kontrola logu - pomalý PC

[Teedok]

Kámoš si stěžuje že má pomalé PC tak mu přes můj account nechám zkontrolovat PC

díky

log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:57:43, on 27.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\autoclk.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{474CF59C-B629-4C5A-93A3-6D6126B78E45}: NameServer = 90.183.231.251 194.228.41.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{474CF59C-B629-4C5A-93A3-6D6126B78E45}: NameServer = 90.183.231.251 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Zwangi Service - Unknown owner - C:\ProgramData\Zwangi\zwangi113.exe

--
End of file - 11199 bytes





+

log z MbAM:

Malwarebytes' Anti-Malware 1.38
Verze databáze: 2343
Windows 6.0.6001 Service Pack 1

27.6.2009 23:13:11
mbam-log-2009-06-27 (23-13-01).txt

Typ skenu: Rychlý sken
Objektu skenováno: 82998
Uplynulý cas: 6 minute(s), 6 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[Reklama]

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.
******************************************************************************************************************************************
Má dva antiviry , ať jeden odinstaluje. (AVAST nebo Norton/Symantec)

Odinstaluj:
BS.Player ControlBar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =    
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O13 - Gopher Prefix:


*****************************************************************************************************************************************
Vypni rez. ochranu u zbývajícího antiviru.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Teedok]

MbAM


Malwarebytes' Anti-Malware 1.38
Verze databáze: 2343
Windows 6.0.6001 Service Pack 1

28.6.2009 15:23:33
mbam-log-2009-06-28 (15-23-33).txt

Typ skenu: Úplný sken (C:\|D:\|)
Objektu skenováno: 260008
Uplynulý cas: 1 hour(s), 2 minute(s), 21 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)




ComboFix




ComboFix 09-06-26.02 - Martinka 28.06.2009 17:49.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.420.1029.18.1919.1279 [GMT 2:00]
Spuštěný z: c:\users\Martinka\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 081220-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1296 [VPS 081220-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Martinka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\avast! Antivirus.lnk
c:\windows\system32\acovcnt.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-28 16:10 . 2009-06-28 16:10 -------- d-----w- c:\users\Martinka\AppData\Local\temp
2009-06-28 16:10 . 2009-06-28 16:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-28 06:43 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-28 06:43 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 21:04 . 2009-06-27 21:04 -------- d-----w- c:\users\Martinka\AppData\Roaming\Malwarebytes
2009-06-27 21:04 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 21:04 . 2009-06-27 21:04 -------- d-----w- c:\programdata\Malwarebytes
2009-06-27 21:04 . 2009-06-27 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 21:04 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-27 19:39 . 2009-06-27 19:39 -------- d-----w- c:\program files\Trend Micro
2009-06-27 19:29 . 2009-06-27 19:29 -------- d-----w- c:\program files\Defraggler
2009-06-22 15:58 . 2009-06-22 15:58 -------- d-----w- c:\users\Martinka\AppData\Local\Digsby
2009-06-22 15:58 . 2009-06-22 15:59 -------- d-----w- c:\users\Martinka\AppData\Roaming\Digsby
2009-06-22 15:58 . 2009-06-22 15:58 -------- d-----w- c:\programdata\Winferno
2009-06-22 15:54 . 2009-06-22 15:54 -------- d-----w- c:\program files\Common Files\Winferno
2009-06-22 15:53 . 2006-10-09 11:06 495616 ----a-w- c:\windows\system32\WINUTIL5.DLL
2009-06-22 15:53 . 2006-05-17 06:40 393216 ----a-w- c:\windows\system32\WINLCTL5.DLL
2009-06-22 15:53 . 2009-06-22 15:53 -------- d-----w- c:\program files\Winferno
2009-06-22 15:46 . 2009-06-16 21:07 54760 ----a-w- c:\programdata\Zwangi\zwangi113.exe
2009-06-22 15:43 . 2009-06-22 15:46 -------- d-----w- c:\program files\Zwangi
2009-06-22 15:43 . 2009-06-22 15:46 -------- d-----w- c:\programdata\Zwangi
2009-06-10 22:29 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 22:22 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 22:22 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-08 04:46 . 2009-06-08 04:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-06-08 04:46 . 2009-06-08 14:24 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-07 17:31 . 2009-06-07 17:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-07 17:30 . 2009-06-08 04:47 -------- d-----w- c:\users\Martinka\AppData\Roaming\DAEMON Tools Lite
2009-05-31 07:13 . 2009-05-31 07:14 -------- d-----w- c:\program files\VariCAD

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 16:01 . 2008-09-19 20:13 -------- d-----w- c:\users\Martinka\AppData\Roaming\DNA
2009-06-28 15:30 . 2008-09-19 20:13 -------- d-----w- c:\program files\DNA
2009-06-28 11:44 . 2008-10-07 19:30 -------- d-----w- c:\program files\BS.Player ControlBar
2009-06-28 11:43 . 2007-11-10 13:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-28 11:42 . 2007-11-10 13:31 -------- d-----w- c:\programdata\Symantec
2009-06-28 11:41 . 2007-11-10 13:31 -------- d-----w- c:\program files\Symantec
2009-06-28 09:39 . 2007-04-21 07:47 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-28 09:28 . 2008-07-28 06:51 100648 ----a-w- c:\users\Martinka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 06:48 . 2007-11-10 12:25 -------- d-----w- c:\programdata\Microsoft Help
2009-06-28 06:46 . 2007-11-10 12:34 -------- d-----w- c:\program files\Microsoft Works
2009-06-27 18:26 . 2008-11-02 08:58 -------- d-----w- c:\users\Martinka\AppData\Roaming\Skype
2009-06-27 18:22 . 2008-11-02 08:59 -------- d-----w- c:\users\Martinka\AppData\Roaming\skypePM
2009-06-25 20:27 . 2008-07-28 10:18 116796 ----a-w- c:\users\Martinka\AppData\Roaming\nvModes.dat
2009-06-25 15:07 . 2007-04-21 08:35 598838 ----a-w- c:\windows\system32\perfh005.dat
2009-06-25 15:07 . 2007-04-21 08:35 115014 ----a-w- c:\windows\system32\perfc005.dat
2009-06-17 18:14 . 2009-02-06 17:31 -------- d-----w- c:\users\Martinka\AppData\Roaming\uTorrent
2009-06-09 22:32 . 2009-04-06 20:38 -------- d-----w- c:\users\Martinka\AppData\Roaming\Any Video Converter
2009-06-08 14:26 . 2009-04-30 06:42 -------- d-----w- c:\program files\Astraware
2009-05-27 14:39 . 2008-08-11 20:50 -------- d-----w- c:\users\Martinka\AppData\Roaming\ICQ
2009-05-20 15:53 . 2007-11-10 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 05:02 . 2009-05-19 05:02 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-19 05:02 . 2009-05-19 05:02 -------- d-----w- c:\program files\TildeTech
2009-05-14 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 18:37 . 2009-05-12 18:37 -------- d-----w- c:\program files\Audacity
2009-05-08 20:49 . 2009-05-08 20:13 -------- d-----w- c:\program files\PSPad editor
2009-05-01 21:48 . 2009-04-30 06:40 -------- d-----w- c:\program files\ZIO Interactive
2009-05-01 21:35 . 2009-05-01 21:35 -------- d-----w- c:\program files\MDM
2009-04-30 06:42 . 2009-04-30 06:42 -------- d-----w- c:\program files\Jamdat
2009-04-30 06:37 . 2009-04-30 06:37 -------- d-----w- c:\program files\Afewgames
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-29 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-01-17 106496]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-10 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-10 33136]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-14 81920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-25 4444160]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-04-13 1822720]
"autoclk"="autoclk.exe" - c:\windows\autoclk.exe [2003-01-30 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-3-24 962663]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A41AFE47-F96B-419A-B18F-89E1712BCFB2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{65C3CB47-F3CF-420A-B362-437519A743E0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{D97C3F0D-BA4A-435C-9FCA-EDD478FB2A99}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{461964EF-C48D-4419-B7A8-98EA378F10BF}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{545F8108-B2A0-4EE9-83C7-1D3124279634}c:\\users\\cid\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\cid\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{71150ABD-F767-4793-BC6F-01E62F5950E0}c:\\users\\cid\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\cid\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{25860D9C-B3EB-4881-B587-68C022092B6D}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{AA7FB42F-6BF0-45C3-8491-2A9FCEEFEDC8}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{3F7140F6-322D-421C-A322-BC95F6F82E50}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{10326757-8483-492D-A2ED-9CDEE5E3BCA4}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{0E56D1EB-9F75-41FE-8DF9-ACF8EC074D02}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{0E8F6EB5-90ED-467F-96C1-D0E1511080DD}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{26D0F538-EBBE-4E0B-87B0-E7B2517EE9C6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5E2F6D60-6B62-40E4-A7FA-0EF3EB576998}d:\\adam\\hry\\tmnationsforever\\tmforever.exe"= UDP:d:\adam\hry\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{E6526D2D-CD7A-4D66-82A9-FE3823E8A204}d:\\adam\\hry\\tmnationsforever\\tmforever.exe"= TCP:d:\adam\hry\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{DC437CCD-5028-4919-B326-BFE15BFD955A}d:\\adam\\hry\\tmunitedforever\\tmforever.exe"= UDP:d:\adam\hry\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{01A0F7D4-53A1-466B-847F-D5B3ABFE2145}d:\\adam\\hry\\tmunitedforever\\tmforever.exe"= TCP:d:\adam\hry\tmunitedforever\tmforever.exe:TmForever
"{E67366C8-759C-4FB9-BD34-8A59234DDFED}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{6DF30B76-466A-4E91-B4E9-29B8DFE0DCC9}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{A24E9F4D-7A48-4F75-B281-443C9183829E}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{EF4112F4-D9BE-4185-8C7B-93ED8C7BB034}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{F58580F7-7332-4E06-9BAD-B17A620D2F24}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1503CBB1-D1EA-45B0-8206-98435F79E7C4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{89814F6D-3C87-4753-8456-33AE0EAE9A4B}"= UDP:d:\adam\Hry\Pes2009\pes2009.exe:Pro Evolution Soccer 2009
"{E1EAA799-F544-4556-90A5-1EE6633FA88F}"= TCP:d:\adam\Hry\Pes2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{B1A5F97A-6246-40B0-9700-AA2CF6227929}d:\\adam\\hry\\hamachi\\hamachi.exe"= UDP:d:\adam\hry\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{34992231-712C-4A42-90C3-A1B17C915A21}d:\\adam\\hry\\hamachi\\hamachi.exe"= TCP:d:\adam\hry\hamachi\hamachi.exe:Hamachi Client
"{48768FE4-14A3-4F8D-A25D-2598BDF62EEA}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{99E73F01-1AC9-4D50-A9DD-86F54F3ED63B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{DF52924B-3FC3-45D9-B248-76996462C5F3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD7F5118-2C45-4B23-BF79-8FD6425CE031}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BEBEAE83-C659-4E55-8A8D-965E10475C43}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A0C78910-3642-42CC-8874-74A648D957C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DDEB06F6-3BBB-4C68-846A-69842B4A61E6}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{D97628CF-28AE-414D-917A-3D38DE27A163}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{1DEEC1EF-058E-4409-AE59-133B4032B1C9}"= UDP:d:\adam\Hry\PES2009\Crack\pes2009.exe:Pro Evolution Soccer 2009
"{5D62B9B4-473E-49D0-859F-24577EBCD915}"= TCP:d:\adam\Hry\PES2009\Crack\pes2009.exe:Pro Evolution Soccer 2009
"{B28D1C46-F408-433A-9B9E-B2CBDDAEBEA5}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{8C359640-6B82-4EF5-A6DE-ECB3702981F0}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{3275D346-8196-4A91-8A41-9FC5545D123B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{336AB885-19F0-48A8-A5F8-85729CC6D371}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EE1A8BA3-4E86-469A-89EF-50598AC9B264}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0F1AB29-BC92-41C0-97A6-8D0F1FCD3430}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0F3BC5E-84A5-4E15-AFC2-5A3D4A9A23C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{93FFD320-4043-4E98-B0CA-6647D3DC7FD2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{8CDD3E55-DC12-4EB9-BC7A-7C53E5CF84EA}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{77E340EB-F7C1-4576-88ED-42FD5655729D}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{0DBCEB65-FEB3-408A-BCA7-B2971810734D}d:\\adam\\hrystronghold 2 demo\\stronghold2demo.exe"= UDP:d:\adam\hrystronghold 2 demo\stronghold2demo.exe:Stronghold 2
"UDP Query User{B06FC1E9-DE4C-4C44-A4EF-B5279EDFC3C3}d:\\adam\\hrystronghold 2 demo\\stronghold2demo.exe"= TCP:d:\adam\hrystronghold 2 demo\stronghold2demo.exe:Stronghold 2
"TCP Query User{E5A3984C-AB41-44E6-A36D-E0E77C9AF97F}d:\\adam\\hry\\stronghold\\stronghold crusader.exe"= UDP:d:\adam\hry\stronghold\stronghold crusader.exe:Stronghold Crusader
"UDP Query User{85CA46A4-FA4E-40CB-B623-18F978128E12}d:\\adam\\hry\\stronghold\\stronghold crusader.exe"= TCP:d:\adam\hry\stronghold\stronghold crusader.exe:Stronghold Crusader
"TCP Query User{C02AE42F-C4E2-420A-928D-9B446862868D}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{C604F9A3-78BE-4A15-A227-0F83DA122E73}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"{7CE25E2A-9FD1-49C9-A4B4-E79274B361E5}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{0818FE2F-2079-4020-901B-1F177AC42253}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{3D414B4C-1554-435C-B3C3-CA80744AD62D}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{D9CBF5D1-E12B-4BF6-A2A9-197F0457712D}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{CADB9F22-776C-439F-872A-FD8CB55F607E}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{9D8C0597-00F3-48DB-9AD3-A182CE18E494}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{57ACAD5D-9CCC-4467-9ED1-CFD262D654DC}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{A531ECF3-D93A-4574-8D5A-7B5E9DA9AB77}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{EA14DB3E-4C6E-4202-85D7-931B474AA06A}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [8.10.2008 18:29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [8.10.2008 18:29 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [8.10.2008 18:29 51792]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.3.2009 21:09 222456]
R2 Zwangi Service;Zwangi Service;c:\programdata\Zwangi\zwangi113.exe [22.6.2009 17:46 54760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-28 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2009-06-22 12:10]

2009-06-28 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2009-06-22 12:48]

2009-06-28 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2009-06-22 12:34]

2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{50CB1822-8AEF-4076-89EA-9EA3E5FABEF0}.job
- c:\windows\system32\msfeedssync.exe [2009-06-28 11:31]

2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{94BBD35D-0987-4BED-B639-4F5D0E2AFDF2}.job
- c:\windows\system32\msfeedssync.exe [2009-06-28 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Martinka\AppData\Roaming\Mozilla\Firefox\Profiles\dxp7idwe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 18:10
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


C:\ADSM_PData_0150

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2009-06-28 18:13
ComboFix-quarantined-files.txt 2009-06-28 16:13

Před spuštěním: Volných bajtů: 27 976 146 944
Po spuštění: Volných bajtů: 27 855 237 120

267 --- E O F --- 2009-06-28 06:49

[jaro3]

Toto je co za program:
c:\programdata\Zwangi ?

Toto otestuj na Virustotal
c:\programdata\Zwangi\zwangi113.exe
Vlož sem pak odkaz výsledku.

Odinstaluj :
c:\program files\Winferno --pokud půjde..

Ten Norton/Symantec má jít pryč? Máš tam ten Avast..

Použij toto na odinstalaci Norton/Symantec:
ftp://ftp.symantec.com/public/english_u ... l_Tool.exe
Pak udělám script.

[Teedok]

virustotal:


http://www.virustotal.com/cs/analisis/2 ... 1246097857


Soubor zwangi113.exe přijatý 2009.06.27 10:17:37 (UTC)
Současný stav: Dokončeno

Výsledek: 1/41 (2.44%)
Formátované Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.18 2009.06.27 -
AhnLab-V3 5.0.0.2 2009.06.26 -
AntiVir 7.9.0.199 2009.06.26 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.27 -
Avast 4.8.1335.0 2009.06.26 -
AVG 8.5.0.339 2009.06.27 -
BitDefender 7.2 2009.06.27 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.27 -
Comodo 1451 2009.06.27 -
DrWeb 5.0.0.12182 2009.06.27 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6582 2009.06.26 -
F-Prot 4.4.4.56 2009.06.26 -
F-Secure 8.0.14470.0 2009.06.27 -
Fortinet 3.117.0.0 2009.06.27 -
GData 19 2009.06.27 -
Ikarus T3.1.1.64.0 2009.06.27 -
Jiangmin 11.0.706 2009.06.27 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.27 -
McAfee 5658 2009.06.26 -
McAfee+Artemis 5658 2009.06.26 -
McAfee-GW-Edition 6.7.6 2009.06.26 -
Microsoft 1.4803 2009.06.27 -
NOD32 4193 2009.06.26 -
Norman 6.01.09 2009.06.26 -
nProtect 2009.1.8.0 2009.06.27 -
Panda 10.0.0.16 2009.06.26 -
PCTools 4.4.2.0 2009.06.26 -
Prevx 3.0 2009.06.27 High Risk Cloaked Malware
Rising 21.35.52.00 2009.06.27 -
Sophos 4.43.0 2009.06.27 -
Sunbelt 3.2.1858.2 2009.06.27 -
Symantec 1.4.4.12 2009.06.27 -
TheHacker 6.3.4.3.356 2009.06.27 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.27 -
ViRobot 2009.6.26.1806 2009.06.26 -
VirusBuster 4.6.5.0 2009.06.26 -
Rozšiřující informace
File size: 54760 bytes
MD5 : 69fe7d2e53d9e684d432243c603f78fe
SHA1 : 467ad7130c76c9f8ba2c39c1a4d7d3ebdfaa477d
SHA256: 23f3694c64084d8747b50a6c9903dc69936b935ea33647db26394346c5d19b4b
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2F6F
timedatestamp.....: 0x4A3809A5 (Tue Jun 16 23:07:49 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6374 0x7000 6.22 5ef9fb55795915541f11562b29af22ed
.rdata 0x8000 0x1976 0x2000 4.30 42c8aec0a51dfd69ae5d3aaddeab97cd
.data 0xA000 0x958 0x1000 1.03 13d37ab337fce898c172a13cbb59c165
.rsrc 0xB000 0x10 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110

( 1 imports )

> kernel32.dll: lstrcpyA, lstrlenA, UnmapViewOfFile, FlushViewOfFile, MapViewOfFile, CloseHandle, CreateFileMappingA, GetFileSize, CreateFileA, GetProcAddress, LoadLibraryA, lstrcmpA, RtlUnwind, RaiseException, GetSystemTimeAsFileTime, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersionExA, HeapAlloc, HeapFree, SetUnhandledExceptionFilter, ExitProcess, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, HeapSize, IsBadReadPtr, IsBadCodePtr, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, GetACP, GetOEMCP, GetCPInfo, InterlockedExchange, VirtualQuery, GetLocaleInfoA, VirtualProtect, GetSystemInfo, LCMapStringA, LCMapStringW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId

( 0 exports )

TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 768:/jJkSJ0EtDJaHE8GjM7R3fIXOPgrr3QjNMlODwknFLh:/tVJ04DJ6GjMlPlWr3QDDwknFF
Prevx Info: http://info.prevx.com/aboutprogramtext. ... 0089E3C78D
PEiD : -
RDS : NSRL Reference Data Set
-




+ HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:32, on 28.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Windows\autoclk.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{474CF59C-B629-4C5A-93A3-6D6126B78E45}: NameServer = 90.183.231.251 194.228.41.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{474CF59C-B629-4C5A-93A3-6D6126B78E45}: NameServer = 90.183.231.251 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 7433 bytes



Winferno odinstalován, Norton taky.

[jaro3]

Zkus odinstalovat i Zwangi a DAEMON Tools Toolbar

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\bthservsdp.dat
c:\users\Martinka\AppData\Roaming\nvModes.dat
c:\windows\Tasks\PCConfidential.job
c:\program files\Winferno\PC Confidential\PCConfidential.exe
c:\programdata\Zwangi\zwangi113.exe

Folder::
c:\program files\Zwangi
c:\programdata\Zwangi
c:\program files\BS.Player ControlBar
c:\program files\DAEMON Tools Toolbar
c:\program files\Winferno
c:\programdata\Winferno

Driver::
Zwangi Service;Zwangi Service
Zwangi Service

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zítra se mrknu.

[Teedok]

Combofix


ComboFix 09-06-26.02 - Martinka 29.06.2009 0:22.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.420.1029.18.1919.1300 [GMT 2:00]
Spuštěný z: c:\users\Martinka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martinka\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 081220-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1296 [VPS 081220-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\program files\Winferno\PC Confidential\PCConfidential.exe"
"c:\programdata\Zwangi\zwangi113.exe"
"c:\users\Martinka\AppData\Roaming\nvModes.dat"
"c:\windows\bthservsdp.dat"
"c:\windows\Tasks\PCConfidential.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BS.Player ControlBar
c:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
c:\program files\BS.Player ControlBar\FirefoxDTT\chrome\bstoolbar.jar
c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml
c:\program files\Winferno
c:\programdata\Winferno
c:\programdata\Winferno\RegPowerClean\results.rcs
c:\users\Martinka\AppData\Roaming\nvModes.dat
c:\windows\bthservsdp.dat
c:\windows\system32\acovcnt.exe
c:\windows\Tasks\PCConfidential.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-28 do 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-28 22:43 . 2009-06-28 22:43 -------- d-----w- c:\users\Martinka\AppData\Local\temp
2009-06-28 22:43 . 2009-06-28 22:43 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-06-28 06:43 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-28 06:43 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 21:04 . 2009-06-27 21:04 -------- d-----w- c:\users\Martinka\AppData\Roaming\Malwarebytes
2009-06-27 21:04 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 21:04 . 2009-06-27 21:04 -------- d-----w- c:\programdata\Malwarebytes
2009-06-27 21:04 . 2009-06-27 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 21:04 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-27 19:39 . 2009-06-27 19:39 -------- d-----w- c:\program files\Trend Micro
2009-06-27 19:29 . 2009-06-27 19:29 -------- d-----w- c:\program files\Defraggler
2009-06-22 15:58 . 2009-06-22 15:58 -------- d-----w- c:\users\Martinka\AppData\Local\Digsby
2009-06-22 15:58 . 2009-06-22 15:59 -------- d-----w- c:\users\Martinka\AppData\Roaming\Digsby
2009-06-10 22:29 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 22:22 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 22:22 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-08 04:46 . 2009-06-08 04:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-06-07 17:31 . 2009-06-07 17:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-07 17:30 . 2009-06-08 04:47 -------- d-----w- c:\users\Martinka\AppData\Roaming\DAEMON Tools Lite
2009-05-31 07:13 . 2009-05-31 07:14 -------- d-----w- c:\program files\VariCAD

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 22:39 . 2008-09-19 20:13 -------- d-----w- c:\users\Martinka\AppData\Roaming\DNA
2009-06-28 22:09 . 2008-09-19 20:13 -------- d-----w- c:\program files\DNA
2009-06-28 20:30 . 2007-11-10 13:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-28 20:30 . 2009-06-28 20:30 -------- d-----w- c:\programdata\NortonInstaller
2009-06-28 09:28 . 2008-07-28 06:51 100648 ----a-w- c:\users\Martinka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-28 06:48 . 2007-11-10 12:25 -------- d-----w- c:\programdata\Microsoft Help
2009-06-28 06:46 . 2007-11-10 12:34 -------- d-----w- c:\program files\Microsoft Works
2009-06-27 18:26 . 2008-11-02 08:58 -------- d-----w- c:\users\Martinka\AppData\Roaming\Skype
2009-06-27 18:22 . 2008-11-02 08:59 -------- d-----w- c:\users\Martinka\AppData\Roaming\skypePM
2009-06-25 15:07 . 2007-04-21 08:35 598838 ----a-w- c:\windows\system32\perfh005.dat
2009-06-25 15:07 . 2007-04-21 08:35 115014 ----a-w- c:\windows\system32\perfc005.dat
2009-06-17 18:14 . 2009-02-06 17:31 -------- d-----w- c:\users\Martinka\AppData\Roaming\uTorrent
2009-06-09 22:32 . 2009-04-06 20:38 -------- d-----w- c:\users\Martinka\AppData\Roaming\Any Video Converter
2009-06-08 14:26 . 2009-04-30 06:42 -------- d-----w- c:\program files\Astraware
2009-05-27 14:39 . 2008-08-11 20:50 -------- d-----w- c:\users\Martinka\AppData\Roaming\ICQ
2009-05-20 15:53 . 2007-11-10 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 05:02 . 2009-05-19 05:02 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-05-19 05:02 . 2009-05-19 05:02 -------- d-----w- c:\program files\TildeTech
2009-05-14 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 18:37 . 2009-05-12 18:37 -------- d-----w- c:\program files\Audacity
2009-05-08 20:49 . 2009-05-08 20:13 -------- d-----w- c:\program files\PSPad editor
2009-05-01 21:48 . 2009-04-30 06:40 -------- d-----w- c:\program files\ZIO Interactive
2009-05-01 21:35 . 2009-05-01 21:35 -------- d-----w- c:\program files\MDM
2009-04-30 06:42 . 2009-04-30 06:42 -------- d-----w- c:\program files\Jamdat
2009-04-30 06:37 . 2009-04-30 06:37 -------- d-----w- c:\program files\Afewgames
.

((((((((((((((((((((((((((((( SnapShot@2009-06-28_16.10.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-21 08:22 . 2009-06-28 21:33 47484 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-06-28 22:11 80844 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-22 18:24 . 2009-06-28 21:07 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-22 18:24 . 2009-06-28 15:07 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-22 18:24 . 2009-06-28 15:07 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-22 18:24 . 2009-06-28 21:07 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-22 18:24 . 2009-06-28 15:07 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-22 18:24 . 2009-06-28 21:07 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-29 18:19 . 2009-06-28 22:11 9856 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2525964022-3418022813-656322441-1001_UserData.bin
+ 2009-06-28 21:31 . 2009-06-28 22:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-06-28 09:42 . 2009-06-28 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-28 21:31 . 2009-06-28 22:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-28 09:42 . 2009-06-28 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-28 09:44 . 2009-06-28 09:44 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-28 09:44 . 2009-06-28 20:36 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-29 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-01-17 106496]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2007-11-10 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-11-10 33136]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-14 81920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-25 4444160]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-04-13 1822720]
"autoclk"="autoclk.exe" - c:\windows\autoclk.exe [2003-01-30 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-3-24 962663]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A41AFE47-F96B-419A-B18F-89E1712BCFB2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{65C3CB47-F3CF-420A-B362-437519A743E0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{D97C3F0D-BA4A-435C-9FCA-EDD478FB2A99}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{461964EF-C48D-4419-B7A8-98EA378F10BF}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{545F8108-B2A0-4EE9-83C7-1D3124279634}c:\\users\\cid\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\cid\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{71150ABD-F767-4793-BC6F-01E62F5950E0}c:\\users\\cid\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\cid\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{25860D9C-B3EB-4881-B587-68C022092B6D}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{AA7FB42F-6BF0-45C3-8491-2A9FCEEFEDC8}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"{3F7140F6-322D-421C-A322-BC95F6F82E50}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{10326757-8483-492D-A2ED-9CDEE5E3BCA4}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{0E56D1EB-9F75-41FE-8DF9-ACF8EC074D02}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{0E8F6EB5-90ED-467F-96C1-D0E1511080DD}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{26D0F538-EBBE-4E0B-87B0-E7B2517EE9C6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5E2F6D60-6B62-40E4-A7FA-0EF3EB576998}d:\\adam\\hry\\tmnationsforever\\tmforever.exe"= UDP:d:\adam\hry\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{E6526D2D-CD7A-4D66-82A9-FE3823E8A204}d:\\adam\\hry\\tmnationsforever\\tmforever.exe"= TCP:d:\adam\hry\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{DC437CCD-5028-4919-B326-BFE15BFD955A}d:\\adam\\hry\\tmunitedforever\\tmforever.exe"= UDP:d:\adam\hry\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{01A0F7D4-53A1-466B-847F-D5B3ABFE2145}d:\\adam\\hry\\tmunitedforever\\tmforever.exe"= TCP:d:\adam\hry\tmunitedforever\tmforever.exe:TmForever
"{E67366C8-759C-4FB9-BD34-8A59234DDFED}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{6DF30B76-466A-4E91-B4E9-29B8DFE0DCC9}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{A24E9F4D-7A48-4F75-B281-443C9183829E}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{EF4112F4-D9BE-4185-8C7B-93ED8C7BB034}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{F58580F7-7332-4E06-9BAD-B17A620D2F24}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1503CBB1-D1EA-45B0-8206-98435F79E7C4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{89814F6D-3C87-4753-8456-33AE0EAE9A4B}"= UDP:d:\adam\Hry\Pes2009\pes2009.exe:Pro Evolution Soccer 2009
"{E1EAA799-F544-4556-90A5-1EE6633FA88F}"= TCP:d:\adam\Hry\Pes2009\pes2009.exe:Pro Evolution Soccer 2009
"TCP Query User{B1A5F97A-6246-40B0-9700-AA2CF6227929}d:\\adam\\hry\\hamachi\\hamachi.exe"= UDP:d:\adam\hry\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{34992231-712C-4A42-90C3-A1B17C915A21}d:\\adam\\hry\\hamachi\\hamachi.exe"= TCP:d:\adam\hry\hamachi\hamachi.exe:Hamachi Client
"{48768FE4-14A3-4F8D-A25D-2598BDF62EEA}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{99E73F01-1AC9-4D50-A9DD-86F54F3ED63B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{DF52924B-3FC3-45D9-B248-76996462C5F3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD7F5118-2C45-4B23-BF79-8FD6425CE031}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{BEBEAE83-C659-4E55-8A8D-965E10475C43}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A0C78910-3642-42CC-8874-74A648D957C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DDEB06F6-3BBB-4C68-846A-69842B4A61E6}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{D97628CF-28AE-414D-917A-3D38DE27A163}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{1DEEC1EF-058E-4409-AE59-133B4032B1C9}"= UDP:d:\adam\Hry\PES2009\Crack\pes2009.exe:Pro Evolution Soccer 2009
"{5D62B9B4-473E-49D0-859F-24577EBCD915}"= TCP:d:\adam\Hry\PES2009\Crack\pes2009.exe:Pro Evolution Soccer 2009
"{B28D1C46-F408-433A-9B9E-B2CBDDAEBEA5}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{8C359640-6B82-4EF5-A6DE-ECB3702981F0}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{3275D346-8196-4A91-8A41-9FC5545D123B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{336AB885-19F0-48A8-A5F8-85729CC6D371}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{EE1A8BA3-4E86-469A-89EF-50598AC9B264}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0F1AB29-BC92-41C0-97A6-8D0F1FCD3430}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D0F3BC5E-84A5-4E15-AFC2-5A3D4A9A23C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{93FFD320-4043-4E98-B0CA-6647D3DC7FD2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{8CDD3E55-DC12-4EB9-BC7A-7C53E5CF84EA}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ
"UDP Query User{77E340EB-F7C1-4576-88ED-42FD5655729D}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ
"TCP Query User{0DBCEB65-FEB3-408A-BCA7-B2971810734D}d:\\adam\\hrystronghold 2 demo\\stronghold2demo.exe"= UDP:d:\adam\hrystronghold 2 demo\stronghold2demo.exe:Stronghold 2
"UDP Query User{B06FC1E9-DE4C-4C44-A4EF-B5279EDFC3C3}d:\\adam\\hrystronghold 2 demo\\stronghold2demo.exe"= TCP:d:\adam\hrystronghold 2 demo\stronghold2demo.exe:Stronghold 2
"TCP Query User{E5A3984C-AB41-44E6-A36D-E0E77C9AF97F}d:\\adam\\hry\\stronghold\\stronghold crusader.exe"= UDP:d:\adam\hry\stronghold\stronghold crusader.exe:Stronghold Crusader
"UDP Query User{85CA46A4-FA4E-40CB-B623-18F978128E12}d:\\adam\\hry\\stronghold\\stronghold crusader.exe"= TCP:d:\adam\hry\stronghold\stronghold crusader.exe:Stronghold Crusader
"TCP Query User{C02AE42F-C4E2-420A-928D-9B446862868D}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{C604F9A3-78BE-4A15-A227-0F83DA122E73}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"{7CE25E2A-9FD1-49C9-A4B4-E79274B361E5}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{0818FE2F-2079-4020-901B-1F177AC42253}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{3D414B4C-1554-435C-B3C3-CA80744AD62D}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{D9CBF5D1-E12B-4BF6-A2A9-197F0457712D}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{CADB9F22-776C-439F-872A-FD8CB55F607E}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{9D8C0597-00F3-48DB-9AD3-A182CE18E494}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{EA14DB3E-4C6E-4202-85D7-931B474AA06A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{350800D8-C2BB-404F-AAE4-6BC039D9BC9E}"= UDP:c:\users\Martinka\AppData\Local\temp\7zS1068.tmp\SymNRT.exe:Norton Removal Tool
"{50B02619-FFC0-4ED0-9420-5BBC7BF9CE34}"= TCP:c:\users\Martinka\AppData\Local\temp\7zS1068.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [8.10.2008 18:29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [8.10.2008 18:29 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [8.10.2008 18:29 51792]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.3.2009 21:09 222456]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - AVAST!_ANTIVIRUS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{50CB1822-8AEF-4076-89EA-9EA3E5FABEF0}.job
- c:\windows\system32\msfeedssync.exe [2009-06-28 11:31]

2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{94BBD35D-0987-4BED-B639-4F5D0E2AFDF2}.job
- c:\windows\system32\msfeedssync.exe [2009-06-28 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Martinka\AppData\Roaming\Mozilla\Firefox\Profiles\dxp7idwe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 00:43
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\users\Martinka\AppData\Local\Temp\catchme.dll 53248 bytes executable
C:\ADSM_PData_0150

sken byl úspešně dokončen
skryté soubory: 2

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2009-06-28 0:46
ComboFix-quarantined-files.txt 2009-06-28 22:46
ComboFix2.txt 2009-06-28 16:13

Před spuštěním: Volných bajtů: 27 187 884 032
Po spuštění: Volných bajtů: 27 170 746 368

280 --- E O F --- 2009-06-28 06:49




HJT



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:22, on 29.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Windows\autoclk.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{474CF59C-B629-4C5A-93A3-6D6126B78E45}: NameServer = 90.183.231.251 194.228.41.113
O17 - HKLM\System\CS1\Services\Tcpip\..\{474CF59C-B629-4C5A-93A3-6D6126B78E45}: NameServer = 90.183.231.251 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 7227 bytes

[jaro3]

Stáhni si program OTMoveIt3 (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"autoclk"=-

:Files
C:\Windows\autoclk.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Poté vlož nový log z HJT.

[Teedok]

OT...


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\autoclk deleted successfully.
========== FILES ==========
C:\Windows\autoclk.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 06302009_111605

Files moved on Reboot...
File C:\Windows\temp\_avast4_\Webshlock.txt not found!

Registry entries deleted on Reboot...



+


HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:35, on 30.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\adiras.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quick.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 7178 bytes

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O13 - Gopher Prefix:

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Pokud nejsou problémy , je to vše.