PC-HELP.CZ

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:34:12, on 19.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Martin\AppData\Local\Temp\Bbt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Martin\Desktop\programy na opravu\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Users\Martin\AppData\Local\Temp\sshnas21.dll,GetHandle
O4 - HKCU\..\Run: [ZE18MW23GY] C:\Users\Martin\AppData\Local\Temp\Bbr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by Arles Download Manager - C:\Users\Martin\AppData\Local\Ariel Download Manager\DownloadManager.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: &Stáhnout s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Stáhnout vše s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hlede&j v ČR - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v &encyklopedii - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5108
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Hledej ve &zboží - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5107
O9 - Extra button: FreshDownload - {1A35AEC0-FB54-4D4C-AD57-753CBD827642} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - https://download.seznam.cz/listicka/toolbar2007.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7846458448
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2320768265
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - http://www.spszr.cz/~blazicek/Vypocty/S ... cntrls.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.113.207.238/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\antiviry\Spyware Terminator\sp_rsser.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 10060 bytes

Diky moc

Ahoj,

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

Nevim proč mi hlasi spusteny avast 4.7, kdyz mam Avast 5, ale ten sem vypnul

log z Combofixu

ComboFix 10-08-18.04 - Martin 20.08.2010 6:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1307 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: avast! antivirus 4.7.1098 [VPS 081224-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\49b8f7fb.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4bcb0bde.torrent
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose - 2009.03.10 00.48.51.log
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_CZE\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\flashger21101188cz.zip
c:\program files\FlashGet Network\FlashGet universal\Langs\Read_me.txt
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction - 2009.03.10 00.48.51.log
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
C:\Thumbs.db
c:\users\Martin\AppData\Roaming\BITS
c:\users\Martin\AppData\Roaming\BITS\BITS.ini
c:\users\Martin\AppData\Roaming\BITS\DHTTable.dat
c:\users\Martin\AppData\Roaming\BITS\ProxyList.ini
c:\users\Martin\AppData\Roaming\BITS\Torrent\20090312125435.torrent.hybridlist
c:\users\Martin\AppData\Roaming\BITS\Torrent\20100418154046.torrent
c:\users\Martin\AppData\Roaming\BITS\Torrent\20100418154046.torrent.~tmp
c:\users\Martin\AppData\Roaming\BITS\Torrent\20100418154046.torrent.bits
c:\users\Martin\AppData\Roaming\BITS\Torrent\20100418154046.torrent.filelist
c:\users\Martin\AppData\Roaming\BITS\Torrent\20100418154046.torrent.seeds
c:\users\Martin\AppData\Roaming\BITS\Torrent\20100813000536.torrent
c:\users\Martin\AppData\Roaming\BITS\Torrent\20100813000536.torrent.~tmp
c:\users\Martin\AppData\Roaming\BITS\Torrent\20100813000536.torrent.bits
c:\users\Martin\AppData\Roaming\BITS\Torrent\20100813000536.torrent.filelist
c:\users\Martin\AppData\Roaming\BITS\Torrent\20100813000536.torrent.seeds
c:\users\Martin\AppData\Roaming\Desktopicon
c:\users\Martin\AppData\Roaming\Desktopicon\config.ini
c:\windows\system32\Thumbs.db
c:\windows\system32\win32.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-20 do 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-20 04:44 . 2010-08-20 04:44 -------- d-----w- c:\users\Martin\AppData\Local\temp
2010-08-20 04:44 . 2010-08-20 04:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-19 18:47 . 2010-08-19 19:34 -------- d-----w- c:\program files\trend micro
2010-08-19 18:47 . 2010-08-19 18:47 -------- d-----w- C:\rsit
2010-07-28 12:21 . 2010-07-28 12:21 -------- d-----w- c:\programdata\WindowsSearch
2010-07-23 20:04 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-23 20:04 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-23 20:04 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-23 20:04 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-23 20:04 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-23 20:04 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-07-23 20:01 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 04:32 . 2010-02-06 19:59 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-19 18:50 . 2008-01-21 06:46 601848 ----a-w- c:\windows\system32\perfh005.dat
2010-08-19 18:50 . 2008-01-21 06:46 115976 ----a-w- c:\windows\system32\perfc005.dat
2010-08-17 20:22 . 2009-01-13 21:49 -------- d-----w- c:\users\Martin\AppData\Roaming\Spyware Terminator
2010-08-17 20:22 . 2009-01-13 21:49 -------- d-----w- c:\programdata\Spyware Terminator
2010-08-17 18:09 . 2009-01-13 21:51 -------- d-----w- c:\program files\WinClamAVShield
2010-08-11 21:59 . 2010-05-16 18:40 -------- d-----w- c:\program files\Ubisoft
2010-08-11 21:59 . 2008-09-16 10:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-11 15:18 . 2009-02-12 16:09 -------- d-----w- c:\program files\Valve
2010-08-05 13:01 . 2008-12-29 19:23 -------- d-----w- c:\program files\CCleaner
2010-08-02 12:30 . 2009-03-10 09:27 -------- d-----w- c:\program files\ICQ6.5
2010-07-28 15:32 . 2010-05-16 19:06 -------- d-----w- c:\users\Martin\AppData\Roaming\Ubisoft
2010-07-28 15:32 . 2010-05-16 18:48 -------- d-----w- c:\programdata\Ubisoft
2010-07-23 20:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-16 09:39 . 2008-12-24 20:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-11 14:53 . 2010-04-28 20:12 -------- d-----w- c:\program files\Activision
2010-07-07 12:24 . 2008-12-24 20:09 -------- d-----w- c:\users\Martin\AppData\Roaming\ICQ
2010-07-07 02:29 . 2010-07-07 02:29 5882368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55 15461888 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2010-07-07 01:54 513024 ----a-w- c:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2010-07-07 01:46 3826688 ----a-w- c:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-07-07 01:28 3975680 ----a-w- c:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27 4323840 ----a-w- c:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2010-07-07 01:24 50176 ----a-w- c:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23 3058688 ----a-w- c:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 16896 ----a-w- c:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 210944 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2010-07-07 01:14 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-07-07 01:14 22528 ----a-w- c:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-07-07 01:14 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-07-07 01:14 . 2010-07-07 01:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-06-30 06:53 . 2010-06-30 06:53 -------- d-----w- c:\users\Martin\AppData\Roaming\MapSphere
2010-06-28 20:57 . 2010-06-29 08:15 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-12-24 20:38 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-12-24 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-12-24 22:52 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-12-24 20:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-12-24 20:38 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2008-12-24 22:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-21 10:42 . 2010-06-20 18:35 -------- d-----w- c:\program files\rajce
2010-06-15 22:28 . 2010-06-15 22:28 2857 ----a-w- c:\windows\system32\atipblag.dat
2010-05-26 17:06 . 2010-07-23 20:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-07-23 20:02 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-07-25 08:31 . 2009-04-23 08:52 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-13 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0d,03,7a,a7,26,9a,ca,01

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 133104]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-29 691696]
S1 aswSP;aswSP; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-01-13 142592]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2007-04-26 537520]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-08-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-03 08:10]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0e315b816c50.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 15:33]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 15:33]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612676331-3756743748-4174905326-1000Core1cb0e31542db0d0.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-13 16:19]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612676331-3756743748-4174905326-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-13 16:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
uInternet Settings,ProxyOverride = *.local
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by Arles Download Manager - c:\users\Martin\AppData\Local\Ariel Download Manager\DownloadManager.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: {{1A35AEC0-FB54-4D4C-AD57-753CBD827642} - c:\program files\FreshDevices\FreshDownload\fd.exe
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxps://download.seznam.cz/listicka/toolbar2007.cab
DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} - hxxp://www.spszr.cz/~blazicek/Vypocty/S ... cntrls.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://195.113.207.238/activex/AMC.cab
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\u00iee8t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\components\flashgetXpi.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Martin\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Martin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-fsm - (no file)
AddRemove-FlashGet 2.0 - c:\program files\FlashGet Network\FlashGet universal\uninst.exe

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2612676331-3756743748-4174905326-1000_Classes\CLSID\{27486504-ae37-4d01-9fda-c4d6e51ed01f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000043
"Therad"=dword:0000001b

[HKEY_USERS\S-1-5-21-2612676331-3756743748-4174905326-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):bb,1d,02,be,d7,4c,d9,d8,4c,5f,f5,45,2d,fc,9c,7f,c0,88,5d,29,0f,
f4,37,9d,1a,32,1c,85,cd,0e,75,53,0d,a3,91,6c,c7,ba,4f,5f,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-08-20 06:46:39
ComboFix-quarantined-files.txt 2010-08-20 04:46

Před spuštěním: Volných bajtů: 57 183 690 752
Po spuštění: Volných bajtů: 57 168 080 896

- - End Of File - - 327DE82473802FE6A5B09F4C7F71BD75

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Odinstaluj:
Spyware Terminator
SweetIM\Toolbars

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
SecCenter::
AV: avast! antivirus 4.7.1098 [VPS 081224-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

File::
c:\windows\bthservsdp.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\perfc005.dat

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"=- 
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=- 

RegLock::
[HKEY_USERS\S-1-5-21-2612676331-3756743748-4174905326-1000_Classes\CLSID\{27486504-ae37-4d01-9fda-c4d6e51ed01f}]
[HKEY_USERS\S-1-5-21-2612676331-3756743748-4174905326-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

+
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Budeme tady až večer.

po tomhle procesu mi nejde spustit internetovy prohlizec normalnim zpusobem, pouze jako spravce, hlasi mi to jako Pokus
použít neplatnou operaci na klíč registru, který je označen pro odstranění.

log z ComboFixu

ComboFix 10-08-19.02 - Martin 21.08.2010 10:51:06.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1127 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\bthservsdp.dat"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\bthservsdp.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-21 do 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-21 08:56 . 2010-08-21 08:58 -------- d-----w- c:\users\Martin\AppData\Local\temp
2010-08-19 18:47 . 2010-08-19 19:34 -------- d-----w- c:\program files\trend micro
2010-08-19 18:47 . 2010-08-19 18:47 -------- d-----w- C:\rsit
2010-07-28 12:21 . 2010-07-28 12:21 -------- d-----w- c:\programdata\WindowsSearch
2010-07-23 20:04 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-23 20:04 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-23 20:04 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-23 20:04 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-23 20:04 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-23 20:04 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-07-23 20:01 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 08:40 . 2009-02-13 11:50 -------- d-----w- c:\program files\SweetIM
2010-08-21 07:44 . 2009-01-13 21:34 -------- d-----w- c:\program files\antiviry
2010-08-11 21:59 . 2010-05-16 18:40 -------- d-----w- c:\program files\Ubisoft
2010-08-11 21:59 . 2008-09-16 10:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-11 15:18 . 2009-02-12 16:09 -------- d-----w- c:\program files\Valve
2010-08-05 13:01 . 2008-12-29 19:23 -------- d-----w- c:\program files\CCleaner
2010-08-02 12:30 . 2009-03-10 09:27 -------- d-----w- c:\program files\ICQ6.5
2010-07-28 15:32 . 2010-05-16 19:06 -------- d-----w- c:\users\Martin\AppData\Roaming\Ubisoft
2010-07-28 15:32 . 2010-05-16 18:48 -------- d-----w- c:\programdata\Ubisoft
2010-07-23 20:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-16 09:39 . 2008-12-24 20:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-11 14:53 . 2010-04-28 20:12 -------- d-----w- c:\program files\Activision
2010-07-07 12:24 . 2008-12-24 20:09 -------- d-----w- c:\users\Martin\AppData\Roaming\ICQ
2010-07-07 02:29 . 2010-07-07 02:29 5882368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55 15461888 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2010-07-07 01:54 513024 ----a-w- c:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2010-07-07 01:46 3826688 ----a-w- c:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-07-07 01:28 3975680 ----a-w- c:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27 4323840 ----a-w- c:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2010-07-07 01:24 50176 ----a-w- c:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23 3058688 ----a-w- c:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 16896 ----a-w- c:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 210944 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2010-07-07 01:14 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-07-07 01:14 22528 ----a-w- c:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-07-07 01:14 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-07-07 01:14 . 2010-07-07 01:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-06-30 06:53 . 2010-06-30 06:53 -------- d-----w- c:\users\Martin\AppData\Roaming\MapSphere
2010-06-28 20:57 . 2010-06-29 08:15 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-12-24 20:38 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-12-24 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-12-24 22:52 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-12-24 20:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-12-24 20:38 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2008-12-24 22:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-15 22:28 . 2010-06-15 22:28 2857 ----a-w- c:\windows\system32\atipblag.dat
2010-05-26 17:06 . 2010-07-23 20:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-07-23 20:02 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-07-25 08:31 . 2009-04-23 08:52 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-13 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0d,03,7a,a7,26,9a,ca,01

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 133104]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-29 691696]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2007-04-26 537520]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-08-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-03 08:10]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0e315b816c50.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 15:33]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 15:33]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612676331-3756743748-4174905326-1000Core1cb0e31542db0d0.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-13 16:19]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612676331-3756743748-4174905326-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-13 16:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
uInternet Settings,ProxyOverride = *.local
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by Arles Download Manager - c:\users\Martin\AppData\Local\Ariel Download Manager\DownloadManager.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: {{1A35AEC0-FB54-4D4C-AD57-753CBD827642} - c:\program files\FreshDevices\FreshDownload\fd.exe
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxps://download.seznam.cz/listicka/toolbar2007.cab
DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} - hxxp://www.spszr.cz/~blazicek/Vypocty/S ... cntrls.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://195.113.207.238/activex/AMC.cab
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\u00iee8t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\components\flashgetXpi.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Martin\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Martin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 10:58
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2010-08-21 11:03:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-21 09:03
ComboFix2.txt 2010-08-20 04:46

Před spuštěním: Volných bajtů: 55 449 489 408
Po spuštění: Volných bajtů: 55 065 833 472

Current=1 Default=1 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - D8969942762C3922234767E7BEF5A3EF

normalnim zpusobem nemuzu zapnout zadny program nebo aplikaci, pouze lze spustit jako spravce

zde log z mbam:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4456

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

21.8.2010 11:17:54
mbam-log-2010-08-21 (11-17-54).txt

Typ skenu: Rychlý sken
Skenované objekty: 134695
Uplynulý čas: 4 minuta(y), 15 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Nepíšeš jaký prohlížeč.

Zkus párkrát restartovat PC. Jinak bude třeba povolit prohlížeč ve firewallu ( pokud se nejedná o IE). Platí i pro jiné programy.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

+info o chování PC.

po 2. restartování se uz všechno spouští normalne...

log z mbam:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4456

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

21.8.2010 18:53:11
mbam-log-2010-08-21 (18-53-11).txt

Typ skenu: Rychlý sken
Skenované objekty: 135177
Uplynulý čas: 4 minuta(y), 12 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 3
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\10DPP6O2VE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

log z Combofixu:

ComboFix 10-08-19.02 - Martin 21.08.2010 19:04:07.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1210 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-07-21 do 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-21 17:09 . 2010-08-21 17:09 -------- d-----w- c:\users\Martin\AppData\Local\temp
2010-08-21 17:09 . 2010-08-21 17:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-21 17:09 . 2010-08-21 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-21 09:11 . 2010-08-21 09:11 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2010-08-21 09:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 09:11 . 2010-08-21 09:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 09:11 . 2010-08-21 09:11 -------- d-----w- c:\programdata\Malwarebytes
2010-08-21 09:11 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-19 18:47 . 2010-08-19 19:34 -------- d-----w- c:\program files\trend micro
2010-08-19 18:47 . 2010-08-19 18:47 -------- d-----w- C:\rsit
2010-07-28 12:21 . 2010-07-28 12:21 -------- d-----w- c:\programdata\WindowsSearch
2010-07-23 20:04 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-23 20:04 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-23 20:04 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-23 20:04 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-23 20:04 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-07-23 20:04 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-07-23 20:01 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 08:40 . 2009-02-13 11:50 -------- d-----w- c:\program files\SweetIM
2010-08-21 07:44 . 2009-01-13 21:34 -------- d-----w- c:\program files\antiviry
2010-08-11 21:59 . 2010-05-16 18:40 -------- d-----w- c:\program files\Ubisoft
2010-08-11 21:59 . 2008-09-16 10:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-11 15:18 . 2009-02-12 16:09 -------- d-----w- c:\program files\Valve
2010-08-05 13:01 . 2008-12-29 19:23 -------- d-----w- c:\program files\CCleaner
2010-08-02 12:30 . 2009-03-10 09:27 -------- d-----w- c:\program files\ICQ6.5
2010-07-28 15:32 . 2010-05-16 19:06 -------- d-----w- c:\users\Martin\AppData\Roaming\Ubisoft
2010-07-28 15:32 . 2010-05-16 18:48 -------- d-----w- c:\programdata\Ubisoft
2010-07-23 20:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-16 09:39 . 2008-12-24 20:45 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-11 14:53 . 2010-04-28 20:12 -------- d-----w- c:\program files\Activision
2010-07-07 12:24 . 2008-12-24 20:09 -------- d-----w- c:\users\Martin\AppData\Roaming\ICQ
2010-07-07 02:29 . 2010-07-07 02:29 5882368 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-07-07 01:55 . 2010-07-07 01:55 15461888 ----a-w- c:\windows\system32\atioglxx.dll
2010-07-07 01:54 . 2010-07-07 01:54 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-07-07 01:54 . 2010-07-07 01:54 513024 ----a-w- c:\windows\system32\aticfx32.dll
2010-07-07 01:51 . 2010-07-07 01:51 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-07-07 01:51 . 2010-07-07 01:51 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-07-07 01:50 . 2010-07-07 01:50 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-07-07 01:49 . 2010-07-07 01:49 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-07-07 01:49 . 2010-07-07 01:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-07-07 01:49 . 2010-07-07 01:49 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-07-07 01:49 . 2010-07-07 01:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-07-07 01:46 . 2010-07-07 01:46 3826688 ----a-w- c:\windows\system32\atidxx32.dll
2010-07-07 01:29 . 2010-07-07 01:29 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-07-07 01:29 . 2010-07-07 01:29 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-07-07 01:28 . 2010-07-07 01:28 3975680 ----a-w- c:\windows\system32\atiumdag.dll
2010-07-07 01:27 . 2010-07-07 01:27 4323840 ----a-w- c:\windows\system32\aticaldd.dll
2010-07-07 01:24 . 2010-07-07 01:24 50176 ----a-w- c:\windows\system32\coinst.dll
2010-07-07 01:23 . 2010-07-07 01:23 3058688 ----a-w- c:\windows\system32\atiumdva.dll
2010-07-07 01:16 . 2010-07-07 01:16 237568 ----a-w- c:\windows\system32\atiadlxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 16896 ----a-w- c:\windows\system32\atigktxx.dll
2010-07-07 01:15 . 2010-07-07 01:15 210944 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-07-07 01:14 . 2010-07-07 01:14 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-07-07 01:14 . 2010-07-07 01:14 22528 ----a-w- c:\windows\system32\atiu9pag.dll
2010-07-07 01:14 . 2010-07-07 01:14 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-07-07 01:14 . 2010-07-07 01:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-07-07 01:11 . 2010-07-07 01:11 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-06-30 06:53 . 2010-06-30 06:53 -------- d-----w- c:\users\Martin\AppData\Roaming\MapSphere
2010-06-28 20:57 . 2010-06-29 08:15 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-12-24 20:38 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-12-24 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-12-24 22:52 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-12-24 20:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-12-24 20:38 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2008-12-24 22:52 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-15 22:28 . 2010-06-15 22:28 2857 ----a-w- c:\windows\system32\atipblag.dat
2010-05-26 17:06 . 2010-07-23 20:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-07-23 20:02 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-07-25 08:31 . 2009-04-23 08:52 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-13 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0d,03,7a,a7,26,9a,ca,01

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 133104]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-01-29 691696]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2007-04-26 537520]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-08-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-03 08:10]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0e315b816c50.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 15:33]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 15:33]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612676331-3756743748-4174905326-1000Core1cb0e31542db0d0.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-13 16:19]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2612676331-3756743748-4174905326-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-13 16:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz
uInternet Settings,ProxyOverride = *.local
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by Arles Download Manager - c:\users\Martin\AppData\Local\Ariel Download Manager\DownloadManager.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Přelož do češtiny - c:\program files\Seznam\Listicka\Toolbar.dll/5034
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Hlede&j v ČR - c:\program files\Seznam\Listicka\Toolbar.dll/5033
IE: Hledej v &encyklopedii - c:\program files\Seznam\Listicka\Toolbar.dll/5108
IE: Hledej ve &světě - c:\program files\Seznam\Listicka\Toolbar.dll/5035
IE: Hledej ve &zboží - c:\program files\Seznam\Listicka\Toolbar.dll/5107
IE: {{1A35AEC0-FB54-4D4C-AD57-753CBD827642} - c:\program files\FreshDevices\FreshDownload\fd.exe
DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} - hxxps://download.seznam.cz/listicka/toolbar2007.cab
DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} - hxxp://www.spszr.cz/~blazicek/Vypocty/S ... cntrls.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://195.113.207.238/activex/AMC.cab
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\u00iee8t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\components\flashgetXpi.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Martin\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Martin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 19:09
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-08-21 19:11:57
ComboFix-quarantined-files.txt 2010-08-21 17:11
ComboFix2.txt 2010-08-21 09:03
ComboFix3.txt 2010-08-20 04:46

Před spuštěním: Volných bajtů: 51 502 321 664
Po spuštění: Volných bajtů: 51 452 166 144

- - End Of File - - A60611464290FD5EB0F4306D8662D28D

a log z HJT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Martin at 2010-08-21 19:13:47
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 49 GB (16%) free of 305 GB
Total RAM: 2047 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:13:49, on 21.8.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Martin\Desktop\programy na opravu--- NESAHAT !!!!\RSIT.exe
C:\Program Files\trend micro\Martin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Seznam Lištička - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Listicka\Toolbar.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by Arles Download Manager - C:\Users\Martin\AppData\Local\Ariel Download Manager\DownloadManager.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5034
O8 - Extra context menu item: &Stáhnout s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Stáhnout vše s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hlede&j v ČR - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5033
O8 - Extra context menu item: Hledej v &encyklopedii - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5108
O8 - Extra context menu item: Hledej ve &světě - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5035
O8 - Extra context menu item: Hledej ve &zboží - res://C:\Program Files\Seznam\Listicka\Toolbar.dll/5107
O9 - Extra button: FreshDownload - {1A35AEC0-FB54-4D4C-AD57-753CBD827642} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - https://download.seznam.cz/listicka/toolbar2007.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7846458448
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2320768265
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} (Ikonic Button Control) - http://www.spszr.cz/~blazicek/Vypocty/S ... cntrls.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.113.207.238/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 8521 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0e315b816c50.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2612676331-3756743748-4174905326-1000Core1cb0e31542db0d0.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2612676331-3756743748-4174905326-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-10-25 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B71B15CE-3093-459C-B764-AEB2486F2273} - &Seznam Lištička - C:\Program Files\Seznam\Listicka\Toolbar.dll [2007-11-04 793960]
{ED0E8CA5-42FB-4B18-997B-769E0408E79D}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-11-12 6687264]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"Google Update"=C:\Users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-13 133104]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-08-21 19:11:59 ----D---- C:\Windows\temp
2010-08-21 19:11:57 ----A---- C:\ComboFix.txt
2010-08-21 19:11:31 ----SHD---- C:\$RECYCLE.BIN
2010-08-21 18:59:44 ----D---- C:\ComboFix
2010-08-21 18:59:28 ----A---- C:\Windows\SWXCACLS.exe
2010-08-21 12:00:25 ----ASH---- C:\hiberfil.sys
2010-08-21 11:11:51 ----D---- C:\Users\Martin\AppData\Roaming\Malwarebytes
2010-08-21 11:11:45 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-21 11:11:44 ----D---- C:\ProgramData\Malwarebytes
2010-08-21 11:11:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-21 11:11:44 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-20 06:34:02 ----A---- C:\Windows\zip.exe
2010-08-20 06:34:02 ----A---- C:\Windows\SWSC.exe
2010-08-20 06:34:02 ----A---- C:\Windows\SWREG.exe
2010-08-20 06:34:02 ----A---- C:\Windows\sed.exe
2010-08-20 06:34:02 ----A---- C:\Windows\PEV.exe
2010-08-20 06:34:02 ----A---- C:\Windows\NIRCMD.exe
2010-08-20 06:34:02 ----A---- C:\Windows\MBR.exe
2010-08-20 06:34:02 ----A---- C:\Windows\grep.exe
2010-08-20 06:33:50 ----D---- C:\Windows\ERDNT
2010-08-20 06:29:30 ----D---- C:\Qoobox
2010-08-19 20:47:40 ----D---- C:\rsit
2010-08-19 20:47:40 ----D---- C:\Program Files\trend micro
2010-08-18 22:50:11 ----A---- C:\Windows\ntbtlog.txt
2010-07-28 17:30:53 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-07-28 17:30:53 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-07-28 17:30:53 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-07-28 17:30:50 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-07-28 17:30:49 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-07-28 17:30:49 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-07-28 17:30:49 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-07-28 17:30:49 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-07-28 17:30:48 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-07-28 17:30:48 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-07-28 17:30:48 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-07-28 17:30:48 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-07-28 17:30:48 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-07-28 17:30:48 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-07-28 17:30:47 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-07-28 17:30:47 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-07-28 17:30:47 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-07-28 17:30:46 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-07-28 17:30:46 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-07-28 17:30:46 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-07-28 14:21:19 ----D---- C:\ProgramData\WindowsSearch
2010-07-23 22:04:51 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-07-23 22:04:51 ----A---- C:\Windows\system32\PresentationHost.exe
2010-07-23 22:04:51 ----A---- C:\Windows\system32\netfxperf.dll
2010-07-23 22:04:51 ----A---- C:\Windows\system32\mscoree.dll
2010-07-23 22:04:51 ----A---- C:\Windows\system32\dfshim.dll
2010-07-23 22:04:35 ----A---- C:\Windows\system32\browserchoice.exe
2010-07-23 22:02:46 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-07-23 22:02:45 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-07-23 22:02:31 ----A---- C:\Windows\system32\mshtml.dll
2010-07-23 22:02:30 ----A---- C:\Windows\system32\iertutil.dll
2010-07-23 22:02:30 ----A---- C:\Windows\system32\ieframe.dll
2010-07-23 22:02:29 ----A---- C:\Windows\system32\wininet.dll
2010-07-23 22:02:29 ----A---- C:\Windows\system32\urlmon.dll
2010-07-23 22:02:28 ----A---- C:\Windows\system32\occache.dll
2010-07-23 22:02:28 ----A---- C:\Windows\system32\mstime.dll
2010-07-23 22:02:28 ----A---- C:\Windows\system32\msfeeds.dll
2010-07-23 22:02:28 ----A---- C:\Windows\system32\ieui.dll
2010-07-23 22:02:28 ----A---- C:\Windows\system32\iedkcs32.dll
2010-07-23 22:02:27 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-07-23 22:02:27 ----A---- C:\Windows\system32\jsproxy.dll
2010-07-23 22:02:27 ----A---- C:\Windows\system32\ieUnatt.exe
2010-07-23 22:02:27 ----A---- C:\Windows\system32\iesysprep.dll
2010-07-23 22:02:27 ----A---- C:\Windows\system32\iepeers.dll
2010-07-23 22:02:24 ----A---- C:\Windows\system32\msfeedssync.exe
2010-07-23 22:02:24 ----A---- C:\Windows\system32\iesetup.dll
2010-07-23 22:02:24 ----A---- C:\Windows\system32\iernonce.dll
2010-07-23 22:02:24 ----A---- C:\Windows\system32\ie4uinit.exe
2010-07-23 22:02:22 ----A---- C:\Windows\system32\asycfilt.dll
2010-07-23 22:02:21 ----A---- C:\Windows\system32\atmfd.dll
2010-07-23 22:02:20 ----A---- C:\Windows\system32\atmlib.dll
2010-07-23 22:02:13 ----A---- C:\Windows\system32\tzres.dll
2010-07-23 22:01:48 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 months======

2010-08-21 19:13:49 ----D---- C:\Windows\Prefetch
2010-08-21 19:11:59 ----D---- C:\Windows
2010-08-21 19:09:51 ----A---- C:\Windows\system.ini
2010-08-21 19:07:16 ----D---- C:\Windows\system32\drivers
2010-08-21 19:07:16 ----D---- C:\Windows\System32
2010-08-21 19:07:16 ----D---- C:\Windows\AppPatch
2010-08-21 19:07:15 ----D---- C:\Program Files\Common Files
2010-08-21 18:30:25 ----D---- C:\Windows\Tasks
2010-08-21 11:11:44 ----RD---- C:\Program Files
2010-08-21 11:11:44 ----D---- C:\ProgramData
2010-08-21 10:57:58 ----D---- C:\Windows\system32\drivers\etc
2010-08-21 10:50:32 ----D---- C:\Windows\system32\catroot2
2010-08-21 10:40:36 ----SHD---- C:\Windows\Installer
2010-08-21 10:40:36 ----D---- C:\Program Files\SweetIM
2010-08-21 10:40:13 ----SHD---- C:\System Volume Information
2010-08-21 10:23:10 ----D---- C:\Windows\system32\Tasks
2010-08-21 09:44:03 ----D---- C:\Program Files\antiviry
2010-08-20 17:20:57 ----D---- C:\Windows\Minidump
2010-08-20 13:04:18 ----D---- C:\Windows\system32\WDI
2010-08-19 20:50:55 ----D---- C:\Windows\inf
2010-08-19 20:50:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-16 17:04:51 ----D---- C:\temp
2010-08-13 18:47:13 ----D---- C:\Windows\system32\catroot
2010-08-11 23:59:27 ----D---- C:\Program Files\Ubisoft
2010-08-11 23:59:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-11 17:18:07 ----D---- C:\Program Files\Valve
2010-08-05 15:01:02 ----D---- C:\Program Files\CCleaner
2010-08-05 14:59:10 ----D---- C:\Program Files\Mozilla Firefox
2010-08-02 14:30:49 ----D---- C:\Program Files\ICQ6.5
2010-07-28 17:32:52 ----D---- C:\Users\Martin\AppData\Roaming\Ubisoft
2010-07-28 17:32:52 ----D---- C:\ProgramData\Ubisoft
2010-07-28 17:30:39 ----RSD---- C:\Windows\assembly
2010-07-25 12:14:18 ----D---- C:\Windows\Debug
2010-07-23 22:29:48 ----D---- C:\Windows\rescache
2010-07-23 22:23:17 ----D---- C:\Windows\winsxs
2010-07-23 22:14:58 ----D---- C:\Windows\Microsoft.NET
2010-07-23 22:12:23 ----D---- C:\Windows\LiveKernelReports
2010-07-23 22:10:01 ----D---- C:\Windows\system32\cs-CZ
2010-07-23 22:10:01 ----D---- C:\Windows\ehome
2010-07-23 22:10:01 ----D---- C:\Program Files\Windows Mail
2010-07-23 22:10:01 ----D---- C:\Program Files\Internet Explorer
2010-07-23 22:10:00 ----D---- C:\Windows\system32\wbem
2010-07-23 22:10:00 ----D---- C:\Windows\system32\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 23376]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 165456]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 46672]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
R3 catchme;catchme; \??\C:\Users\Martin\AppData\Local\Temp\catchme.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-11-11 2236512]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-11-11 154272]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys []
S0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 3xHybrid;3xHybrid service; C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\system32\DRIVERS\vbtenum.sys []
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 mbr;mbr; \??\C:\Users\Martin\AppData\Local\Temp\mbr.sys []
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 winusb;Ovladač WinUsb; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-29 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-07-07 176128]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 lxbk_device;lxbk_device; C:\Windows\system32\lxbkcoms.exe [2007-04-26 537520]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-25 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-02 194032]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

opet po ComboFixu musim vše spouštět jako spravce... take se mi zmenšily všechny ikony na miniatury ... zkusim restartovat

všechno lze normalne spoustet, ale mam nejak podelany zobrazeni monitoru.... pri spousteni PC je videt jak je obraz posunuty u her to samy... jen plocha je zobrazena normalne... ikony mam furt miniaturni

zkus to potom ještě restartovat , jinak proveď velikost ikon sám.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast, či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast či Microsoft Security Essentials

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file)
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: FreshDownload - {1A35AEC0-FB54-4D4C-AD57-753CBD827642} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7846458448
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2320768265
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.113.207.238/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

PC-HELP.CZ

Prosim o kontrolu logu*

Prosim o kontrolu logu*

Re: Prosim o kontrolu blogu

Re: Prosim o kontrolu blogu

Re: Prosim o kontrolu blogu

Re: Prosim o kontrolu blogu

Re: Prosim o kontrolu blogu

Re: Prosim o kontrolu blogu

Re: Prosim o kontrolu blogu

Re: Prosim o kontrolu blogu

Re: Prosim o kontrolu blogu

Re: Prosim o kontrolu blogu

Re: Prosim o kontrolu logu*