Kontrola logu

gargamel51 · Příspěvekod **gargamel51** » 11 říj 2009 20:38

Prosím o pravidelnou kontrolu logu.
Předem dík.

Reklama

Damned · Příspěvekod **Damned** » 11 říj 2009 20:49

Vítám tě zde na fóru.

Kontrolu čeho?

gargamel51 · Příspěvekod **gargamel51** » 11 říj 2009 21:21

Sorry zapomněl sem ho tam dat.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:20, on 11.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Users\Myska\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
D:\Programy\Office 2008\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
D:\Programy\firefox\firefox.exe
D:\Programy\Hijack This\HijackThis.exe
C:\totalcmd\TOTALCMD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: infoaxe.com Toolbar - {2F8D500E-4546-45b7-9236-D4FD9850CF1C} - C:\Program Files\infoaxe\ietb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\2.1.0.2660\NPIEAddOn.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Office 2008\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Cloudberry Twitter plugin - {844ca498-7e43-4eb9-937f-083da08110be} - mscoree.dll (file missing)
O3 - Toolbar: infoaxe.com Toolbar - {717EDDE0-444F-4ff0-B9C9-F60EC423E690} - C:\Program Files\infoaxe\ietb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programy\Office 2008\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Adobe Reider 9\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programy\Office 2008\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programy\AD-Aware 2008\aawservice.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10182 bytes

Damned · Příspěvekod **Damned** » 11 říj 2009 21:33

Odinstaluj si: System Search Dispatcher, ICQ6Toolbar, BS.Player ControlBar.
Pak mi sem dej znovu log z HJT.
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\Program Files\infoaxe\ietb.dll

gargamel51 · Příspěvekod **gargamel51** » 11 říj 2009 22:07

Tady je odkaz
http://www.virustotal.com/cs/analisis/9 ... 1255290868

a tady je log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:05:58, on 11.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Users\Myska\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
D:\Programy\Office 2008\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\Apntex.exe
D:\Programy\firefox\firefox.exe
D:\Programy\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: infoaxe.com Toolbar - {2F8D500E-4546-45b7-9236-D4FD9850CF1C} - C:\Program Files\infoaxe\ietb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\2.1.0.2660\NPIEAddOn.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Office 2008\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Cloudberry Twitter plugin - {844ca498-7e43-4eb9-937f-083da08110be} - mscoree.dll (file missing)
O3 - Toolbar: infoaxe.com Toolbar - {717EDDE0-444F-4ff0-B9C9-F60EC423E690} - C:\Program Files\infoaxe\ietb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programy\Office 2008\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Adobe Reider 9\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programy\Office 2008\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programy\AD-Aware 2008\aawservice.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9867 bytes

Damned · Příspěvekod **Damned** » 11 říj 2009 22:20

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: infoaxe.com Toolbar - {2F8D500E-4546-45b7-9236-D4FD9850CF1C} - C:\Program Files\infoaxe\ietb.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\2.1.0.2660\NPIEAddOn.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O3 - Toolbar: Cloudberry Twitter plugin - {844ca498-7e43-4eb9-937f-083da08110be} - mscoree.dll (file missing)
O3 - Toolbar: infoaxe.com Toolbar - {717EDDE0-444F-4ff0-B9C9-F60EC423E690} - C:\Program Files\infoaxe\ietb.dll
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programy\Office 2008\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Adobe Reider 9\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

gargamel51 · Příspěvekod **gargamel51** » 11 říj 2009 23:03

Fixnuto a tady je ten log

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2943
Windows 6.0.6002 Service Pack 2

11.10.2009 23:01:51
mbam-log-2009-10-11 (23-01-44).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 91551
Uplynulý čas: 4 minute(s), 17 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 27
Infikované hodnoty registru: 2
Infikované datové položky registru: 2
Infikované adresáře: 10
Infikované soubory: 20

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.

Infikované datové položky registru:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken.

Infikované adresáře:
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> No action taken.

Infikované soubory:
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\adwpx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.

Damned · Příspěvekod **Damned** » 11 říj 2009 23:50

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

gargamel51 · Příspěvekod **gargamel51** » 12 říj 2009 03:29

ComboFix 09-10-11.01 - Myska 12.10.2009 0:15.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1786 [GMT 2:00]
Spuštěný z: c:\users\Myska\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk
c:\users\Myska\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-11 do 2009-10-11 )))))))))))))))))))))))))))))))
.

2009-10-11 22:27 . 2009-10-11 22:27 -------- d-----w- c:\users\Myska\AppData\Local\temp
2009-10-11 22:27 . 2009-10-11 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-11 21:10 . 2009-10-11 21:10 -------- d-----w- c:\windows\Nabídka Start
2009-10-11 20:49 . 2009-10-11 20:49 -------- d-----w- c:\users\Myska\AppData\Roaming\Malwarebytes
2009-10-11 20:49 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-11 20:49 . 2009-10-11 20:49 -------- d-----w- c:\programdata\Malwarebytes
2009-10-11 20:49 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-11 19:25 . 2009-10-11 19:25 -------- d-----w- c:\users\Myska\AppData\Roaming\FTWeak
2009-10-11 19:25 . 2009-10-11 19:25 -------- d-----w- c:\programdata\FTWeak
2009-10-11 14:44 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 14:10 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-11 14:10 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-11 14:10 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-10-11 14:10 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-10-11 14:10 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-10-11 14:10 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-10-11 14:10 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-10-11 14:10 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-10-11 14:10 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-10-11 14:10 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-10-11 14:10 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-10-11 14:09 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-10-11 14:09 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-10-11 14:09 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-10-11 14:09 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-10-11 14:09 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-10-11 14:09 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-11 14:08 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-11 14:08 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-11 14:03 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-11 09:47 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-11 09:47 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-11 09:47 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-11 09:47 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-11 09:47 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-11 09:47 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-11 09:47 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-11 09:47 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 21:07 . 2008-01-21 06:46 602086 ----a-w- c:\windows\system32\perfh005.dat
2009-10-11 21:07 . 2008-01-21 06:46 116182 ----a-w- c:\windows\system32\perfc005.dat
2009-10-11 20:16 . 2008-11-26 12:33 -------- d-----w- c:\users\Myska\AppData\Roaming\Skype
2009-10-11 20:04 . 2008-12-02 10:56 -------- d-----w- c:\program files\BS.Player ControlBar
2009-10-11 19:11 . 2008-10-25 20:41 -------- d-----w- c:\program files\Google
2009-10-11 18:58 . 2008-10-03 07:16 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-11 15:34 . 2008-12-06 20:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-11 15:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-11 14:39 . 2008-04-19 17:48 -------- d-----w- c:\programdata\Microsoft Help
2009-10-11 14:01 . 2008-11-25 20:15 -------- d-----w- c:\users\Myska\AppData\Roaming\ICQ
2009-10-11 14:00 . 2008-11-26 12:36 -------- d-----w- c:\users\Myska\AppData\Roaming\skypePM
2009-10-11 10:06 . 2008-11-30 18:51 -------- d-----w- c:\programdata\Lx_cats
2009-10-10 21:51 . 2008-10-04 13:21 -------- d-----w- c:\users\Myska\AppData\Roaming\GHISLER
2009-09-05 12:25 . 2009-09-05 12:25 1183744 ----a-w- c:\windows\system32\drivers\athr.sys
2009-08-24 18:23 . 2008-10-02 17:26 27839 ----a-w- c:\users\Myska\AppData\Roaming\nvModes.dat
2009-07-21 21:52 . 2009-07-29 17:21 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 17:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 17:21 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 17:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-19 18:11 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-19 18:10 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-19 18:10 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-19 18:10 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-19 18:10 7680 ----a-w- c:\windows\system32\spwmp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-06 24095528]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 768520]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"GrooveMonitor"="d:\programy\Office 2008\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Adobe Reader Speed Launcher"="d:\programy\Adobe Reider 9\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-06 198160]
"Malwarebytes Anti-Malware (reboot)"="d:\programy\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-12-05 4710400]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-19 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fa,a8,a5,87,ae,fd,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B614548F-9AED-450E-951D-24E660E63F1C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1ACFACF9-A392-4A13-833D-8A2E10F068DC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53EF1E5D-5E6A-4CF7-9899-FE88895CC324}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{735B1480-B0D7-4F0D-9252-5BA56D3E4062}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{47A78AC7-9B70-4E74-9950-B7D4470A513F}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{2A7D7341-BDE5-46B5-B3E6-1DC72644581D}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{B70F393C-0877-4F82-9014-D5178579936F}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{23319C7A-7DD1-4EEE-B2CA-5700E8B6E271}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{D7896291-790A-456D-9739-2670D1C64E4E}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{BB951E82-35D0-4944-8E50-14A908B5BE98}"= TCP:6004|d:\programy\Office 2008\Office12\outlook.exe:Microsoft Office Outlook
"{177E810A-4F8E-4B8C-8D9E-39D55C88C839}"= UDP:d:\programy\Office 2008\Office12\GROOVE.EXE:Microsoft Office Groove
"{0443D7C1-A613-4ED4-8956-E97CEFFCF0D7}"= TCP:d:\programy\Office 2008\Office12\GROOVE.EXE:Microsoft Office Groove
"{6068E7F1-DFAE-4BB8-BC10-51BDDFA3B93C}"= UDP:d:\programy\Office 2008\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{02EF3F8A-A5DF-4CAF-BAA9-0A3CA70871F5}"= TCP:d:\programy\Office 2008\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4FA94DC3-E760-4F73-BCF4-C8F264CE959B}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{D2F90448-0236-4D89-A8A6-C98D1FD90E9E}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E4F60C25-B87D-460A-B5EC-B5BBC398ECB5}d:\\programy\\icq\\icq6\\icq.exe"= UDP:d:\programy\icq\icq6\icq.exe:ICQ Library
"UDP Query User{A3A716A3-0B8D-4849-8096-603E09149F5A}d:\\programy\\icq\\icq6\\icq.exe"= TCP:d:\programy\icq\icq6\icq.exe:ICQ Library
"TCP Query User{D66CF537-8229-4ECC-8131-D4BCD5E14A50}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype
"UDP Query User{5DA16181-76B8-422C-870E-D4240E6FBB10}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype
"TCP Query User{1BD0EB80-40D8-48D8-B3E4-DA9E5C7D0A13}c:\\users\\myska\\desktop\\strongdc.exe"= UDP:c:\users\myska\desktop\strongdc.exe:strongdc.exe
"UDP Query User{CE0FE25D-7C04-4B87-9D77-D822E553D83C}c:\\users\\myska\\desktop\\strongdc.exe"= TCP:c:\users\myska\desktop\strongdc.exe:strongdc.exe
"TCP Query User{A8303D2F-A098-46B1-B780-08D6206D8ACC}c:\\strong\\strongdc.exe"= UDP:c:\strong\strongdc.exe:StrongDC++
"UDP Query User{0DAFD1E8-6A16-48FA-84C0-CA39194AA9B7}c:\\strong\\strongdc.exe"= TCP:c:\strong\strongdc.exe:StrongDC++
"TCP Query User{FE03EECD-7554-4195-9BC5-2440AE94A1DA}d:\\dowland\\programy\\sdc221\\strongdc.exe"= UDP:d:\dowland\programy\sdc221\strongdc.exe:StrongDC++
"UDP Query User{C78A1089-5866-4CCA-B2C4-886B073F69AD}d:\\dowland\\programy\\sdc221\\strongdc.exe"= TCP:d:\dowland\programy\sdc221\strongdc.exe:StrongDC++
"{9DFCF738-A651-40A9-9503-E1C3CE2CA54F}"= UDP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{4A06ECB2-C15D-4B96-8935-B4E8E1090864}"= TCP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{A206615B-BB9F-48D5-9859-44305E561B34}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{D584AF68-A6F1-46C9-855A-C9C96443DF79}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{AD648A48-5262-4B45-9637-6D3817CB0F5A}"= UDP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{E7C37D03-DDD3-4489-8299-4602D07DA41E}"= TCP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{5E07037D-2957-478D-B924-08ABC09464E8}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{EBF5184C-8A91-4057-9E9F-ACD93DFB6186}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{5A981315-AB92-4BA6-B8A1-D9269D311BCD}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{375D47C3-2EAA-49B7-8323-9677EB8154E8}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{2F79B3B9-5CD9-4387-9026-C22151F1A106}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{E7A33931-634C-4178-B720-DC2F34660E26}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{89548E12-2D2C-415B-BF8F-1246E9D22710}"= UDP:c:\users\Myska\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{02C1CA7B-C766-49C3-A316-E1268489A53E}"= TCP:c:\users\Myska\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{207A717E-7D9A-493C-872F-49CAC5E34156}"= UDP:c:\windows\System32\lxdxcfg.exe:Printer Communication System
"{E1877372-0EF9-4902-954E-42E7E2185DC7}"= TCP:c:\windows\System32\lxdxcfg.exe:Printer Communication System
"{3E3C04B7-160E-4165-BC8F-3F80BA896E2B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{B332E2CC-5956-4FBD-8382-9A2833D25019}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{5177486F-654A-4AF2-8136-66A9E678871C}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{C2DBD538-D7FE-4322-8A11-A63E89F7B93E}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{76F9A9AA-A30F-417D-90E9-4506C01053A4}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{414AF168-E198-4037-9E0C-FBC6D5D68C8C}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"TCP Query User{820EE275-3970-4355-8008-46358E1E9799}d:\\hry\\warcraft 3\\warcraft iii\\war3.exe"= UDP:d:\hry\warcraft 3\warcraft iii\war3.exe:Warcraft III
"UDP Query User{CF8CA7A6-0C37-40B3-AF0D-C26E36EBE06E}d:\\hry\\warcraft 3\\warcraft iii\\war3.exe"= TCP:d:\hry\warcraft 3\warcraft iii\war3.exe:Warcraft III
"TCP Query User{48F1D3A1-00A7-4A8A-850F-CAEFAE6A8DDF}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{DEBB92AE-F61C-41FA-84F9-4E67B728E1B0}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{813B0F90-F373-47D2-B0C3-329700ACACA8}c:\\program files\\lexmark 3600-4600 series\\frun.exe"= UDP:c:\program files\lexmark 3600-4600 series\frun.exe:Printing Application
"UDP Query User{A2AAE983-ECE6-48D9-B636-510ADB2DBED9}c:\\program files\\lexmark 3600-4600 series\\frun.exe"= TCP:c:\program files\lexmark 3600-4600 series\frun.exe:Printing Application
"TCP Query User{757456BC-FB83-40DC-BAB3-A2DFD074922C}c:\\program files\\lexmark 3600-4600 series\\lxdxmon.exe"= UDP:c:\program files\lexmark 3600-4600 series\lxdxmon.exe:Printer Device Monitor
"UDP Query User{A6418987-A8E4-43DD-BB92-311E8ABE014D}c:\\program files\\lexmark 3600-4600 series\\lxdxmon.exe"= TCP:c:\program files\lexmark 3600-4600 series\lxdxmon.exe:Printer Device Monitor
"{B3996296-6CAB-4D86-A7FF-EE0DB9C3870B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9C02A621-AFD7-47DA-A8A0-55B4EC22033E}"= UDP:d:\hry\Burnout\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{99D9D98E-1621-485A-8344-577D51C8E560}"= TCP:d:\hry\Burnout\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{5BA8D44A-08FB-4329-BEF7-4F2E9939D55B}"= UDP:d:\hry\Burnout\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{E9FFE38B-A0AE-4438-AEEB-63FE1DB03FAA}"= TCP:d:\hry\Burnout\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{ADCB7A62-6138-4DB3-BD90-C370D710B81F}"= UDP:d:\hry\Burnout\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{D7617E8D-0A8E-4D03-BCF5-681B4ED00D5E}"= TCP:d:\hry\Burnout\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{AA83B3BE-9835-47F1-A4DF-171CA8A32148}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{6C0DD4B2-0C86-4DF0-8EFE-A0CB10F2E4B7}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{1FB7EEEF-C367-4F02-9903-0632F0FABCE8}c:\\users\\myska\\program files\\dna\\btdna.exe"= UDP:c:\users\myska\program files\dna\btdna.exe:btdna.exe
"UDP Query User{5D77E2D3-8A7F-4C76-8056-568DD7F04C86}c:\\users\\myska\\program files\\dna\\btdna.exe"= TCP:c:\users\myska\program files\dna\btdna.exe:btdna.exe
"TCP Query User{B3AF035A-7FC9-49F4-AFBA-19B7CCA9E693}d:\\programy\\torent\\bittorrent\\bitcomet\\bitcomet.exe"= UDP:d:\programy\torent\bittorrent\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{88144285-E42B-4991-A8E6-2E4861783DF0}d:\\programy\\torent\\bittorrent\\bitcomet\\bitcomet.exe"= TCP:d:\programy\torent\bittorrent\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{A6970632-ECDC-44F6-A55A-0BBFFCD4B88A}d:\\programy\\torent\\bittorrent\\bitcomet\\bitcomet.exe"= UDP:d:\programy\torent\bittorrent\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{08924F22-4953-4F09-BB6A-D16C31F46DDA}d:\\programy\\torent\\bittorrent\\bitcomet\\bitcomet.exe"= TCP:d:\programy\torent\bittorrent\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{04C9A046-E16B-4033-98BC-642F356BCDC6}"= UDP:d:\programy\SMPro\System Mechanic Professional\Personal Firewall\ioloFW.exe:iolo Firewall®
"{F69518AD-4461-4616-80C3-7B6C123E2ABD}"= TCP:d:\programy\SMPro\System Mechanic Professional\Personal Firewall\ioloFW.exe:iolo Firewall®
"TCP Query User{8D274D07-581F-49BF-8BDF-09B8F5B21544}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{04844329-F5E9-4325-B82A-6405F0399168}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{30C875E3-74A2-41DB-BD1F-92579C99E639}d:\\hry\\moto racer 3\\motoracer3\\motoracer3.exe"= UDP:d:\hry\moto racer 3\motoracer3\motoracer3.exe:Moto Racer 3 PC
"UDP Query User{3043E89F-CF21-4AE2-8560-C3A27BEA5B40}d:\\hry\\moto racer 3\\motoracer3\\motoracer3.exe"= TCP:d:\hry\moto racer 3\motoracer3\motoracer3.exe:Moto Racer 3 PC
"TCP Query User{A388702D-6458-4EF1-AE34-7D32111A33B7}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{0CC1CE28-B961-4E39-88B5-1BA6C0B70F2D}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{59DB992D-9CBE-4B97-89B1-6378108C1FFA}"= UDP:d:\programy\Office 2008\Office12\GROOVE.EXE:Microsoft Office Groove
"{1DD1917A-4124-4E25-A67D-ABA065F32D73}"= TCP:d:\programy\Office 2008\Office12\GROOVE.EXE:Microsoft Office Groove
"{F2A04E33-8740-4793-8ED4-7B84EA65D4BC}"= UDP:d:\programy\Office 2008\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{18BBB01F-C41B-45E1-A40D-C63734156388}"= TCP:d:\programy\Office 2008\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA2408A9-C40C-4D71-AF4B-7DC5F8A42494}"= UDP:d:\programy\Zkousky\2\uTorrent.exe:µTorrent (TCP-In)
"{2CD0C92E-1160-44E3-8998-82462736E972}"= TCP:d:\programy\Zkousky\2\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{82D1F1C5-F23B-4666-A4AD-011D20E2881B}d:\\hry\\vietcong 2\\vietcong.exe"= UDP:d:\hry\vietcong 2\vietcong.exe:vietcong
"UDP Query User{F4C9FF98-BE87-44C9-A84A-ECB0A7B8A2E1}d:\\hry\\vietcong 2\\vietcong.exe"= TCP:d:\hry\vietcong 2\vietcong.exe:vietcong
"TCP Query User{6224D44C-0925-4991-AFED-78F71DAD1E14}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"UDP Query User{5E115BE1-4D13-49E6-91E1-BC987B30C3A7}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
"d:\\Programy\\torent\\BitTorrent\\bittorrent.exe"= d:\programy\torent\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [29.3.2009 13:24 20392]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [21.12.2007 9:21 33800]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2.10.2008 19:01 41456]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [11.1.2009 22:51 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [11.1.2009 22:51 409600]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 9:21 468224]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdxserv.exe [30.11.2008 20:43 98984]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [20.4.2008 3:44 32256]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\System32\drivers\WSDPrint.sys [21.1.2008 4:23 16896]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\System32\drivers\AVerAF15.sys [11.1.2009 22:52 280448]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [1.4.2009 0:18 55280]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 18:08 533360]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [12.10.2008 0:33 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-10-11 c:\windows\Tasks\User_Feed_Synchronization-{70F4FF31-8E8C-4175-90AC-3D7CD243D112}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://cs.intl.acer.yahoo.com
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
FF - ProfilePath - c:\users\Myska\AppData\Roaming\Mozilla\Firefox\Profiles\zlv3l0v3.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Myska\Program Files\DNA\plugins\npbtdna.dll
FF - plugin: d:\programy\Adobe Reider 9\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\firefox\plugins\np-mswmp.dll
FF - plugin: d:\programy\firefox\plugins\npkimi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\programy\firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-AVerMedia A309 (MiniCard - c:\program files\AVerMedia\AVerMedia A309 (MiniCard
AddRemove-AVerMedia A310 (MiniCard - c:\program files\AVerMedia\AVerMedia A310 (MiniCard

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 00:27
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-10-11 0:31
ComboFix-quarantined-files.txt 2009-10-11 22:31

Před spuštěním: Volných bajtů: 93 569 302 528
Po spuštění: Volných bajtů: 93 228 478 464

313 --- E O F --- 2009-10-11 14:45

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2943
Windows 6.0.6002 Service Pack 2

12.10.2009 0:09:11
mbam-log-2009-10-12 (00-09-11).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 91648
Uplynulý čas: 4 minute(s), 9 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 27
Infikované hodnoty registru: 2
Infikované datové položky registru: 2
Infikované adresáře: 10
Infikované soubory: 20

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infikované adresáře:
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\NPIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\2.1.0.2660\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

Damned · Příspěvekod **Damned** » 12 říj 2009 07:10

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Folder::
c:\program files\BS.Player ControlBar

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Damned · Příspěvekod **Damned** » 12 říj 2009 07:10

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

Folder::
c:\program files\BS.Player ControlBar

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

gargamel51 · Příspěvekod **gargamel51** » 12 říj 2009 19:39

ComboFix 09-10-11.01 - Myska 12.10.2009 19:14.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1881 [GMT 2:00]
Spuštěný z: c:\users\Myska\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Myska\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BS.Player ControlBar
c:\program files\BS.Player ControlBar\_BSPlayer.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-12 do 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-12 17:23 . 2009-10-12 17:23 -------- d-----w- c:\users\Myska\AppData\Local\temp
2009-10-12 17:23 . 2009-10-12 17:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-12 17:23 . 2009-10-12 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-11 21:10 . 2009-10-11 21:10 -------- d-----w- c:\windows\Nabídka Start
2009-10-11 20:49 . 2009-10-11 20:49 -------- d-----w- c:\users\Myska\AppData\Roaming\Malwarebytes
2009-10-11 20:49 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-11 20:49 . 2009-10-11 20:49 -------- d-----w- c:\programdata\Malwarebytes
2009-10-11 20:49 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-11 19:25 . 2009-10-11 19:25 -------- d-----w- c:\users\Myska\AppData\Roaming\FTWeak
2009-10-11 19:25 . 2009-10-11 19:25 -------- d-----w- c:\programdata\FTWeak
2009-10-11 14:44 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 14:10 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-11 14:10 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-11 14:10 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-10-11 14:10 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-10-11 14:10 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-10-11 14:10 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-10-11 14:10 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-10-11 14:10 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-10-11 14:10 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-10-11 14:10 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-10-11 14:10 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-10-11 14:09 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-10-11 14:09 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-10-11 14:09 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-10-11 14:09 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-10-11 14:09 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-10-11 14:09 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-11 14:08 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-11 14:08 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-11 14:03 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-11 09:47 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-11 09:47 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-11 09:47 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-11 09:47 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-11 09:47 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-11 09:47 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-11 09:47 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-11 09:47 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 15:21 . 2008-10-04 13:21 -------- d-----w- c:\users\Myska\AppData\Roaming\GHISLER
2009-10-12 14:52 . 2008-11-30 18:51 -------- d-----w- c:\programdata\Lx_cats
2009-10-12 14:52 . 2008-01-21 06:46 602086 ----a-w- c:\windows\system32\perfh005.dat
2009-10-12 14:52 . 2008-01-21 06:46 116182 ----a-w- c:\windows\system32\perfc005.dat
2009-10-12 14:49 . 2008-11-26 12:33 -------- d-----w- c:\users\Myska\AppData\Roaming\Skype
2009-10-12 14:47 . 2008-11-26 12:36 -------- d-----w- c:\users\Myska\AppData\Roaming\skypePM
2009-10-11 19:11 . 2008-10-25 20:41 -------- d-----w- c:\program files\Google
2009-10-11 18:58 . 2008-10-03 07:16 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-11 15:34 . 2008-12-06 20:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-11 15:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-11 14:39 . 2008-04-19 17:48 -------- d-----w- c:\programdata\Microsoft Help
2009-10-11 14:01 . 2008-11-25 20:15 -------- d-----w- c:\users\Myska\AppData\Roaming\ICQ
2009-09-05 12:25 . 2009-09-05 12:25 1183744 ----a-w- c:\windows\system32\drivers\athr.sys
2009-08-24 18:23 . 2008-10-02 17:26 27839 ----a-w- c:\users\Myska\AppData\Roaming\nvModes.dat
2009-07-21 21:52 . 2009-07-29 17:21 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 17:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 17:21 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 17:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-19 18:11 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-19 18:10 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-19 18:10 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-19 18:10 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-19 18:10 7680 ----a-w- c:\windows\system32\spwmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-11_22.28.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-10-12 14:48 85270 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-02 17:11 . 2009-10-12 14:48 15212 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1310930479-2824027632-802342890-1000_UserData.bin
- 2008-10-02 17:11 . 2009-10-11 20:13 15212 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1310930479-2824027632-802342890-1000_UserData.bin
+ 2008-10-02 16:52 . 2009-10-12 17:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-02 16:52 . 2009-10-11 20:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-02 16:52 . 2009-10-12 17:10 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-02 16:52 . 2009-10-11 20:11 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-02 16:52 . 2009-10-12 17:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-02 16:52 . 2009-10-11 20:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-12 14:46 . 2009-10-12 14:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-11 20:10 . 2009-10-11 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-11 20:10 . 2009-10-11 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-12 14:46 . 2009-10-12 14:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-10-12 14:48 138304 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-10-12 14:52 590082 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-11 21:07 590082 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-11 21:07 102094 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-12 14:52 102094 c:\windows\System32\perfc009.dat
+ 2009-02-23 17:05 . 2009-10-12 14:51 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-02-23 17:05 . 2009-10-11 20:11 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-06 24095528]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 768520]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"GrooveMonitor"="d:\programy\Office 2008\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"Adobe Reader Speed Launcher"="d:\programy\Adobe Reider 9\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-06 198160]
"Malwarebytes Anti-Malware (reboot)"="d:\programy\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-12-05 4710400]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-19 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fa,a8,a5,87,ae,fd,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B614548F-9AED-450E-951D-24E660E63F1C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1ACFACF9-A392-4A13-833D-8A2E10F068DC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53EF1E5D-5E6A-4CF7-9899-FE88895CC324}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{735B1480-B0D7-4F0D-9252-5BA56D3E4062}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{47A78AC7-9B70-4E74-9950-B7D4470A513F}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{2A7D7341-BDE5-46B5-B3E6-1DC72644581D}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{B70F393C-0877-4F82-9014-D5178579936F}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{23319C7A-7DD1-4EEE-B2CA-5700E8B6E271}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{D7896291-790A-456D-9739-2670D1C64E4E}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{BB951E82-35D0-4944-8E50-14A908B5BE98}"= TCP:6004|d:\programy\Office 2008\Office12\outlook.exe:Microsoft Office Outlook
"{177E810A-4F8E-4B8C-8D9E-39D55C88C839}"= UDP:d:\programy\Office 2008\Office12\GROOVE.EXE:Microsoft Office Groove
"{0443D7C1-A613-4ED4-8956-E97CEFFCF0D7}"= TCP:d:\programy\Office 2008\Office12\GROOVE.EXE:Microsoft Office Groove
"{6068E7F1-DFAE-4BB8-BC10-51BDDFA3B93C}"= UDP:d:\programy\Office 2008\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{02EF3F8A-A5DF-4CAF-BAA9-0A3CA70871F5}"= TCP:d:\programy\Office 2008\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4FA94DC3-E760-4F73-BCF4-C8F264CE959B}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{D2F90448-0236-4D89-A8A6-C98D1FD90E9E}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E4F60C25-B87D-460A-B5EC-B5BBC398ECB5}d:\\programy\\icq\\icq6\\icq.exe"= UDP:d:\programy\icq\icq6\icq.exe:ICQ Library
"UDP Query User{A3A716A3-0B8D-4849-8096-603E09149F5A}d:\\programy\\icq\\icq6\\icq.exe"= TCP:d:\programy\icq\icq6\icq.exe:ICQ Library
"TCP Query User{D66CF537-8229-4ECC-8131-D4BCD5E14A50}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype
"UDP Query User{5DA16181-76B8-422C-870E-D4240E6FBB10}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype
"TCP Query User{1BD0EB80-40D8-48D8-B3E4-DA9E5C7D0A13}c:\\users\\myska\\desktop\\strongdc.exe"= UDP:c:\users\myska\desktop\strongdc.exe:strongdc.exe
"UDP Query User{CE0FE25D-7C04-4B87-9D77-D822E553D83C}c:\\users\\myska\\desktop\\strongdc.exe"= TCP:c:\users\myska\desktop\strongdc.exe:strongdc.exe
"TCP Query User{A8303D2F-A098-46B1-B780-08D6206D8ACC}c:\\strong\\strongdc.exe"= UDP:c:\strong\strongdc.exe:StrongDC++
"UDP Query User{0DAFD1E8-6A16-48FA-84C0-CA39194AA9B7}c:\\strong\\strongdc.exe"= TCP:c:\strong\strongdc.exe:StrongDC++
"TCP Query User{FE03EECD-7554-4195-9BC5-2440AE94A1DA}d:\\dowland\\programy\\sdc221\\strongdc.exe"= UDP:d:\dowland\programy\sdc221\strongdc.exe:StrongDC++
"UDP Query User{C78A1089-5866-4CCA-B2C4-886B073F69AD}d:\\dowland\\programy\\sdc221\\strongdc.exe"= TCP:d:\dowland\programy\sdc221\strongdc.exe:StrongDC++
"{9DFCF738-A651-40A9-9503-E1C3CE2CA54F}"= UDP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{4A06ECB2-C15D-4B96-8935-B4E8E1090864}"= TCP:c:\windows\System32\lxdxcoms.exe:Lexmark Communications System
"{A206615B-BB9F-48D5-9859-44305E561B34}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{D584AF68-A6F1-46C9-855A-C9C96443DF79}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe:Lexmark Device Monitor
"{AD648A48-5262-4B45-9637-6D3817CB0F5A}"= UDP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{E7C37D03-DDD3-4489-8299-4602D07DA41E}"= TCP:c:\program files\Lexmark 3600-4600 Series\frun.exe:Lexmark Productivity Studio
"{5E07037D-2957-478D-B924-08ABC09464E8}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{EBF5184C-8A91-4057-9E9F-ACD93DFB6186}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{5A981315-AB92-4BA6-B8A1-D9269D311BCD}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{375D47C3-2EAA-49B7-8323-9677EB8154E8}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{2F79B3B9-5CD9-4387-9026-C22151F1A106}"= UDP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{E7A33931-634C-4178-B720-DC2F34660E26}"= TCP:c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe:Printer Device Monitor
"{89548E12-2D2C-415B-BF8F-1246E9D22710}"= UDP:c:\users\Myska\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{02C1CA7B-C766-49C3-A316-E1268489A53E}"= TCP:c:\users\Myska\AppData\Local\Temp\lxdx\wireless\lxdxwpss.exe:
"{207A717E-7D9A-493C-872F-49CAC5E34156}"= UDP:c:\windows\System32\lxdxcfg.exe:Printer Communication System
"{E1877372-0EF9-4902-954E-42E7E2185DC7}"= TCP:c:\windows\System32\lxdxcfg.exe:Printer Communication System
"{3E3C04B7-160E-4165-BC8F-3F80BA896E2B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{B332E2CC-5956-4FBD-8382-9A2833D25019}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"{5177486F-654A-4AF2-8136-66A9E678871C}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{C2DBD538-D7FE-4322-8A11-A63E89F7B93E}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxtime.exe:Lexmark Connect Time Executable
"{76F9A9AA-A30F-417D-90E9-4506C01053A4}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"{414AF168-E198-4037-9E0C-FBC6D5D68C8C}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdxjswx.exe:Job Status Window Interface
"TCP Query User{820EE275-3970-4355-8008-46358E1E9799}d:\\hry\\warcraft 3\\warcraft iii\\war3.exe"= UDP:d:\hry\warcraft 3\warcraft iii\war3.exe:Warcraft III
"UDP Query User{CF8CA7A6-0C37-40B3-AF0D-C26E36EBE06E}d:\\hry\\warcraft 3\\warcraft iii\\war3.exe"= TCP:d:\hry\warcraft 3\warcraft iii\war3.exe:Warcraft III
"TCP Query User{48F1D3A1-00A7-4A8A-850F-CAEFAE6A8DDF}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{DEBB92AE-F61C-41FA-84F9-4E67B728E1B0}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"TCP Query User{813B0F90-F373-47D2-B0C3-329700ACACA8}c:\\program files\\lexmark 3600-4600 series\\frun.exe"= UDP:c:\program files\lexmark 3600-4600 series\frun.exe:Printing Application
"UDP Query User{A2AAE983-ECE6-48D9-B636-510ADB2DBED9}c:\\program files\\lexmark 3600-4600 series\\frun.exe"= TCP:c:\program files\lexmark 3600-4600 series\frun.exe:Printing Application
"TCP Query User{757456BC-FB83-40DC-BAB3-A2DFD074922C}c:\\program files\\lexmark 3600-4600 series\\lxdxmon.exe"= UDP:c:\program files\lexmark 3600-4600 series\lxdxmon.exe:Printer Device Monitor
"UDP Query User{A6418987-A8E4-43DD-BB92-311E8ABE014D}c:\\program files\\lexmark 3600-4600 series\\lxdxmon.exe"= TCP:c:\program files\lexmark 3600-4600 series\lxdxmon.exe:Printer Device Monitor
"{B3996296-6CAB-4D86-A7FF-EE0DB9C3870B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{9C02A621-AFD7-47DA-A8A0-55B4EC22033E}"= UDP:d:\hry\Burnout\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{99D9D98E-1621-485A-8344-577D51C8E560}"= TCP:d:\hry\Burnout\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{5BA8D44A-08FB-4329-BEF7-4F2E9939D55B}"= UDP:d:\hry\Burnout\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{E9FFE38B-A0AE-4438-AEEB-63FE1DB03FAA}"= TCP:d:\hry\Burnout\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{ADCB7A62-6138-4DB3-BD90-C370D710B81F}"= UDP:d:\hry\Burnout\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{D7617E8D-0A8E-4D03-BCF5-681B4ED00D5E}"= TCP:d:\hry\Burnout\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{AA83B3BE-9835-47F1-A4DF-171CA8A32148}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{6C0DD4B2-0C86-4DF0-8EFE-A0CB10F2E4B7}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{1FB7EEEF-C367-4F02-9903-0632F0FABCE8}c:\\users\\myska\\program files\\dna\\btdna.exe"= UDP:c:\users\myska\program files\dna\btdna.exe:btdna.exe
"UDP Query User{5D77E2D3-8A7F-4C76-8056-568DD7F04C86}c:\\users\\myska\\program files\\dna\\btdna.exe"= TCP:c:\users\myska\program files\dna\btdna.exe:btdna.exe
"TCP Query User{B3AF035A-7FC9-49F4-AFBA-19B7CCA9E693}d:\\programy\\torent\\bittorrent\\bitcomet\\bitcomet.exe"= UDP:d:\programy\torent\bittorrent\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{88144285-E42B-4991-A8E6-2E4861783DF0}d:\\programy\\torent\\bittorrent\\bitcomet\\bitcomet.exe"= TCP:d:\programy\torent\bittorrent\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{A6970632-ECDC-44F6-A55A-0BBFFCD4B88A}d:\\programy\\torent\\bittorrent\\bitcomet\\bitcomet.exe"= UDP:d:\programy\torent\bittorrent\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{08924F22-4953-4F09-BB6A-D16C31F46DDA}d:\\programy\\torent\\bittorrent\\bitcomet\\bitcomet.exe"= TCP:d:\programy\torent\bittorrent\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{04C9A046-E16B-4033-98BC-642F356BCDC6}"= UDP:d:\programy\SMPro\System Mechanic Professional\Personal Firewall\ioloFW.exe:iolo Firewall®
"{F69518AD-4461-4616-80C3-7B6C123E2ABD}"= TCP:d:\programy\SMPro\System Mechanic Professional\Personal Firewall\ioloFW.exe:iolo Firewall®
"TCP Query User{8D274D07-581F-49BF-8BDF-09B8F5B21544}c:\\windows\\system32\\dpnsvr.exe"= UDP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"UDP Query User{04844329-F5E9-4325-B82A-6405F0399168}c:\\windows\\system32\\dpnsvr.exe"= TCP:c:\windows\system32\dpnsvr.exe:Microsoft DirectPlay8 Server
"TCP Query User{30C875E3-74A2-41DB-BD1F-92579C99E639}d:\\hry\\moto racer 3\\motoracer3\\motoracer3.exe"= UDP:d:\hry\moto racer 3\motoracer3\motoracer3.exe:Moto Racer 3 PC
"UDP Query User{3043E89F-CF21-4AE2-8560-C3A27BEA5B40}d:\\hry\\moto racer 3\\motoracer3\\motoracer3.exe"= TCP:d:\hry\moto racer 3\motoracer3\motoracer3.exe:Moto Racer 3 PC
"TCP Query User{A388702D-6458-4EF1-AE34-7D32111A33B7}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{0CC1CE28-B961-4E39-88B5-1BA6C0B70F2D}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{59DB992D-9CBE-4B97-89B1-6378108C1FFA}"= UDP:d:\programy\Office 2008\Office12\GROOVE.EXE:Microsoft Office Groove
"{1DD1917A-4124-4E25-A67D-ABA065F32D73}"= TCP:d:\programy\Office 2008\Office12\GROOVE.EXE:Microsoft Office Groove
"{F2A04E33-8740-4793-8ED4-7B84EA65D4BC}"= UDP:d:\programy\Office 2008\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{18BBB01F-C41B-45E1-A40D-C63734156388}"= TCP:d:\programy\Office 2008\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA2408A9-C40C-4D71-AF4B-7DC5F8A42494}"= UDP:d:\programy\Zkousky\2\uTorrent.exe:µTorrent (TCP-In)
"{2CD0C92E-1160-44E3-8998-82462736E972}"= TCP:d:\programy\Zkousky\2\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{82D1F1C5-F23B-4666-A4AD-011D20E2881B}d:\\hry\\vietcong 2\\vietcong.exe"= UDP:d:\hry\vietcong 2\vietcong.exe:vietcong
"UDP Query User{F4C9FF98-BE87-44C9-A84A-ECB0A7B8A2E1}d:\\hry\\vietcong 2\\vietcong.exe"= TCP:d:\hry\vietcong 2\vietcong.exe:vietcong
"TCP Query User{6224D44C-0925-4991-AFED-78F71DAD1E14}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= UDP:c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface
"UDP Query User{5E115BE1-4D13-49E6-91E1-BC987B30C3A7}c:\\windows\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= TCP:c:\windows\system32\spool\drivers\w32x86\3\lxdxpswx.exe:Printer Status Window Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x86\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDSMgr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"c:\\Acer\\Empowering Technology\\eDataSecurity\\x64\\eDStbmngr.exe"= c:\acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr
"d:\\Programy\\torent\\BitTorrent\\bittorrent.exe"= d:\programy\torent\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [29.3.2009 13:24 20392]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [21.12.2007 9:21 33800]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [11.1.2009 22:51 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [11.1.2009 22:51 409600]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 9:21 468224]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdxserv.exe [30.11.2008 20:43 98984]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [20.4.2008 3:44 32256]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.3.2009 16:28 1533808]
S3 AVerAF15;AVerMedia BDA Digital Tuner;c:\windows\System32\drivers\AVerAF15.sys [11.1.2009 22:52 280448]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [1.4.2009 0:18 55280]
S3 fsssvc;Windows Live Zabezpečení rodiny;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 18:08 533360]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\System32\drivers\WSDPrint.sys [21.1.2008 4:23 16896]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [12.10.2008 0:33 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-10-12 c:\windows\Tasks\User_Feed_Synchronization-{70F4FF31-8E8C-4175-90AC-3D7CD243D112}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://cs.intl.acer.yahoo.com
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
FF - ProfilePath - c:\users\Myska\AppData\Roaming\Mozilla\Firefox\Profiles\zlv3l0v3.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\users\Myska\Program Files\DNA\plugins\npbtdna.dll
FF - plugin: d:\programy\Adobe Reider 9\Reader\browser\nppdf32.dll
FF - plugin: d:\programy\firefox\plugins\np-mswmp.dll
FF - plugin: d:\programy\firefox\plugins\npkimi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
d:\programy\firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-AVerMedia A309 (MiniCard - c:\program files\AVerMedia\AVerMedia A309 (MiniCard
AddRemove-AVerMedia A310 (MiniCard - c:\program files\AVerMedia\AVerMedia A310 (MiniCard

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 19:23
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2009-10-12 19:26
ComboFix-quarantined-files.txt 2009-10-12 17:26

Před spuštěním: Volných bajtů: 90 748 944 384
Po spuštění: Volných bajtů: 90 431 668 224

326 --- E O F --- 2009-10-12 14:51

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:55, on 12.10.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
D:\Programy\Office 2008\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\Explorer.exe
D:\Programy\OFFICE~1\Office12\OUTLOOK.EXE
D:\Programy\firefox\firefox.exe
D:\Programy\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: infoaxe.com Toolbar - {2F8D500E-4546-45b7-9236-D4FD9850CF1C} - C:\Program Files\infoaxe\ietb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\Office 2008\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Cloudberry Twitter plugin - {844ca498-7e43-4eb9-937f-083da08110be} - mscoree.dll (file missing)
O3 - Toolbar: infoaxe.com Toolbar - {717EDDE0-444F-4ff0-B9C9-F60EC423E690} - C:\Program Files\infoaxe\ietb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programy\Office 2008\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Adobe Reider 9\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Programy\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programy\Office 2008\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programy\AD-Aware 2008\aawservice.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9245 bytes

Chování je beze změn jen v total comander se mi objevily nejake slozky:
$AVG8.VAULT$
Boot
divx
DRV
logs
MSOCache
PerfLogs
ProgramData
Qoobox
MDR.iss
junction.exe
config.sys
autoexec.bat
$RECYCLE.BIN
erData
MSOCache
Nevim co to je mohu je smazat?

Kontrola logu Vyřešeno

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Kdo je online