- c:\program files\DivX
2010-08-27 10:37 . 2010-08-27 10:37 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-27 10:36 . 2010-08-27 10:36 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-08-27 10:35 . 2010-08-27 10:35 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-08-27 10:14 . 2010-08-27 10:14 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-08-27 10:11 . 2010-08-27 10:11 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-27 09:59 . 2010-08-27 10:38 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-08-27 09:59 . 2010-08-27 09:59 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-27 09:59 . 2010-08-18 08:22 1090856 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-08-27 09:59 . 2010-08-18 08:22 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-26 18:45 . 2010-08-26 18:45 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2010-08-26 18:45 . 2010-08-26 18:45 -------- d-----w- c:\program files\LooksBuilder
2010-08-26 10:56 . 2010-08-26 10:56 -------- d-----w- c:\program files\Cool Record Edit Pro
2010-08-24 06:14 . 2010-04-17 12:29 -------- d-----w- c:\program files\NuGardt Software
2010-08-23 11:10 . 2010-07-20 08:47 -------- d-----w- c:\program files\A1Click Ultra PC Cleaner
2010-08-22 14:21 . 2010-07-20 12:11 -------- d-----w- c:\programdata\Lavasoft
2010-08-22 14:19 . 2010-08-22 14:19 -------- d-----w- c:\program files\Lavasoft
2010-08-22 14:18 . 2010-02-02 20:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-22 14:09 . 2010-07-19 12:27 -------- d-----w- c:\users\MIKES\AppData\Roaming\Media Player Classic
2010-08-22 11:25 . 2010-08-22 11:25 -------- d-----w- c:\program files\Common Files\Java
2010-08-22 11:25 . 2010-07-03 13:16 -------- d-----w- c:\program files\Java
2010-08-22 10:56 . 2010-08-22 10:56 -------- d-----w- c:\program files\ESET
2010-08-22 10:52 . 2010-05-12 10:10 -------- d-----w- c:\programdata\Pinnacle
2010-08-19 16:21 . 2010-08-19 15:20 -------- d-----w- c:\program files\megui
2010-08-19 15:18 . 2010-03-02 20:08 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-19 11:26 . 2009-12-16 07:17 94488 ----a-w- c:\users\MIKES\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 08:24 . 2010-08-18 08:22 -------- d-----w- c:\users\MIKES\AppData\Roaming\DivX
2010-08-09 13:13 . 2009-12-17 12:48 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-09 12:34 . 2010-08-27 12:16 14336 ----a-w- c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
2010-08-08 17:51 . 2010-08-08 17:51 1783 ----a-w- c:\windows\unins000.dat
2010-08-08 17:51 . 2010-08-08 17:51 695642 ----a-w- c:\windows\unins000.exe
2010-08-07 12:42 . 2010-08-07 12:42 -------- d-----w- c:\program files\W3i, LLC
2010-08-07 12:42 . 2010-08-07 12:42 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-08-07 12:42 . 2010-08-07 12:42 -------- d-----w- c:\program files\Freeze.com
2010-08-07 09:03 . 2010-04-27 13:35 2473 ----a-w- c:\users\MIKES\AppData\Roaming\MathWorks\MATLAB\mcr_v77\LCEffects_868F71BA03203FCA99BCF24D07C649A2\compopts.bat
2010-08-06 15:02 . 2010-08-06 14:59 -------- d-----w- c:\program files\3DRipperDX1
2010-08-06 14:59 . 2010-07-14 09:21 -------- d-----w- c:\program files\3DRipperDX
2010-08-04 16:02 . 2010-08-04 15:59 -------- d-----w- c:\program files\Autodesk
2010-08-04 16:00 . 2010-08-04 16:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-08-04 15:59 . 2010-04-24 07:19 -------- d-----w- c:\programdata\Autodesk
2010-07-29 06:07 . 2010-07-29 06:07 107888 ------w- c:\windows\system32\CmdLineExt.dll
2010-07-20 12:15 . 2010-07-20 12:15 95024 ------w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-17 03:00 . 2010-07-03 13:17 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 09:59 . 2010-07-14 09:59 56 ------w- c:\windows\system32\ezsidmv.dat
2010-07-14 08:00 . 2010-07-19 12:32 108032 ------w- c:\windows\system32\ff_vfw.dll
2010-07-09 19:04 . 2010-07-09 19:04 41872 ------w- c:\windows\system32\xfcodec.dll
2010-07-07 07:04 . 2009-12-17 13:30 413696 ------w- c:\windows\system32\wrap_oal.dll
2010-07-07 05:43 . 2010-07-07 05:43 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8D6E.tmp.exe
2010-07-06 14:45 . 2010-07-06 14:45 368640 ----a-w- c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-17 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-12 328568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IntelSWUpdateClient"="c:\program files\Intel\inteldh\common\SWUpdateClient.exe" [2008-07-16 129424]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-08-27 233588]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-11-16 307200]

c:\users\MIKES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R2 pr2agmlb;Armed Assault Drivers Auto Removal (pr2agmlb);c:\windows\system32\pr2agmlb.exe svc [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-28 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-04-28 79360]
S0 ffire;FlashFire;c:\windows\system32\DRIVERS\ffirel.sys [2009-07-23 14336]
S0 pe3agmlb;Armed Assault Environment Driver (pe3agmlb);c:\windows\system32\drivers\pe3agmlb.sys [2007-06-04 65408]
S0 ps6agmlb;Armed Assault Synchronization Driver (ps6agmlb);c:\windows\system32\drivers\ps6agmlb.sys [2007-06-04 55688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
S2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2010-04-14 1648480]
S2 ME Services Manager;ME Services Manager;c:\program files\Intel\inteldh\msm\MSM.exe [2008-07-16 1628560]
S2 Software Services Manager;Software Services Manager;c:\program files\Intel\inteldh\common\IntelDHSvcMgr.exe [2008-07-16 51088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-11-21 220288]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 17408]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 131152]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 14:54]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 14:54]

2010-10-02 c:\windows\Tasks\Norton Security Scan for MIKES.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-27 07:48]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1750559
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 14:18
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-10-03 14:22:06
ComboFix-quarantined-files.txt 2010-10-03 12:22

Před spuštěním: Volných bajtů: 179 136 815 104
Po spuštění: Volných bajtů: 182 350 258 176

- - End Of File - - FEE75C8763775FB611A9EA96EC615B39

[jaro3]

Odinstaluj:
Symatec/Norton/ Norton Security Scan


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\_MSRSTRT.EXE
c:\windows\system32\perfh005.dat
c:\windows\system32\perfc005.dat
c:\users\MIKES\AppData\Local\d3d9caps.dat
c:\users\MIKES\AppData\Local\d3d8caps.dat
c:\windows\unins000.dat
c:\windows\unins000.exe
c:\windows\system32\ezsidmv.dat
c:\windows\Tasks\Norton Security Scan for MIKES.job
c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe

Folder::
c:\windows\VDLL.DLL
C:\found.000
c:\program files\DAEMON Tools Toolbar
c:\program files\Norton Security Scan
c:\programdata\NortonInstaller
c:\program files\NortonInstaller

DirLook::
c:\program files\Temp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=-
"EnableUIADesktopToggle"=-

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1750559
uInternet Settings,ProxyOverride = *.local

Firefox::
FF - ProfilePath - c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\spoolsv.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[Mikros]

huf tak to zas mam

log z HJT


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:52:46, on 3.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\inteldh\common\SWUpdateClient.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.8.1\bh\facemoods.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodsTlbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IntelSWUpdateClient] C:\Program Files\Intel\inteldh\common\SWUpdateClient.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.8.1\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - (no file)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Con. Management Engine Local Manageability Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: ME Services Manager - Intel(R) Corporation - C:\Program Files\Intel\inteldh\msm\MSM.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Armed Assault Drivers Auto Removal (pr2agmlb) (pr2agmlb) - Bohemia Interactive - C:\Windows\system32\pr2agmlb.exe
O23 - Service: Software Services Manager - Intel(R) Corporation - C:\Program Files\Intel\inteldh\common\IntelDHSvcMgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 12198 bytes

log z ComboFixu

ComboFix 10-10-02.02 - MIKES 03.10.2010 17:38:40.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3067.2313 [GMT 2:00]
Spuštěný z: c:\users\MIKES\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\MIKES\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe"
"c:\users\MIKES\AppData\Local\d3d8caps.dat"
"c:\users\MIKES\AppData\Local\d3d9caps.dat"
"c:\windows\_MSRSTRT.EXE"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\Tasks\Norton Security Scan for MIKES.job"
"c:\windows\unins000.dat"
"c:\windows\unins000.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.000
c:\found.000\dir0000.chk\vcredis1.cab
c:\found.000\dir0000.chk\vcredist.msi
c:\found.000\file0000.chk
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\NortonInstaller
c:\programdata\NortonInstaller
c:\programdata\NortonInstaller\Logs\08-27-2010-15h03m19s\Install.1.mft.7z
c:\programdata\NortonInstaller\Logs\08-27-2010-15h03m19s\NortonInstall-08-27-2010-15h03m19s.log
c:\programdata\NortonInstaller\Logs\10-03-2010-17h28m06s\Install.1.mft.7z
c:\programdata\NortonInstaller\Logs\10-03-2010-17h28m06s\NortonInstall-10-03-2010-17h28m06s.log
c:\programdata\NortonInstaller\Logs\10-03-2010-17h28m19s\NortonInstall-10-03-2010-17h28m19s.log
c:\users\MIKES\AppData\Local\d3d8caps.dat
c:\users\MIKES\AppData\Local\d3d9caps.dat
c:\windows\_MSRSTRT.EXE
c:\windows\system32\ezsidmv.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\unins000.dat
c:\windows\unins000.exe
c:\windows\VDLL.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-03 15:44 . 2010-10-03 15:47 -------- d-----w- c:\users\MIKES\AppData\Local\temp
2010-10-03 15:44 . 2010-10-03 15:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-03 15:44 . 2010-10-03 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-03 11:03 . 2010-10-03 11:03 -------- d-----w- c:\users\MIKES\AppData\Roaming\Malwarebytes
2010-10-03 11:03 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 11:03 . 2010-10-03 11:03 -------- d-----w- c:\programdata\Malwarebytes
2010-10-03 11:03 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 11:03 . 2010-10-03 11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-03 10:26 . 2010-10-03 10:58 -------- d-----w- c:\users\MIKES\DoctorWeb
2010-10-02 08:18 . 2010-10-02 08:18 -------- d---a-w- c:\windows\rundll16.exe
2010-10-02 08:18 . 2010-10-02 08:18 -------- d---a-w- c:\windows\logo1_.exe
2010-10-02 07:45 . 2010-10-02 07:45 -------- d---a-w- c:\windows\system32\runouce.exe
2010-10-02 07:45 . 2010-10-02 07:45 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-10-02 07:45 . 2010-10-02 07:45 -------- d---a-w- c:\windows\logo_1.exe
2010-10-02 07:40 . 2010-10-02 07:40 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-10-02 07:40 . 2009-02-28 17:57 632080 ----a-r- c:\windows\system32\msvcr80.dll
2010-10-02 07:40 . 2009-02-28 17:57 554256 ----a-r- c:\windows\system32\msvcp80.dll
2010-10-02 07:40 . 2010-10-02 07:40 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-10-02 07:40 . 2010-10-02 07:40 -------- d-----w- c:\programdata\MicroWorld
2010-10-02 07:37 . 2010-10-02 07:37 388096 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-02 07:37 . 2010-10-02 07:37 -------- d-----w- c:\program files\Trend Micro
2010-09-29 15:03 . 2010-09-29 15:03 -------- d-----w- c:\program files\Futuremark
2010-09-29 13:44 . 2010-09-29 13:44 -------- d-----w- c:\program files\Lavalys
2010-09-29 07:31 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 15:43 . 2010-09-28 15:43 -------- d-----w- c:\users\MIKES\AppData\Roaming\Planetside Software
2010-09-28 15:22 . 2010-09-28 15:42 13094 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_f3e99.exe
2010-09-28 15:22 . 2010-09-28 15:42 13094 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_12db153c.exe
2010-09-28 15:22 . 2010-09-28 15:42 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_7e87390c.exe
2010-09-28 15:22 . 2010-09-28 15:22 -------- d-----w- c:\program files\Planetside Software
2010-09-26 18:02 . 2010-09-28 15:43 -------- d-----w- c:\users\MIKES\AppData\Roaming\uk.co.planetside
2010-09-26 17:50 . 2010-09-26 17:50 4710 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}\_294823.exe
2010-09-26 17:50 . 2010-09-26 17:50 4710 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}\_18be6784.exe
2010-09-26 17:50 . 2010-09-26 17:50 -------- d-----w- c:\program files\Terragen
2010-09-26 17:49 . 2010-09-26 18:07 -------- d-----w- c:\program files\KigoImageConverter
2010-09-21 14:33 . 2010-09-21 14:37 -------- d-----w- c:\users\MIKES\AppData\Roaming\mIRC
2010-09-21 14:33 . 2010-09-21 14:33 -------- d-----w- c:\program files\mIRC
2010-09-17 13:03 . 2010-09-17 13:03 -------- d-----w- c:\program files\FlashFire
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
2010-09-17 12:55 . 2010-09-17 12:57 -------- d-----w- c:\program files\Microsoft Bootvis
2010-09-15 17:34 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 17:34 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 17:34 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:34 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 18:16 . 2010-09-08 18:16 -------- d-----w- c:\users\MIKES\AppData\Local\Canon Easy-PhotoPrint EX
2010-09-05 12:30 . 2010-09-05 12:30 -------- d-----w- c:\users\MIKES\AppData\Roaming\Get from YouTube
2010-09-05 12:11 . 2010-09-05 12:11 -------- d-----w- c:\program files\Vstplugins

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 15:47 . 2010-03-29 16:31 -------- d-----w- c:\program files\Common Files\Akamai
2010-10-03 15:47 . 2009-12-17 16:19 -------- d-----w- c:\users\MIKES\AppData\Roaming\uTorrent
2010-10-03 15:28 . 2010-08-27 13:03 -------- d-----w- c:\programdata\Norton
2010-10-03 15:28 . 2010-08-27 13:03 -------- d-----w- c:\programdata\Symantec
2010-10-03 15:27 . 2010-03-22 14:23 -------- d-----w- c:\users\MIKES\AppData\Roaming\Xfire
2010-10-03 14:38 . 2009-12-17 16:37 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-03 14:38 . 2009-12-17 16:37 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-03 08:25 . 2010-04-29 12:48 -------- d-----w- c:\users\MIKES\AppData\Roaming\HLSW
2010-10-03 08:24 . 2010-04-04 14:49 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-10-01 18:56 . 2009-12-17 12:25 -------- d-----w- c:\users\MIKES\AppData\Roaming\Skype
2010-10-01 15:26 . 2009-12-17 12:26 -------- d-----w- c:\users\MIKES\AppData\Roaming\skypePM
2010-10-01 14:05 . 2010-08-27 15:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-01 08:34 . 2010-03-30 04:55 -------- d-----w- c:\programdata\FLEXnet
2010-10-01 07:57 . 2010-03-22 14:23 -------- d-----w- c:\programdata\Xfire
2010-09-29 15:10 . 2009-12-17 13:30 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-26 12:22 . 2009-12-17 15:41 -------- d-----w- c:\programdata\Media Center Programs
2010-09-26 12:10 . 2009-12-17 13:32 -------- d-----w- c:\program files\Ubisoft
2010-09-26 12:10 . 2009-12-16 07:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-26 10:46 . 2009-12-17 12:59 -------- d-----w- c:\program files\Steam
2010-09-25 16:18 . 2009-12-22 19:15 -------- d-----w- c:\users\MIKES\AppData\Roaming\Vso
2010-09-20 05:11 . 2009-12-17 15:24 -------- d-----w- c:\programdata\CanonIJPLM
2010-09-16 10:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-13 04:40 . 2009-12-17 16:20 -------- d-----w- c:\program files\uTorrent
2010-09-06 18:49 . 2010-08-26 10:56 -------- d-----w- c:\users\MIKES\AppData\Roaming\Cool Record Edit Pro
2010-09-06 14:26 . 2009-12-16 07:24 -------- d--h--w- c:\program files\Temp
2010-09-06 14:25 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-06 14:25 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-06 14:25 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-06 14:25 . 2009-12-16 07:24 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-09-05 12:12 . 2010-04-17 15:39 -------- d-----w- c:\program files\Sony
2010-09-05 12:09 . 2010-04-17 15:39 -------- d-----w- c:\program files\Sony Setup
2010-09-05 11:18 . 2010-04-14 13:54 -------- d-----w- c:\users\MIKES\AppData\Roaming\Sony
2010-09-05 11:17 . 2010-04-14 15:27 -------- d-----w- c:\programdata\Sony
2010-09-01 11:14 . 2010-03-30 04:51 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-31 12:26 . 2010-08-31 11:08 -------- d-----w- c:\program files\2K Games
2010-08-31 11:14 . 2009-12-17 12:59 -------- d-----w- c:\program files\Common Files\Steam
2010-08-30 17:59 . 2010-08-30 17:59 -------- d-----w- c:\program files\Electronic Arts
2010-08-29 13:06 . 2010-08-29 13:06 -------- d-----w- c:\programdata\ATI
2010-08-29 13:03 . 2009-12-16 07:50 -------- d-----w- c:\program files\ATI
2010-08-29 13:03 . 2010-08-29 13:01 -------- d-----w- c:\program files\ATI Technologies
2010-08-27 10:45 . 2010-08-18 08:23 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-27 10:37 . 2010-08-27 10:37 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-27 10:37 . 2010-08-18 08:18 -------- d-----w- c:\programdata\DivX
2010-08-27 10:37 . 2010-08-18 08:19 -------- d-----w- c:\program files\DivX
2010-08-27 10:37 . 2010-08-27 10:37 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-27 10:36 . 2010-08-27 10:36 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-08-27 10:35 . 2010-08-27 10:35 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-08-27 10:14 . 2010-08-27 10:14 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-08-27 10:11 . 2010-08-27 10:11 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-27 09:59 . 2010-08-27 10:38 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-08-27 09:59 . 2010-08-27 09:59 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-27 09:59 . 2010-08-18 08:22 1090856 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-08-27 09:59 . 2010-08-18 08:22 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-26 18:45 . 2010-08-26 18:45 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2010-08-26 18:45 . 2010-08-26 18:45 -------- d-----w- c:\program files\LooksBuilder
2010-08-26 10:56 . 2010-08-26 10:56 -------- d-----w- c:\program files\Cool Record Edit Pro
2010-08-24 06:14 . 2010-04-17 12:29 -------- d-----w- c:\program files\NuGardt Software
2010-08-23 11:10 . 2010-07-20 08:47 -------- d-----w- c:\program files\A1Click Ultra PC Cleaner
2010-08-22 14:21 . 2010-07-20 12:11 -------- d-----w- c:\programdata\Lavasoft
2010-08-22 14:19 . 2010-08-22 14:19 -------- d-----w- c:\program files\Lavasoft
2010-08-22 14:18 . 2010-02-02 20:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-22 14:09 . 2010-07-19 12:27 -------- d-----w- c:\users\MIKES\AppData\Roaming\Media Player Classic
2010-08-22 11:25 . 2010-08-22 11:25 -------- d-----w- c:\program files\Common Files\Java
2010-08-22 11:25 . 2010-07-03 13:16 -------- d-----w- c:\program files\Java
2010-08-22 10:56 . 2010-08-22 10:56 -------- d-----w- c:\program files\ESET
2010-08-22 10:52 . 2010-05-12 10:10 -------- d-----w- c:\programdata\Pinnacle
2010-08-19 16:21 . 2010-08-19 15:20 -------- d-----w- c:\program files\megui
2010-08-19 15:18 . 2010-03-02 20:08 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-19 11:26 . 2009-12-16 07:17 94488 ----a-w- c:\users\MIKES\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 08:24 . 2010-08-18 08:22 -------- d-----w- c:\users\MIKES\AppData\Roaming\DivX
2010-08-09 13:13 . 2009-12-17 12:48 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-09 12:34 . 2010-08-27 12:16 14336 ----a-w- c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
2010-08-07 12:42 . 2010-08-07 12:42 -------- d-----w- c:\program files\W3i, LLC
2010-08-07 12:42 . 2010-08-07 12:42 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-08-07 12:42 . 2010-08-07 12:42 -------- d-----w- c:\program files\Freeze.com
2010-08-07 09:03 . 2010-04-27 13:35 2473 ----a-w- c:\users\MIKES\AppData\Roaming\MathWorks\MATLAB\mcr_v77\LCEffects_868F71BA03203FCA99BCF24D07C649A2\compopts.bat
2010-08-06 15:02 . 2010-08-06 14:59 -------- d-----w- c:\program files\3DRipperDX1
2010-08-06 14:59 . 2010-07-14 09:21 -------- d-----w- c:\program files\3DRipperDX
2010-08-04 16:02 . 2010-08-04 15:59 -------- d-----w- c:\program files\Autodesk
2010-08-04 16:00 . 2010-08-04 16:00 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-08-04 15:59 . 2010-04-24 07:19 -------- d-----w- c:\programdata\Autodesk
2010-07-29 06:07 . 2010-07-29 06:07 107888 ------w- c:\windows\system32\CmdLineExt.dll
2010-07-20 12:15 . 2010-07-20 12:15 95024 ------w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-17 03:00 . 2010-07-03 13:17 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 08:00 . 2010-07-19 12:32 108032 ------w- c:\windows\system32\ff_vfw.dll
2010-07-09 19:04 . 2010-07-09 19:04 41872 ------w- c:\windows\system32\xfcodec.dll
2010-07-07 07:04 . 2009-12-17 13:30 413696 ------w- c:\windows\system32\wrap_oal.dll
2010-07-07 05:43 . 2010-07-07 05:43 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8D6E.tmp.exe
2010-07-06 14:45 . 2010-07-06 14:45 368640 ----a-w- c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
2010-07-06 04:23 . 2010-07-06 04:23 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDBE1.tmp.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Temp ----



(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-17 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-12 328568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IntelSWUpdateClient"="c:\program files\Intel\inteldh\common\SWUpdateClient.exe" [2008-07-16 129424]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-08-27 233588]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-11-16 307200]

c:\users\MIKES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
R2 pr2agmlb;Armed Assault Drivers Auto Removal (pr2agmlb);c:\windows\system32\pr2agmlb.exe svc [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-28 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-04-28 79360]
S0 ffire;FlashFire;c:\windows\system32\DRIVERS\ffirel.sys [2009-07-23 14336]
S0 pe3agmlb;Armed Assault Environment Driver (pe3agmlb);c:\windows\system32\drivers\pe3agmlb.sys [2007-06-04 65408]
S0 ps6agmlb;Armed Assault Synchronization Driver (ps6agmlb);c:\windows\system32\drivers\ps6agmlb.sys [2007-06-04 55688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
S2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2010-04-14 1648480]
S2 ME Services Manager;ME Services Manager;c:\program files\Intel\inteldh\msm\MSM.exe [2008-07-16 1628560]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
S2 Software Services Manager;Software Services Manager;c:\program files\Intel\inteldh\common\IntelDHSvcMgr.exe [2008-07-16 51088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-11-21 220288]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 17408]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 131152]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 14:54]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 14:54]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-{F59AC46C-10C3-4023-882C-4212A92283B3}_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 17:48
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3372)
c:\program files\Xfire\xfire_toucan_43094.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\conime.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2010-10-03 17:52:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-03 15:52
ComboFix2.txt 2010-10-03 12:22

Před spuštěním: Volných bajtů: 182 745 300 992
Po spuštění: Volných bajtů: 183 382 155 264

- - End Of File - - B4BF760608F0A3380261E4C54BEA218B


Virus total - http://www.virustotal.com/file-scan/rep ... 1286122001

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\programdata\Norton
c:\programdata\Symantec
c:\program files\Temp

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT(vložil si starý log z HJT ---
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:52:46, on 3.10.2010)

[Mikros]

ComboFix log

ComboFix 10-10-02.02 - MIKES 03.10.2010 19:27:05.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3067.1861 [GMT 2:00]
Spuštěný z: c:\users\MIKES\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\MIKES\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Temp
c:\programdata\Norton
c:\programdata\Norton\symdata.xml
c:\programdata\Symantec
c:\programdata\Symantec\symdata.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-03 17:34 . 2010-10-03 17:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-03 17:34 . 2010-10-03 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-03 15:44 . 2010-10-03 17:34 -------- d-----w- c:\users\MIKES\AppData\Local\temp
2010-10-03 11:03 . 2010-10-03 11:03 -------- d-----w- c:\users\MIKES\AppData\Roaming\Malwarebytes
2010-10-03 11:03 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-03 11:03 . 2010-10-03 11:03 -------- d-----w- c:\programdata\Malwarebytes
2010-10-03 11:03 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-03 11:03 . 2010-10-03 11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-03 10:26 . 2010-10-03 10:58 -------- d-----w- c:\users\MIKES\DoctorWeb
2010-10-02 08:18 . 2010-10-02 08:18 -------- d---a-w- c:\windows\rundll16.exe
2010-10-02 08:18 . 2010-10-02 08:18 -------- d---a-w- c:\windows\logo1_.exe
2010-10-02 07:45 . 2010-10-02 07:45 -------- d---a-w- c:\windows\system32\runouce.exe
2010-10-02 07:45 . 2010-10-02 07:45 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-10-02 07:45 . 2010-10-02 07:45 -------- d---a-w- c:\windows\logo_1.exe
2010-10-02 07:40 . 2010-10-02 07:40 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-10-02 07:40 . 2009-02-28 17:57 632080 ----a-r- c:\windows\system32\msvcr80.dll
2010-10-02 07:40 . 2009-02-28 17:57 554256 ----a-r- c:\windows\system32\msvcp80.dll
2010-10-02 07:40 . 2010-10-02 07:40 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-10-02 07:40 . 2010-10-02 07:40 -------- d-----w- c:\programdata\MicroWorld
2010-10-02 07:37 . 2010-10-02 07:37 388096 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-02 07:37 . 2010-10-02 07:37 -------- d-----w- c:\program files\Trend Micro
2010-09-29 15:03 . 2010-09-29 15:03 -------- d-----w- c:\program files\Futuremark
2010-09-29 13:44 . 2010-09-29 13:44 -------- d-----w- c:\program files\Lavalys
2010-09-29 07:31 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 15:43 . 2010-09-28 15:43 -------- d-----w- c:\users\MIKES\AppData\Roaming\Planetside Software
2010-09-28 15:22 . 2010-09-28 15:42 13094 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_f3e99.exe
2010-09-28 15:22 . 2010-09-28 15:42 13094 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_12db153c.exe
2010-09-28 15:22 . 2010-09-28 15:42 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCCC1B61-1E92-4388-9AFC-5C883071833D}\_7e87390c.exe
2010-09-28 15:22 . 2010-09-28 15:22 -------- d-----w- c:\program files\Planetside Software
2010-09-26 18:02 . 2010-09-28 15:43 -------- d-----w- c:\users\MIKES\AppData\Roaming\uk.co.planetside
2010-09-26 17:50 . 2010-09-26 17:50 4710 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}\_294823.exe
2010-09-26 17:50 . 2010-09-26 17:50 4710 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}\_18be6784.exe
2010-09-26 17:50 . 2010-09-26 17:50 -------- d-----w- c:\program files\Terragen
2010-09-26 17:49 . 2010-09-26 18:07 -------- d-----w- c:\program files\KigoImageConverter
2010-09-21 14:33 . 2010-09-21 14:37 -------- d-----w- c:\users\MIKES\AppData\Roaming\mIRC
2010-09-21 14:33 . 2010-09-21 14:33 -------- d-----w- c:\program files\mIRC
2010-09-17 13:03 . 2010-09-17 13:03 -------- d-----w- c:\program files\FlashFire
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
2010-09-17 12:55 . 2010-09-17 12:57 1078 ----a-r- c:\users\MIKES\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
2010-09-17 12:55 . 2010-09-17 12:57 -------- d-----w- c:\program files\Microsoft Bootvis
2010-09-15 17:34 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 17:34 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 17:34 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:34 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-08 18:16 . 2010-09-08 18:16 -------- d-----w- c:\users\MIKES\AppData\Local\Canon Easy-PhotoPrint EX
2010-09-05 12:30 . 2010-09-05 12:30 -------- d-----w- c:\users\MIKES\AppData\Roaming\Get from YouTube
2010-09-05 12:11 . 2010-09-05 12:11 -------- d-----w- c:\program files\Vstplugins

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 16:46 . 2010-03-29 16:31 -------- d-----w- c:\program files\Common Files\Akamai
2010-10-03 16:16 . 2009-12-17 16:19 -------- d-----w- c:\users\MIKES\AppData\Roaming\uTorrent
2010-10-03 15:27 . 2010-03-22 14:23 -------- d-----w- c:\users\MIKES\AppData\Roaming\Xfire
2010-10-03 14:38 . 2009-12-17 16:37 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-03 14:38 . 2009-12-17 16:37 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-03 08:25 . 2010-04-29 12:48 -------- d-----w- c:\users\MIKES\AppData\Roaming\HLSW
2010-10-03 08:24 . 2010-04-04 14:49 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-10-01 18:56 . 2009-12-17 12:25 -------- d-----w- c:\users\MIKES\AppData\Roaming\Skype
2010-10-01 15:26 . 2009-12-17 12:26 -------- d-----w- c:\users\MIKES\AppData\Roaming\skypePM
2010-10-01 14:05 . 2010-08-27 15:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-01 08:34 . 2010-03-30 04:55 -------- d-----w- c:\programdata\FLEXnet
2010-10-01 07:57 . 2010-03-22 14:23 -------- d-----w- c:\programdata\Xfire
2010-09-29 15:10 . 2009-12-17 13:30 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-26 12:22 . 2009-12-17 15:41 -------- d-----w- c:\programdata\Media Center Programs
2010-09-26 12:10 . 2009-12-17 13:32 -------- d-----w- c:\program files\Ubisoft
2010-09-26 12:10 . 2009-12-16 07:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-26 10:46 . 2009-12-17 12:59 -------- d-----w- c:\program files\Steam
2010-09-25 16:18 . 2009-12-22 19:15 -------- d-----w- c:\users\MIKES\AppData\Roaming\Vso
2010-09-20 05:11 . 2009-12-17 15:24 -------- d-----w- c:\programdata\CanonIJPLM
2010-09-16 10:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-13 04:40 . 2009-12-17 16:20 -------- d-----w- c:\program files\uTorrent
2010-09-06 18:49 . 2010-08-26 10:56 -------- d-----w- c:\users\MIKES\AppData\Roaming\Cool Record Edit Pro
2010-09-06 14:25 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-06 14:25 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-06 14:25 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-06 14:25 . 2009-12-16 07:24 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-09-05 12:12 . 2010-04-17 15:39 -------- d-----w- c:\program files\Sony
2010-09-05 12:09 . 2010-04-17 15:39 -------- d-----w- c:\program files\Sony Setup
2010-09-05 11:18 . 2010-04-14 13:54 -------- d-----w- c:\users\MIKES\AppData\Roaming\Sony
2010-09-05 11:17 . 2010-04-14 15:27 -------- d-----w- c:\programdata\Sony
2010-09-01 11:14 . 2010-03-30 04:51 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-31 12:26 . 2010-08-31 11:08 -------- d-----w- c:\program files\2K Games
2010-08-31 11:14 . 2009-12-17 12:59 -------- d-----w- c:\program files\Common Files\Steam
2010-08-30 17:59 . 2010-08-30 17:59 -------- d-----w- c:\program files\Electronic Arts
2010-08-29 13:06 . 2010-08-29 13:06 -------- d-----w- c:\programdata\ATI
2010-08-29 13:03 . 2009-12-16 07:50 -------- d-----w- c:\program files\ATI
2010-08-29 13:03 . 2010-08-29 13:01 -------- d-----w- c:\program files\ATI Technologies
2010-08-27 10:45 . 2010-08-18 08:23 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-27 10:37 . 2010-08-27 10:37 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-27 10:37 . 2010-08-18 08:18 -------- d-----w- c:\programdata\DivX
2010-08-27 10:37 . 2010-08-18 08:19 -------- d-----w- c:\program files\DivX
2010-08-27 10:37 . 2010-08-27 10:37 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-27 10:36 . 2010-08-27 10:36 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-08-27 10:35 . 2010-08-27 10:35 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-08-27 10:14 . 2010-08-27 10:14 84063 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-08-27 10:11 . 2010-08-27 10:11 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-27 09:59 . 2010-08-27 10:38 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-08-27 09:59 . 2010-08-27 09:59 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-27 09:59 . 2010-08-18 08:22 1090856 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-08-27 09:59 . 2010-08-18 08:22 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-26 18:45 . 2010-08-26 18:45 -------- d-----w- c:\program files\Magic Bullet Looks Vegas
2010-08-26 18:45 . 2010-08-26 18:45 -------- d-----w- c:\program files\LooksBuilder
2010-08-26 10:56 . 2010-08-26 10:56 -------- d-----w- c:\program files\Cool Record Edit Pro
2010-08-24 06:14 . 2010-04-17 12:29 -------- d-----w- c:\program files\NuGardt Software
2010-08-23 11:10 . 2010-07-20 08:47 -------- d-----w- c:\program files\A1Click Ultra PC Cleaner
2010-08-22 14:21 . 2010-07-20 12:11 -------- d-----w- c:\programdata\Lavasoft
2010-08-22 14:19 . 2010-08-22 14:19 -------- d-----w- c:\program files\Lavasoft
2010-08-22 14:18 . 2010-02-02 20:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-22 14:09 . 2010-07-19 12:27 -------- d-----w- c:\users\MIKES\AppData\Roaming\Media Player Classic
2010-08-22 11:25 . 2010-08-22 11:25 -------- d-----w- c:\program files\Common Files\Java
2010-08-22 11:25 . 2010-07-03 13:16 -------- d-----w- c:\program files\Java
2010-08-22 10:56 . 2010-08-22 10:56 -------- d-----w- c:\program files\ESET
2010-08-22 10:52 . 2010-05-12 10:10 -------- d-----w- c:\programdata\Pinnacle
2010-08-19 16:21 . 2010-08-19 15:20 -------- d-----w- c:\program files\megui
2010-08-19 15:18 . 2010-03-02 20:08 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-19 11:26 . 2009-12-16 07:17 94488 ----a-w- c:\users\MIKES\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 08:24 . 2010-08-18 08:22 -------- d-----w- c:\users\MIKES\AppData\Roaming\DivX
2010-08-09 13:13 . 2009-12-17 12:48 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-09 12:34 . 2010-08-27 12:16 14336 ----a-w- c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
2010-08-07 12:42 . 2010-08-07 12:42 -------- d-----w- c:\program files\W3i, LLC
2010-08-07 12:42 . 2010-08-07 12:42 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-08-07 12:42 . 2010-08-07 12:42 -------- d-----w- c:\program files\Freeze.com
2010-08-07 09:03 . 2010-04-27 13:35 2473 ----a-w- c:\users\MIKES\AppData\Roaming\MathWorks\MATLAB\mcr_v77\LCEffects_868F71BA03203FCA99BCF24D07C649A2\compopts.bat
2010-08-06 15:02 . 2010-08-06 14:59 -------- d-----w- c:\program files\3DRipperDX1
2010-08-06 14:59 . 2010-07-14 09:21 -------- d-----w- c:\program files\3DRipperDX
2010-07-29 06:07 . 2010-07-29 06:07 107888 ------w- c:\windows\system32\CmdLineExt.dll
2010-07-20 12:15 . 2010-07-20 12:15 95024 ------w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-17 03:00 . 2010-07-03 13:17 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 08:00 . 2010-07-19 12:32 108032 ------w- c:\windows\system32\ff_vfw.dll
2010-07-09 19:04 . 2010-07-09 19:04 41872 ------w- c:\windows\system32\xfcodec.dll
2010-07-07 07:04 . 2009-12-17 13:30 413696 ------w- c:\windows\system32\wrap_oal.dll
2010-07-07 05:43 . 2010-07-07 05:43 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8D6E.tmp.exe
2010-07-06 14:45 . 2010-07-06 14:45 368640 ----a-w- c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
2010-07-06 04:23 . 2010-07-06 04:23 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDBE1.tmp.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-17 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-12 328568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IntelSWUpdateClient"="c:\program files\Intel\inteldh\common\SWUpdateClient.exe" [2008-07-16 129424]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2008-08-27 233588]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-11-16 307200]

c:\users\MIKES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 135664]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R2 pr2agmlb;Armed Assault Drivers Auto Removal (pr2agmlb);c:\windows\system32\pr2agmlb.exe svc [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-28 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-04-28 79360]
S0 ffire;FlashFire;c:\windows\system32\DRIVERS\ffirel.sys [2009-07-23 14336]
S0 pe3agmlb;Armed Assault Environment Driver (pe3agmlb);c:\windows\system32\drivers\pe3agmlb.sys [2007-06-04 65408]
S0 ps6agmlb;Armed Assault Synchronization Driver (ps6agmlb);c:\windows\system32\drivers\ps6agmlb.sys [2007-06-04 55688]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 95896]
S2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [2010-04-14 1648480]
S2 ME Services Manager;ME Services Manager;c:\program files\Intel\inteldh\msm\MSM.exe [2008-07-16 1628560]
S2 Software Services Manager;Software Services Manager;c:\program files\Intel\inteldh\common\IntelDHSvcMgr.exe [2008-07-16 51088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-11-21 220288]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 17408]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2010-04-12 131152]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-04-12 91216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 14:54]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 14:54]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - component: c:\users\MIKES\AppData\Roaming\Mozilla\Firefox\Profiles\6z5ko3tl.default\extensions\radiobar@toolbar\components\toolbarhomewmp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 19:34
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4744)
c:\program files\Xfire\xfire_toucan_43094.dll
.
Celkový čas: 2010-10-03 19:36:05
ComboFix-quarantined-files.txt 2010-10-03 17:36
ComboFix2.txt 2010-10-03 15:52
ComboFix3.txt 2010-10-03 12:22

Před spuštěním: Volných bajtů: 183 412 785 152
Po spuštění: Volných bajtů: 183 386 021 888

- - End Of File - - 26800E723098365D88A918D6D449BA8F

HJT- Pardon za ten minuli log , sem si nevsimnul ze mi to hodilo ten sami log tak sem musel otevrit ten novi v HJT slozce

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:44:54, on 3.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\inteldh\common\SWUpdateClient.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IntelSWUpdateClient] C:\Program Files\Intel\inteldh\common\SWUpdateClient.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Con. Management Engine Local Manageability Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: ME Services Manager - Intel(R) Corporation - C:\Program Files\Intel\inteldh\msm\MSM.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Armed Assault Drivers Auto Removal (pr2agmlb) (pr2agmlb) - Bohemia Interactive - C:\Windows\system32\pr2agmlb.exe
O23 - Service: Software Services Manager - Intel(R) Corporation - C:\Program Files\Intel\inteldh\common\IntelDHSvcMgr.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8964 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Napiš , jak je to s vytížením CPU a RAM..

[Mikros]

S cpu je to uz dobre ale ram je furt okolo 40% .

[jaro3]

Já mám 47% RAM , CPU 4%,

Jestli ale chceš , tak se na to ještě mrknem..

Stáhni AVP Tools
na svojí plochu.

Zaškrtni :
Hidden startup objels
System Memory
Disk boot sectors
Dokumenty
My email
Počítač
Místní disk C
Místní disk D
Jednotka DVD-Rom (E)
Jednotka BD-ROM (G)

System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Pokračuj podle instrukcí.Na konci se objeví textový soubor , který si hned ulož (save log) na svojí plochu pod názvem KAS.txt .Poté sem vlož celý obsah toho logu.