prosím o kontrolu logu Vyřešeno

[Tavare]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:13:25, on 29.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Users\Orinoco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orinoco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orinoco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orinoco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orinoco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Orinoco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orinoco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orinoco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orinoco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orinoco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orinoco\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Orinoco\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files\Acer Bio Protection\BASVC.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 6515 bytes

[Reklama]

[Žbeky]

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Tavare]

přidávám log MWAV


Soubor C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP348F.tmp\System.Drawing.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1604-0\System.Speech.dll je infikovaný virem Exe.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.

[memphisto]

Proč MWAV? Máš dát Mbam

[Tavare]

tak tady Mbam :)


Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org

Verze databáze: 7608

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30.8.2011 8:35:10
mbam-log-2011-08-30 (08-35-10).txt

Typ: Rychlá kontrola
Kontrolované objekty: 199221
Uplynulý čas: 7 minut, 36 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[jaro3]

Nákazy z MWAV smaž.

Jsou nějaké problémy??

[Tavare]

nejde zvuk, zkusil jsem nahodit nové ovladače a ani to nepomohlo, dále explorer.exe zamrzá a musím restartovat systém, dále se mi nedaří nainstalovat určité programy- INSTALAČNÍ SLUŽBA WINDOWS SELHALA :(

[Tavare]

přidávám log combofix:


ComboFix 11-08-30.01 - Orinoco 30.08.2011 14:23:21.2.2 - x86
Spuštěný z: c:\users\Orinoco\Desktop\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\6AF
c:\programdata\6AF\{5989BEA2-DA59-4873-8E6A-C84952D26319}.swf
c:\users\Orinoco\AppData\Roaming\inst.exe
c:\users\Orinoco\AppData\Roaming\Mikrotik
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\advtool.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\advtool.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\dhcp.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\dhcp.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\hotspot.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\hotspot.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\mpls.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\mpls.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\ppp.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\ppp.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\rb.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\rb.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\roteros.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\roteros.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\roting4.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\roting4.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\secure.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\secure.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\sync.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\sync.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\system.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\system.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\ups.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\ups.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\wlan4.crc
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\wlan4.dll
c:\users\Orinoco\AppData\Roaming\Mikrotik\Winbox\winbox.cfg
c:\users\Orinoco\AppData\Roaming\Splash PRO.exe
c:\users\Pipa\AppData\Roaming\Mikrotik
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\advtool.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\advtool.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\dhcp.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\dhcp.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\hotspot.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\hotspot.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\mpls.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\mpls.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\ppp.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\ppp.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\rb.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\rb.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\roteros.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\roteros.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\roting4.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\roting4.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\secure.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\secure.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\sync.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\sync.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\system.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\system.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\ups.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\ups.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\wlan4.crc
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\5.0rc11-3658438857\wlan4.dll
c:\users\Pipa\AppData\Roaming\Mikrotik\Winbox\winbox.cfg
c:\users\Public\7z465.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2011-08-30 06:54 . 2011-08-30 06:54 -------- d-----w- c:\windows\system32\RTCOM
2011-08-30 06:54 . 2011-07-27 22:54 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-08-30 06:54 . 2009-11-18 16:42 1783056 ----a-w- c:\windows\system32\WavesLib.dll
2011-08-30 06:54 . 2009-11-24 07:55 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2011-08-30 06:54 . 2009-11-24 07:55 185584 ----a-w- c:\windows\system32\SRSTSHD.dll
2011-08-30 06:54 . 2009-11-24 07:55 173296 ----a-w- c:\windows\system32\SRSHP360.dll
2011-08-30 06:54 . 2009-11-24 07:55 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2011-08-30 06:54 . 2011-05-05 12:14 214368 ----a-w- c:\windows\system32\SFNHK.dll
2011-08-30 06:54 . 2011-06-30 14:14 1497704 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-08-30 06:54 . 2011-05-05 12:14 68960 ----a-w- c:\windows\system32\SFAPO.dll
2011-08-30 06:54 . 2011-05-05 12:14 74080 ----a-w- c:\windows\system32\SFCOM.dll
2011-08-30 06:49 . 2011-08-30 06:49 -------- d-----w- c:\users\Orinoco\AppData\Local\Adobe
2011-08-30 05:48 . 2011-07-11 12:17 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-29 15:31 . 2011-08-29 15:33 -------- d-----w- c:\program files\Windows Doctor
2011-08-29 12:17 . 2011-08-29 12:17 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-08-29 12:17 . 2011-08-29 12:17 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-08-29 12:17 . 2011-08-29 12:17 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-08-29 12:16 . 2011-08-29 12:16 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-08-29 12:16 . 2011-08-29 12:16 -------- d-----w- c:\programdata\MicroWorld
2011-08-29 09:55 . 2011-08-29 09:55 -------- d-----w- c:\program files\CCleaner
2011-08-28 20:18 . 2011-08-28 20:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-28 20:18 . 2011-08-28 20:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-28 17:32 . 2011-08-28 17:32 -------- d-----w- c:\programdata\Cyberlink
2011-08-28 11:38 . 2011-08-28 11:38 -------- d-----w- c:\users\Orinoco\user
2011-08-28 02:04 . 2011-08-28 02:04 -------- d--h--w- c:\windows\system32\WLANProfiles
2011-08-28 02:02 . 2011-08-28 09:42 -------- d-----w- c:\programdata\Intel
2011-08-27 18:16 . 2011-08-27 18:16 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-27 10:56 . 2011-08-27 10:56 -------- d-----w- c:\program files\MarySoft
2011-08-27 00:59 . 2011-08-27 00:59 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2011-08-27 00:22 . 2011-08-27 00:22 -------- d-----w- c:\users\Orinoco\AppData\Local\Chris_Pietschmann_(http__
2011-08-26 10:03 . 2011-08-26 10:03 -------- d-----w- c:\program files\Motorola Mobility
2011-08-26 08:06 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D58DF2BA-543D-4899-8EA1-793507A4BDD5}\mpengine.dll
2011-08-24 08:02 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-22 08:19 . 2011-08-22 08:19 -------- d-----w- c:\users\Orinoco\AppData\Roaming\Mirillis
2011-08-22 08:19 . 2011-08-22 08:19 -------- d-----w- c:\programdata\Mirillis
2011-08-22 08:19 . 2011-08-28 17:34 -------- d-----w- c:\users\Orinoco\AppData\Local\Mirillis
2011-08-21 20:33 . 2011-08-21 20:33 -------- d-----w- c:\windows\Downloaded Installations
2011-08-21 20:29 . 2011-08-21 20:29 -------- d-----w- c:\users\Orinoco\AppData\Roaming\DVDFab
2011-08-19 20:00 . 2011-08-19 20:00 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-08-15 18:16 . 2011-08-15 18:16 -------- d-----w- C:\3DP
2011-08-10 13:29 . 2011-08-10 13:29 -------- d-----w- c:\program files\JDownloader
2011-08-03 09:40 . 2011-08-03 09:40 -------- d-----w- c:\windows\system32\Adobe
2011-08-03 09:16 . 2011-08-03 16:28 -------- d-----w- c:\users\Orinoco\AppData\Roaming\ZipGenius
2011-08-03 09:15 . 2011-08-03 09:16 -------- d-----w- c:\program files\ZipGenius 6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-30 05:48 . 2010-03-07 17:40 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-07-19 10:24 . 2011-07-19 10:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-06 17:52 . 2011-01-08 21:17 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-01-08 21:17 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 02:29 . 2011-07-13 06:28 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-25 17:56 . 2011-06-25 17:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-11-23 1115728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-06-01 3612672]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-16 10820200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^STK02N 2.3 PNP Monitor.lnk]
backup=c:\windows\pss\STK02N 2.3 PNP Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S60 PC Suite Tray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S60TrayApplication
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-07 17:22 135664 ----atw- c:\users\Orinoco\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe -a
"Google Update"="c:\users\Orinoco\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Windows Mobile Device Center"=c:\windows\WindowsMobile\wmdc.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2006-11-01 219264]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 cpuz134;cpuz134;c:\users\Orinoco\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\DRIVERS\STK02NW2.sys [2007-03-12 101520]
R3 esihdrv;esihdrv;c:\users\Orinoco\AppData\Local\Temp\esihdrv.sys [x]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 56320]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-02-07 11008]
R3 netw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-01-13 6628352]
R3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]
R3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]
R3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]
R3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-03-22 30600]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-03-22 19280]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
R4 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R4 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\Dfsdks.exe [2009-01-09 410976]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-07-11 18768]
R4 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-07-20 820568]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-02 61424]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 95896]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-06-01 3447808]
S2 iprip;Naslouchání RIP;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1656112]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-03-26 599344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 NETwLv32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
ipripsvc REG_MULTI_SZ iprip
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898472993-1252619046-1967421820-1001Core.job
- c:\users\Orinoco\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-07 17:22]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898472993-1252619046-1967421820-1001UA.job
- c:\users\Orinoco\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-07 17:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 10.10.10.250
TCP: Interfaces\{B9F844D6-93FA-49FE-9BF7-73369D61E45D}: DhcpNameServer = 10.10.10.250
TCP: Interfaces\{D5AEC4D6-E475-42CD-A91F-616918ECFBD1}\B42796A636F637: DhcpNameServer = 80.82.144.142 80.82.146.10
FF - ProfilePath - c:\users\Orinoco\AppData\Roaming\Mozilla\Firefox\Profiles\el775hdk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =382950&p=
FF - user.js: browser.blink_allowed - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-MSSMSGS - winrzy32.rom
MSConfigStartUp-PWRISOVM - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-08-30 14:39:56
ComboFix-quarantined-files.txt 2011-08-30 12:39
.
Před spuštěním: Volných bajtů: 61 268 283 392
Po spuštění: Volných bajtů: 61 627 318 272
.
- - End Of File - - AC669948A5FFEC91C5DB5E5FFFCDEBFD

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898472993-1252619046-1967421820-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898472993-1252619046-1967421820-1001UA.job

DirLook::
c:\users\Orinoco\user

RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

c:\users\Orinoco\user--- tu složku znáš??

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\drivers\cnnctfy2.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[Tavare]

složku C:\users\Orinoco\user neznám a smazal jsem ji.
výsledek z virustotal:(cnnctfy2.sys.....měla by to být část driveru k virtuálnímu routeru, který jsem již odinstaloval, ale asi po něm zůstaly zbytky...je to program Connectfy)

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: cnnctfy2.sys
Submission date: 2011-08-30 19:34:47 (UTC)
Current status: finished
Result: 0/ 44 (0.0%)

[Tavare]

ComboFix 11-08-30.02 - Orinoco 30.08.2011 22:04:58.3.2 - x86
Spuštěný z: c:\users\Orinoco\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Orinoco\Desktop\CFScript.txt
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898472993-1252619046-1967421820-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898472993-1252619046-1967421820-1001UA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-28 do 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2011-08-30 20:17 . 2011-08-30 20:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-30 20:17 . 2011-08-30 20:17 -------- d-----w- c:\users\Pipa\AppData\Local\temp
2011-08-30 20:17 . 2011-08-30 20:17 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-08-30 20:17 . 2011-08-30 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-30 14:56 . 2011-08-30 14:56 -------- d-----w- c:\program files\Lavalys
2011-08-30 12:39 . 2011-08-30 20:17 -------- d-----w- c:\users\Orinoco\AppData\Local\temp
2011-08-30 06:54 . 2011-08-30 06:54 -------- d-----w- c:\windows\system32\RTCOM
2011-08-30 06:54 . 2011-07-27 22:54 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-08-30 06:54 . 2009-11-18 16:42 1783056 ----a-w- c:\windows\system32\WavesLib.dll
2011-08-30 06:54 . 2009-11-24 07:55 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2011-08-30 06:54 . 2009-11-24 07:55 185584 ----a-w- c:\windows\system32\SRSTSHD.dll
2011-08-30 06:54 . 2009-11-24 07:55 173296 ----a-w- c:\windows\system32\SRSHP360.dll
2011-08-30 06:54 . 2009-11-24 07:55 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2011-08-30 06:54 . 2011-05-05 12:14 214368 ----a-w- c:\windows\system32\SFNHK.dll
2011-08-30 06:54 . 2011-06-30 14:14 1497704 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-08-30 06:54 . 2011-05-05 12:14 68960 ----a-w- c:\windows\system32\SFAPO.dll
2011-08-30 06:54 . 2011-05-05 12:14 74080 ----a-w- c:\windows\system32\SFCOM.dll
2011-08-30 06:49 . 2011-08-30 19:46 -------- d-----w- c:\users\Orinoco\AppData\Local\Adobe
2011-08-30 05:48 . 2011-07-11 12:17 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-08-29 15:31 . 2011-08-29 15:33 -------- d-----w- c:\program files\Windows Doctor
2011-08-29 12:17 . 2011-08-29 12:17 632064 ----a-w- c:\windows\system32\msvcr80.dll
2011-08-29 12:17 . 2011-08-29 12:17 554240 ----a-w- c:\windows\system32\msvcp80.dll
2011-08-29 12:17 . 2011-08-29 12:17 34048 ----a-w- c:\windows\system32\eEmpty.exe
2011-08-29 12:16 . 2011-08-29 12:16 -------- d-----w- c:\program files\Common Files\MicroWorld
2011-08-29 12:16 . 2011-08-29 12:16 -------- d-----w- c:\programdata\MicroWorld
2011-08-29 09:55 . 2011-08-29 09:55 -------- d-----w- c:\program files\CCleaner
2011-08-28 20:18 . 2011-08-28 20:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-28 20:18 . 2011-08-28 20:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-28 17:32 . 2011-08-28 17:32 -------- d-----w- c:\programdata\Cyberlink
2011-08-28 02:04 . 2011-08-28 02:04 -------- d--h--w- c:\windows\system32\WLANProfiles
2011-08-28 02:02 . 2011-08-28 09:42 -------- d-----w- c:\programdata\Intel
2011-08-27 18:16 . 2011-08-27 18:16 -------- d-----w- c:\program files\SystemRequirementsLab
2011-08-27 10:56 . 2011-08-27 10:56 -------- d-----w- c:\program files\MarySoft
2011-08-27 00:59 . 2011-08-27 00:59 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2011-08-27 00:22 . 2011-08-27 00:22 -------- d-----w- c:\users\Orinoco\AppData\Local\Chris_Pietschmann_(http__
2011-08-26 10:03 . 2011-08-26 10:03 -------- d-----w- c:\program files\Motorola Mobility
2011-08-26 08:06 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D58DF2BA-543D-4899-8EA1-793507A4BDD5}\mpengine.dll
2011-08-24 08:02 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-22 08:19 . 2011-08-22 08:19 -------- d-----w- c:\users\Orinoco\AppData\Roaming\Mirillis
2011-08-22 08:19 . 2011-08-22 08:19 -------- d-----w- c:\programdata\Mirillis
2011-08-22 08:19 . 2011-08-28 17:34 -------- d-----w- c:\users\Orinoco\AppData\Local\Mirillis
2011-08-21 20:33 . 2011-08-21 20:33 -------- d-----w- c:\windows\Downloaded Installations
2011-08-21 20:29 . 2011-08-21 20:29 -------- d-----w- c:\users\Orinoco\AppData\Roaming\DVDFab
2011-08-19 20:00 . 2011-08-19 20:00 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-08-15 18:16 . 2011-08-15 18:16 -------- d-----w- C:\3DP
2011-08-10 13:29 . 2011-08-10 13:29 -------- d-----w- c:\program files\JDownloader
2011-08-03 09:40 . 2011-08-03 09:40 -------- d-----w- c:\windows\system32\Adobe
2011-08-03 09:16 . 2011-08-03 16:28 -------- d-----w- c:\users\Orinoco\AppData\Roaming\ZipGenius
2011-08-03 09:15 . 2011-08-03 09:16 -------- d-----w- c:\program files\ZipGenius 6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-30 05:48 . 2010-03-07 17:40 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-07-19 10:24 . 2011-07-19 10:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 02:29 . 2011-07-13 06:28 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-06-25 17:56 . 2011-06-25 17:56 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\System32\msfDX.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Orinoco\user ----
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-11-23 1115728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 1037608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-06-01 3612672]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-16 10820200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^STK02N 2.3 PNP Monitor.lnk]
backup=c:\windows\pss\STK02N 2.3 PNP Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-07 17:22 135664 ----atw- c:\users\Orinoco\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FTweakFCleaner"=c:\program files\FCleaner\FCleaner.exe -a
"Google Update"="c:\users\Orinoco\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ePower_DMC"=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Windows Mobile Device Center"=c:\windows\WindowsMobile\wmdc.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2006-11-01 219264]
R3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\DRIVERS\STK02NW2.sys [2007-03-12 101520]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 56320]
R3 netw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-01-13 6628352]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
R4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
R4 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
R4 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\Dfsdks.exe [2009-01-09 410976]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-02 61424]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 95896]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-06-01 3447808]
S2 iprip;Naslouchání RIP;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1656112]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-03-26 599344]
S3 NETwLv32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
ipripsvc REG_MULTI_SZ iprip
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898472993-1252619046-1967421820-1001Core.job
- c:\users\Orinoco\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-07 17:22]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898472993-1252619046-1967421820-1001UA.job
- c:\users\Orinoco\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-07 17:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452}
TCP: DhcpNameServer = 10.10.10.250
TCP: Interfaces\{B9F844D6-93FA-49FE-9BF7-73369D61E45D}: DhcpNameServer = 10.10.10.250
TCP: Interfaces\{D5AEC4D6-E475-42CD-A91F-616918ECFBD1}\B42796A636F637: DhcpNameServer = 80.82.144.142 80.82.146.10
FF - ProfilePath - c:\users\Orinoco\AppData\Roaming\Mozilla\Firefox\Profiles\el775hdk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =382950&p=
FF - user.js: browser.blink_allowed - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
Celkový čas: 2011-08-30 22:22:01
ComboFix-quarantined-files.txt 2011-08-30 20:22
ComboFix2.txt 2011-08-30 12:39
.
Před spuštěním: Volných bajtů: 56 586 383 360
Po spuštění: Volných bajtů: 56 522 067 968
.
- - End Of File - - DFF05831B8213D6698E36224676B211D

[Tavare]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:29, on 30.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Orinoco\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [VitaKeyPdtWzd] "C:\Program Files\Acer Bio Protection\PdtWzd.exe"
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: EgisTec Service (IGBASVC) - Egis Technology Inc. - C:\Program Files\Acer Bio Protection\BASVC.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 4839 bytes