Neustálé vypínaní pc po 30 minutach Vyřešeno

[Mart910]

Dobrý den,stahl jsem soubor a po jeho spusteni me vypsal ze je to vir.Od te doby se me vypina PC. Můze me nekdo poradit jak se toho mam zbavit?

[Reklama]

[1ferdinand1]

o jaký soubor se jedná,myslím co jsi stáhnul?

[Damned]

Myslím, že už to je jedno

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Z mého podpisu si stáhni HijackThis a podle návodu udělej log a vlož ho sem.

[Mart910]

Ještě než sem udělal to co ste mě poradil,nahral sem obnovu systemu.Nevím jestli to neco vyresi ale.
Zde log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:57, on 2.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Martin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate1ca30b4a7648601) (gupdate1ca30b4a7648601) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 5431 bytes

[Damned]

Pokud je v PC vir, tak obnova nepomůže.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O4 - Global Startup: Bluetooth Manager.lnk = ?
O13 - Gopher Prefix:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Mart910]

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2892
Windows 6.0.6002 Service Pack 2

2.10.2009 13:46:59
mbam-log-2009-10-02 (13-46-59).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 82561
Uplynulý čas: 4 minute(s), 31 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Asi se neco stalo,bud obnova nebo Hijack,ale pc uz bezi 45min bez vypnuti

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Mart910]

ComboFix 09-10-01.01 - Martin 02.10.2009 14:09.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1880 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1264ea.msi
c:\windows\Installer\1f34a7.msi

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-02 do 2009-10-02 )))))))))))))))))))))))))))))))
.

2009-10-02 12:13 . 2009-10-02 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-01 16:22 . 2009-10-01 18:09 -------- d-----w- c:\program files\trend micro
2009-10-01 16:22 . 2009-10-01 16:22 -------- d-----w- C:\rsit
2009-09-23 15:59 . 2009-09-23 15:59 -------- d-----w- c:\program files\ATI Technologies
2009-09-23 15:58 . 2009-09-23 15:58 -------- d-----w- C:\ATI
2009-09-22 14:36 . 2009-10-02 11:01 -------- d-----w- c:\program files\VentriloMIX
2009-09-22 14:18 . 2009-09-22 14:21 -------- d-----w- c:\users\Martin\AppData\Roaming\ICQ
2009-09-22 14:17 . 2009-10-02 11:01 -------- d-----w- c:\program files\ICQ6.5
2009-09-22 13:34 . 2009-09-22 13:34 53736 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-20 06:48 . 2009-09-30 16:35 -------- d-----w- c:\users\Martin\AppData\Roaming\gtk-2.0
2009-09-17 14:48 . 2009-09-17 14:48 -------- d-----w- c:\users\Martin\.thumbnails
2009-09-15 18:06 . 2009-09-15 18:06 -------- d-----w- c:\users\Martin\AppData\Roaming\Auslogics
2009-09-15 18:06 . 2009-09-15 18:06 -------- d-----w- c:\program files\Auslogics
2009-09-15 05:02 . 2009-09-30 16:41 -------- d-----w- c:\users\Martin\.gimp-2.6
2009-09-15 05:02 . 2009-09-15 05:02 -------- d-----w- c:\program files\GIMP-2.0
2009-09-15 05:02 . 2009-09-15 05:02 -------- d-----w- c:\program files\Common Files\GTK
2009-09-08 18:46 . 2009-09-29 18:04 -------- d-----w- c:\users\Martin\AppData\Local\Google
2009-09-08 18:44 . 2009-10-02 12:04 -------- d-----w- c:\program files\Google
2009-09-08 18:39 . 2009-09-09 16:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-08 18:39 . 2009-09-09 13:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-04 18:26 . 2009-09-04 18:42 -------- d-----w- c:\program files\Valve
2009-09-04 11:02 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-04 11:02 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-03 12:52 . 2009-09-10 17:08 -------- d-----w- c:\users\Martin\AppData\Roaming\Zoner
2009-09-03 12:51 . 2009-09-16 18:04 -------- d-----w- c:\program files\Zoner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 11:40 . 2009-10-02 11:40 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2009-10-02 11:40 . 2009-10-02 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 11:40 . 2009-10-02 11:40 -------- d-----w- c:\programdata\Malwarebytes
2009-10-02 11:03 . 2009-08-27 18:34 -------- d-----w- c:\program files\ATI
2009-10-02 11:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-29 17:15 . 2009-08-27 18:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-26 12:29 . 2008-01-21 06:46 598832 ----a-w- c:\windows\system32\perfh005.dat
2009-09-26 12:29 . 2008-01-21 06:46 114992 ----a-w- c:\windows\system32\perfc005.dat
2009-09-22 14:18 . 2009-08-29 09:12 -------- d-----w- c:\programdata\ICQ
2009-09-10 12:54 . 2009-10-02 11:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-10-02 11:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 18:25 . 2009-08-27 18:28 53736 ----a-r- c:\users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 17:56 . 2009-08-27 18:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-29 15:40 . 2009-08-29 09:05 -------- d-----w- c:\users\Martin\AppData\Roaming\Ventrilo
2009-08-29 10:12 . 2009-08-29 09:45 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-29 09:40 . 2009-08-29 09:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment.temp
2009-08-29 09:38 . 2009-08-29 09:38 -------- d-----w- c:\program files\CCleaner
2009-08-29 09:12 . 2009-08-29 09:12 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-29 09:09 . 2009-08-29 09:09 -------- d-----w- c:\programdata\Blizzard
2009-08-29 09:00 . 2009-08-29 09:00 0 ----a-w- c:\windows\nsreg.dat
2009-08-29 06:53 . 2009-08-29 06:53 -------- d-----w- c:\program files\directx
2009-08-28 17:13 . 2009-08-28 17:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-28 16:12 . 2009-08-28 16:12 -------- d-----w- c:\programdata\Media Center Programs
2009-08-28 15:58 . 2009-08-28 15:58 -------- d-----w- c:\users\Martin\AppData\Roaming\PeerNetworking
2009-08-28 14:05 . 2009-08-28 14:05 -------- d-----w- c:\program files\Microsoft.NET
2009-08-28 12:19 . 2009-08-28 12:05 -------- d-----w- c:\program files\Prime95
2009-08-28 11:57 . 2009-08-28 05:58 -------- d-----w- c:\program files\System Control Manager
2009-08-28 11:49 . 2009-08-28 11:49 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-08-28 11:49 . 2009-08-28 11:49 737280 ----a-w- c:\windows\iun6002.exe
2009-08-28 11:49 . 2009-08-28 11:49 125 ----a-w- c:\windows\xUninstall.bat
2009-08-28 11:33 . 2009-08-28 11:33 -------- d-----w- c:\programdata\TOSHIBA
2009-08-28 06:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-28 06:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-28 06:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-28 06:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-28 06:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-28 06:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-28 05:53 . 2009-08-28 05:53 -------- d-----w- c:\users\Martin\AppData\Roaming\Foxit
2009-08-28 05:53 . 2009-08-28 05:53 -------- d-----w- c:\program files\Foxit Software
2009-08-28 05:49 . 2009-08-28 05:49 -------- d-----w- c:\program files\Toshiba
2009-08-28 05:47 . 2009-08-28 05:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 05:47 . 2009-08-28 05:47 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-28 05:47 . 2009-08-28 05:47 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 05:47 . 2009-08-28 05:47 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-28 05:47 . 2009-08-28 05:47 -------- d-----w- c:\programdata\avg8
2009-08-28 05:47 . 2009-08-28 05:47 -------- d-----w- c:\program files\AVG
2009-08-28 05:39 . 2009-08-27 18:30 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-28 05:35 . 2009-08-28 05:35 -------- d-----w- c:\program files\MSI
2009-08-27 19:00 . 2009-08-27 19:00 -------- d-----w- c:\program files\Camera Recorder
2009-08-27 18:58 . 2009-08-27 18:30 -------- d-----w- c:\program files\Intel
2009-08-27 18:57 . 2009-08-27 18:57 -------- d-----w- c:\program files\DIFX
2009-08-27 18:44 . 2009-08-27 18:44 -------- d-----w- c:\users\Martin\AppData\Roaming\ATI
2009-08-27 18:43 . 2009-08-27 18:43 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-27 18:40 . 2009-08-27 18:40 -------- d-----w- c:\users\Martin\AppData\Roaming\Intel
2009-08-27 18:40 . 2009-08-27 18:40 -------- d-----w- c:\programdata\Roaming
2009-08-27 18:39 . 2009-08-27 18:39 -------- d-----w- c:\program files\Cisco
2009-08-27 18:39 . 2009-08-27 18:39 -------- d-----w- c:\programdata\Intel
2009-08-27 18:39 . 2009-08-27 18:39 -------- d-----w- c:\program files\Common Files\Intel
2009-08-27 18:37 . 2009-08-27 18:37 -------- d-----w- c:\program files\JMicron
2009-08-27 18:37 . 2009-08-27 18:36 -------- d-----w- c:\program files\Realtek
2009-08-27 18:37 . 2009-08-27 18:37 -------- d-----w- c:\users\Martin\AppData\Roaming\InstallShield
2009-08-27 18:37 . 2009-08-27 18:35 -------- d--h--w- c:\program files\Temp
2009-08-27 18:36 . 2009-08-27 18:36 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-08-27 18:28 . 2009-08-27 18:28 680 ----a-r- c:\users\Martin\AppData\Local\d3d9caps.dat
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Plocha
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Oblíbené položky
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Šablony
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Nabídka Start
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Dokumenty
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Data aplikací
2009-08-14 16:27 . 2009-09-09 14:21 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 14:21 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 14:21 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 14:21 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 14:21 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 14:21 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 14:21 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 14:21 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 14:21 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 14:21 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 14:21 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-21 21:52 . 2009-08-27 20:07 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-27 20:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-27 20:07 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-27 20:07 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-27 19:40 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-27 19:43 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-27 19:43 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-27 19:43 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-27 19:43 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 14:21 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 14:21 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 14:21 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 14:21 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 14:21 127488 ----a-w- c:\windows\system32\L2SecHC.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-28 2007832]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-06-29 2064384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7a,24,da,3a,d3,27,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-410195658-2587187184-4246104443-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D0495253-7AC0-4EDE-B3A9-206F3C5DDAC7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{A9034BF5-D083-409F-BC77-E8BC4194D36F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{56DD16CC-0D56-4CE7-9148-0E230944CBF3}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{63D60217-5D6B-412A-BF9D-263DEF9B83A6}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:Blizzard Downloader
"{EDFA7F94-C3B9-4301-BF16-74C5F394A557}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:Blizzard Downloader
"TCP Query User{0FDAA90C-D7D8-4F73-A8EF-3E255F66DDA1}d:\\hry\\wow tbc\\wow tbc\\launcher.exe"= UDP:d:\hry\wow tbc\wow tbc\launcher.exe:Blizzard Launcher
"UDP Query User{CEE48382-1CBA-477B-938B-F0FF857CAD3C}d:\\hry\\wow tbc\\wow tbc\\launcher.exe"= TCP:d:\hry\wow tbc\wow tbc\launcher.exe:Blizzard Launcher
"TCP Query User{FC0B37D3-FE1F-42FB-94A7-300A8A64FED4}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{D1D8EDE9-5B37-49E6-A162-55E31DF7AE38}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena
"{ED356414-6E72-4E42-9ACB-08F9E6391533}"= UDP:d:\hry\Burnout paradise\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{7097BC83-813E-492B-AFAE-F56EB73F00C2}"= TCP:d:\hry\Burnout paradise\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{595BB4A1-CEED-4317-A7B8-87A6D4488ACE}"= UDP:d:\hry\Burnout paradise\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{07A88B42-A6DB-4DBC-AE44-74EE6B049D51}"= TCP:d:\hry\Burnout paradise\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{D9014EE9-ACBB-4CE4-83B9-B2C5103F63D0}"= UDP:d:\hry\Burnout paradise\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{52843893-677E-45D2-BF29-9EBF35DCA968}"= TCP:d:\hry\Burnout paradise\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"TCP Query User{6447B7C8-0682-4CA7-A1D6-03EC7222C33A}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{890FFF19-989A-4335-9227-F48BA337E11F}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{69BE2C19-37E1-49BB-A9BE-50B4EFAF3B15}d:\\hry\\cs\\hl.exe"= UDP:d:\hry\cs\hl.exe:Half-Life Launcher
"UDP Query User{9C42546C-791E-403D-8302-BE6A144CBA14}d:\\hry\\cs\\hl.exe"= TCP:d:\hry\cs\hl.exe:Half-Life Launcher

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [28.8.2009 7:47 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [28.8.2009 7:47 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [28.8.2009 7:47 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28.8.2009 7:47 297752]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [28.8.2009 7:58 160256]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [27.8.2009 20:57 54784]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [28.8.2009 13:45 97536]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [25.9.2008 7:37 3666432]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-10-02 c:\windows\Tasks\User_Feed_Synchronization-{D3BE5037-A31D-4243-9578-DA7607163736}.job
- c:\windows\system32\msfeedssync.exe [2009-08-27 20:13]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hq0dnapy.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 14:13
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Martin\AppData\Local\Temp\DOI9405.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2009-10-02 14:15
ComboFix-quarantined-files.txt 2009-10-02 12:15
ComboFix2.txt 2009-10-02 04:39

Před spuštěním: Volných bajtů: 31 907 741 696
Po spuštění: Volných bajtů: 31 849 082 880

256 --- E O F --- 2009-09-25 04:53

[Damned]

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\windows\system32\CSVer.dll
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\users\Martin\AppData\Local\d3d9caps.dat
c:\users\Martin\AppData\Local\Temp\DOI9405.tmp

Folder::
c:\program files\ICQ6Toolbar

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-410195658-2587187184-4246104443-1000]
"EnableNotifications"=dword:00000000
"EnableNotificationsRef"=dword:00000000
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\GarenaPEngine]




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[Mart910]

Zde odkaz http://www.virustotal.com/cs/analisis/464ba8b25ed0c6f63210c9b70aa0cf472c0dcaf3d7336527410b43013905e664-1254336366 ted jdu udělat druhy krok.

[Mart910]

ComboFix 09-10-01.01 - Martin 02.10.2009 15:02.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1824 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Martin\AppData\Local\d3d9caps.dat"
"c:\users\Martin\AppData\Local\Temp\DOI9405.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\users\Martin\AppData\Local\d3d9caps.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-02 do 2009-10-02 )))))))))))))))))))))))))))))))
.

2009-10-02 13:05 . 2009-10-02 13:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-02 13:05 . 2009-10-02 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-02 11:40 . 2009-10-02 11:40 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes
2009-10-02 11:40 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-02 11:40 . 2009-10-02 11:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 11:40 . 2009-10-02 11:40 -------- d-----w- c:\programdata\Malwarebytes
2009-10-02 11:40 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-01 16:22 . 2009-10-01 18:09 -------- d-----w- c:\program files\trend micro
2009-10-01 16:22 . 2009-10-01 16:22 -------- d-----w- C:\rsit
2009-09-23 15:59 . 2009-09-23 15:59 -------- d-----w- c:\program files\ATI Technologies
2009-09-23 15:58 . 2009-09-23 15:58 -------- d-----w- C:\ATI
2009-09-22 14:36 . 2009-10-02 11:01 -------- d-----w- c:\program files\VentriloMIX
2009-09-22 14:18 . 2009-09-22 14:21 -------- d-----w- c:\users\Martin\AppData\Roaming\ICQ
2009-09-22 14:17 . 2009-10-02 11:01 -------- d-----w- c:\program files\ICQ6.5
2009-09-22 13:34 . 2009-09-22 13:34 53736 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-09-20 06:48 . 2009-09-30 16:35 -------- d-----w- c:\users\Martin\AppData\Roaming\gtk-2.0
2009-09-17 14:48 . 2009-09-17 14:48 -------- d-----w- c:\users\Martin\.thumbnails
2009-09-15 18:06 . 2009-09-15 18:06 -------- d-----w- c:\users\Martin\AppData\Roaming\Auslogics
2009-09-15 18:06 . 2009-09-15 18:06 -------- d-----w- c:\program files\Auslogics
2009-09-15 05:02 . 2009-09-30 16:41 -------- d-----w- c:\users\Martin\.gimp-2.6
2009-09-15 05:02 . 2009-09-15 05:02 -------- d-----w- c:\program files\GIMP-2.0
2009-09-15 05:02 . 2009-09-15 05:02 -------- d-----w- c:\program files\Common Files\GTK
2009-09-08 18:46 . 2009-09-29 18:04 -------- d-----w- c:\users\Martin\AppData\Local\Google
2009-09-08 18:44 . 2009-10-02 12:04 -------- d-----w- c:\program files\Google
2009-09-08 18:39 . 2009-09-09 16:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-08 18:39 . 2009-09-09 13:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-04 18:26 . 2009-09-04 18:42 -------- d-----w- c:\program files\Valve
2009-09-04 11:02 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-04 11:02 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-03 12:52 . 2009-09-10 17:08 -------- d-----w- c:\users\Martin\AppData\Roaming\Zoner
2009-09-03 12:51 . 2009-09-16 18:04 -------- d-----w- c:\program files\Zoner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 11:03 . 2009-08-27 18:34 -------- d-----w- c:\program files\ATI
2009-10-02 11:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-29 17:15 . 2009-08-27 18:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-26 12:29 . 2008-01-21 06:46 598832 ----a-w- c:\windows\system32\perfh005.dat
2009-09-26 12:29 . 2008-01-21 06:46 114992 ----a-w- c:\windows\system32\perfc005.dat
2009-09-22 14:18 . 2009-08-29 09:12 -------- d-----w- c:\programdata\ICQ
2009-09-07 18:25 . 2009-08-27 18:28 53736 ----a-r- c:\users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 17:56 . 2009-08-27 18:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-29 15:40 . 2009-08-29 09:05 -------- d-----w- c:\users\Martin\AppData\Roaming\Ventrilo
2009-08-29 10:12 . 2009-08-29 09:45 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-29 09:40 . 2009-08-29 09:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment.temp
2009-08-29 09:38 . 2009-08-29 09:38 -------- d-----w- c:\program files\CCleaner
2009-08-29 09:09 . 2009-08-29 09:09 -------- d-----w- c:\programdata\Blizzard
2009-08-29 09:00 . 2009-08-29 09:00 0 ----a-w- c:\windows\nsreg.dat
2009-08-29 06:53 . 2009-08-29 06:53 -------- d-----w- c:\program files\directx
2009-08-28 17:13 . 2009-08-28 17:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-28 16:12 . 2009-08-28 16:12 -------- d-----w- c:\programdata\Media Center Programs
2009-08-28 15:58 . 2009-08-28 15:58 -------- d-----w- c:\users\Martin\AppData\Roaming\PeerNetworking
2009-08-28 14:05 . 2009-08-28 14:05 -------- d-----w- c:\program files\Microsoft.NET
2009-08-28 12:19 . 2009-08-28 12:05 -------- d-----w- c:\program files\Prime95
2009-08-28 11:57 . 2009-08-28 05:58 -------- d-----w- c:\program files\System Control Manager
2009-08-28 11:49 . 2009-08-28 11:49 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-08-28 11:49 . 2009-08-28 11:49 737280 ----a-w- c:\windows\iun6002.exe
2009-08-28 11:49 . 2009-08-28 11:49 125 ----a-w- c:\windows\xUninstall.bat
2009-08-28 11:33 . 2009-08-28 11:33 -------- d-----w- c:\programdata\TOSHIBA
2009-08-28 06:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-28 06:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-28 06:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-28 06:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-28 06:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-28 06:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-28 05:53 . 2009-08-28 05:53 -------- d-----w- c:\users\Martin\AppData\Roaming\Foxit
2009-08-28 05:53 . 2009-08-28 05:53 -------- d-----w- c:\program files\Foxit Software
2009-08-28 05:49 . 2009-08-28 05:49 -------- d-----w- c:\program files\Toshiba
2009-08-28 05:47 . 2009-08-28 05:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 05:47 . 2009-08-28 05:47 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-28 05:47 . 2009-08-28 05:47 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 05:47 . 2009-08-28 05:47 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-28 05:47 . 2009-08-28 05:47 -------- d-----w- c:\programdata\avg8
2009-08-28 05:47 . 2009-08-28 05:47 -------- d-----w- c:\program files\AVG
2009-08-28 05:39 . 2009-08-27 18:30 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-08-28 05:35 . 2009-08-28 05:35 -------- d-----w- c:\program files\MSI
2009-08-27 19:00 . 2009-08-27 19:00 -------- d-----w- c:\program files\Camera Recorder
2009-08-27 18:58 . 2009-08-27 18:30 -------- d-----w- c:\program files\Intel
2009-08-27 18:57 . 2009-08-27 18:57 -------- d-----w- c:\program files\DIFX
2009-08-27 18:44 . 2009-08-27 18:44 -------- d-----w- c:\users\Martin\AppData\Roaming\ATI
2009-08-27 18:43 . 2009-08-27 18:43 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-27 18:40 . 2009-08-27 18:40 -------- d-----w- c:\users\Martin\AppData\Roaming\Intel
2009-08-27 18:40 . 2009-08-27 18:40 -------- d-----w- c:\programdata\Roaming
2009-08-27 18:39 . 2009-08-27 18:39 -------- d-----w- c:\program files\Cisco
2009-08-27 18:39 . 2009-08-27 18:39 -------- d-----w- c:\programdata\Intel
2009-08-27 18:39 . 2009-08-27 18:39 -------- d-----w- c:\program files\Common Files\Intel
2009-08-27 18:37 . 2009-08-27 18:37 -------- d-----w- c:\program files\JMicron
2009-08-27 18:37 . 2009-08-27 18:36 -------- d-----w- c:\program files\Realtek
2009-08-27 18:37 . 2009-08-27 18:37 -------- d-----w- c:\users\Martin\AppData\Roaming\InstallShield
2009-08-27 18:37 . 2009-08-27 18:35 -------- d--h--w- c:\program files\Temp
2009-08-27 18:36 . 2009-08-27 18:36 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Plocha
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Oblíbené položky
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Šablony
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Nabídka Start
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Dokumenty
2009-08-27 18:26 . 2009-08-27 18:26 -------- d-sh--we c:\programdata\Data aplikací
2009-08-14 16:27 . 2009-09-09 14:21 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 14:21 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 14:21 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 14:21 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 14:21 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 14:21 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 14:21 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 14:21 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 14:21 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 14:21 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 14:21 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-21 21:52 . 2009-08-27 20:07 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-27 20:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-27 20:07 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-27 20:07 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-27 19:40 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-27 19:43 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-27 19:43 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-27 19:43 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-27 19:43 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 14:21 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 14:21 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 14:21 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 14:21 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 14:21 127488 ----a-w- c:\windows\system32\L2SecHC.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-12 6687264]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-28 2007832]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-06-29 2064384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7a,24,da,3a,d3,27,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-410195658-2587187184-4246104443-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D0495253-7AC0-4EDE-B3A9-206F3C5DDAC7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{A9034BF5-D083-409F-BC77-E8BC4194D36F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{56DD16CC-0D56-4CE7-9148-0E230944CBF3}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{63D60217-5D6B-412A-BF9D-263DEF9B83A6}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:Blizzard Downloader
"{EDFA7F94-C3B9-4301-BF16-74C5F394A557}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0-enGB-downloader.exe:Blizzard Downloader
"TCP Query User{0FDAA90C-D7D8-4F73-A8EF-3E255F66DDA1}d:\\hry\\wow tbc\\wow tbc\\launcher.exe"= UDP:d:\hry\wow tbc\wow tbc\launcher.exe:Blizzard Launcher
"UDP Query User{CEE48382-1CBA-477B-938B-F0FF857CAD3C}d:\\hry\\wow tbc\\wow tbc\\launcher.exe"= TCP:d:\hry\wow tbc\wow tbc\launcher.exe:Blizzard Launcher
"TCP Query User{FC0B37D3-FE1F-42FB-94A7-300A8A64FED4}c:\\program files\\garena\\garena.exe"= UDP:c:\program files\garena\garena.exe:Garena
"UDP Query User{D1D8EDE9-5B37-49E6-A162-55E31DF7AE38}c:\\program files\\garena\\garena.exe"= TCP:c:\program files\garena\garena.exe:Garena
"{ED356414-6E72-4E42-9ACB-08F9E6391533}"= UDP:d:\hry\Burnout paradise\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{7097BC83-813E-492B-AFAE-F56EB73F00C2}"= TCP:d:\hry\Burnout paradise\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{595BB4A1-CEED-4317-A7B8-87A6D4488ACE}"= UDP:d:\hry\Burnout paradise\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{07A88B42-A6DB-4DBC-AE44-74EE6B049D51}"= TCP:d:\hry\Burnout paradise\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{D9014EE9-ACBB-4CE4-83B9-B2C5103F63D0}"= UDP:d:\hry\Burnout paradise\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{52843893-677E-45D2-BF29-9EBF35DCA968}"= TCP:d:\hry\Burnout paradise\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"TCP Query User{6447B7C8-0682-4CA7-A1D6-03EC7222C33A}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{890FFF19-989A-4335-9227-F48BA337E11F}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{69BE2C19-37E1-49BB-A9BE-50B4EFAF3B15}d:\\hry\\cs\\hl.exe"= UDP:d:\hry\cs\hl.exe:Half-Life Launcher
"UDP Query User{9C42546C-791E-403D-8302-BE6A144CBA14}d:\\hry\\cs\\hl.exe"= TCP:d:\hry\cs\hl.exe:Half-Life Launcher

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [28.8.2009 7:47 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [28.8.2009 7:47 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [28.8.2009 7:47 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [28.8.2009 7:47 297752]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [28.8.2009 7:58 160256]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [27.8.2009 20:57 54784]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [28.8.2009 13:45 97536]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [25.9.2008 7:37 3666432]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-10-02 c:\windows\Tasks\User_Feed_Synchronization-{D3BE5037-A31D-4243-9578-DA7607163736}.job
- c:\windows\system32\msfeedssync.exe [2009-08-27 20:13]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hq0dnapy.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 15:06
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\users\Martin\AppData\Local\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2009-10-02 15:07
ComboFix-quarantined-files.txt 2009-10-02 13:07
ComboFix2.txt 2009-10-02 12:15
ComboFix3.txt 2009-10-02 04:39

Před spuštěním: Volných bajtů: 31 878 811 648
Po spuštění: Volných bajtů: 31 831 171 072

268 --- E O F --- 2009-09-25 04:53

[Mart910]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:08, on 2.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Martin\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 4063 bytes