záseky ntb - vista - výpis hjt Vyřešeno

[pikaso.andreas]

Ahoj,
prosím o kontrolu logu z hjt.
Mám ntb Acer Aspire 8730 a Vistu (Home premium) k tomu dodanou včetně všech aktualizací.
problém:
koukám třeba na ivysílání na uvolněte se prosím a zničeho nic se ntb sekne (obraz zčerná) a nic nejde udělat. nebo třeba jdu na hodinku pryč, ntb zaklapnu (jen se zhasne displej) a když přijdu a chci si otevřít prohlížeč, kliknu na ikonu v rychlém spuštění, ikona se proklikne a ni se nestane a už nejde nic s ntb dělat, jen vypnout hlavním tlačítkem (power). Při hrách jede v pohodě...
log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:35, on 27.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Ondra\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ondra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca1091a0e80399) (gupdate1ca1091a0e80399) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Innovative Solutions Service Monitor (InnovativeSolutions_monitor) - Unknown owner - C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller PRO\InnovativeSolutions_monitor_Svr.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7388 bytes

[Reklama]

[pikaso.andreas]

posouvám to nahoru :-)

[autoprd]

Tak spusť HiJackThis pro tentokrát vyber Do a system scan only!
Zatrhni položky, které jsou níže uvedené a stiskni Fix checked.

Kód: Vybrat vše

O23 - Service: Innovative Solutions Service Monitor (InnovativeSolutions_monitor) - Unknown owner - C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller PRO\InnovativeSolutions_monitor_Svr.exe (file missing)


A počkej až dokončí svůj proces, poté program vypni.

[autoprd]

Stáhni si ATF Cleaner
Spust a stiskni na select all found
Jestli jedeš přes Mozilu Firefox klikni na Firefox nahoře a vyber: Select All, potom klikni na Empty Selected.
Jestli jedeš přes Operu klikni nahoře na Operu a vyber: Select All, potom klikni na Empty Selected.
Až se to vyčistí klikni na exit pro ukončení.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[pikaso.andreas]

Omlouvám se, ale musel jsem pryč. ATF jsem provedl (sice teď jedu hlavně na chrome!), zde malware a níž hjt.
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3804
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

27.2.2010 21:49:51
mbam-log-2010-02-27 (21-49-51).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 111309
Uplynulý čas: 7 minute(s), 4 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:19, on 27.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Ondra\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca1091a0e80399) (gupdate1ca1091a0e80399) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Innovative Solutions Service Monitor (InnovativeSolutions_monitor) - Unknown owner - C:\Program Files\Common Files\Innovative Solutions\Advanced Uninstaller PRO\InnovativeSolutions_monitor_Svr.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6299 bytes

[autoprd]

Tady ještě toto:

Kód: Vybrat vše

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

---

Vypni rez. ochrany antiviru+deaktivuj firewall.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[pikaso.andreas]

ComboFix 10-02-27.04 - Ondra 27.02.2010 22:35:38.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.2190 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpeA1E.dll
c:\users\Ondra\Documents\~.inf
c:\users\Ondra\Documents\cc_20091226_001656.reg
c:\users\Ondra\Documents\cc_20100212_113105.reg
c:\users\Ondra\Documents\cc_20100227_220508.reg
c:\windows\system32\~.inf
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-27 do 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 21:12 . 2010-02-27 21:12 -------- d-----w- c:\users\Ondra\AppData\Local\Apple
2010-02-26 16:49 . 2010-02-26 16:51 88 --sh--r- c:\programdata\1DD76CD431.sys
2010-02-26 16:49 . 2010-02-26 16:51 3140 --sha-w- c:\programdata\KGyGaAvL.sys
2010-02-26 16:47 . 2010-02-26 16:47 -------- d-----w- c:\program files\Common Files\Protexis
2010-02-26 16:47 . 2010-02-26 16:47 -------- d-----w- c:\programdata\Corel
2010-02-24 06:24 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 06:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 06:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 06:23 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 06:23 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 06:23 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 06:23 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 06:23 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 06:23 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 06:23 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 06:23 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 06:23 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 06:23 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-22 13:31 . 2010-02-22 16:15 1 ----a-w- c:\users\Ondra\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-22 13:30 . 2010-02-22 13:30 -------- d-----w- c:\users\Ondra\AppData\Roaming\OpenOffice.org
2010-02-22 13:25 . 2010-02-22 13:25 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-21 16:25 . 2010-02-21 16:27 -------- d-----w- c:\program files\RCHelicopter
2010-02-20 08:56 . 2010-02-20 08:56 -------- d-----w- c:\users\Ondra\AppData\Local\Logitech
2010-02-17 20:28 . 2010-02-17 20:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-17 20:14 . 2010-02-20 10:57 -------- d-----w- c:\program files\Rockstar Games
2010-02-17 19:00 . 2010-02-17 19:00 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-17 19:00 . 2010-02-17 19:00 -------- d-----w- c:\program files\Logitech
2010-02-16 14:41 . 2010-02-16 14:41 -------- d-----w- c:\users\Ondra\AppData\Local\Ubisoft
2010-02-16 14:38 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-02-16 14:38 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-02-16 14:38 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-02-16 14:37 . 2010-02-16 14:37 -------- d-----w- c:\users\Public\Ubisoft
2010-02-16 14:37 . 2010-02-16 14:37 -------- d-----w- c:\programdata\InstallShield
2010-02-16 14:37 . 2010-02-16 14:37 -------- d-----w- c:\programdata\Ubisoft
2010-02-16 14:25 . 2010-02-21 20:20 -------- d-----w- c:\program files\Shaun White Snowboarding
2010-02-15 13:41 . 2010-02-15 13:53 -------- d-----w- c:\users\Ondra\AppData\Local\Wheelman
2010-02-15 13:41 . 2010-02-15 13:41 -------- d-----w- c:\users\Ondra\AppData\Local\PC
2010-02-14 14:04 . 2010-02-14 14:06 -------- d-----w- c:\program files\VirtualFem
2010-02-14 07:43 . 2010-02-14 07:43 -------- d-----w- c:\windows\system32\skiny
2010-02-13 14:40 . 2010-02-13 14:40 -------- d-----w- c:\program files\OSCAR Editor
2010-02-13 14:38 . 2010-02-13 14:39 -------- d-----w- c:\program files\OscarX7
2010-02-10 08:00 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-02-10 08:00 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-02-10 08:00 . 2010-02-10 08:01 -------- d-----w- c:\program files\PDFCreator
2010-02-09 18:33 . 2010-02-14 13:54 -------- d-----w- c:\users\Ondra\AppData\Roaming\Tropico 3
2010-02-09 18:29 . 2010-02-11 09:18 -------- d-----w- c:\program files\Tropico 3
2010-02-08 08:36 . 2010-02-08 08:39 -------- d-----w- c:\program files\ATITool
2010-01-29 21:58 . 2010-01-29 21:59 -------- d-----w- c:\users\Ondra\AppData\Local\Innovative Solutions
2010-01-29 21:58 . 2010-01-29 21:58 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-01-29 21:58 . 2010-02-27 21:12 -------- d-----w- c:\programdata\Innovative Solutions
2010-01-29 21:09 . 2010-01-29 21:09 -------- d-----w- c:\program files\PowerISO
2010-01-29 21:06 . 2010-01-29 21:06 8704 ----a-w- c:\users\Ondra\AppData\Roaming\Thinstall\PowerISO\1000000700002h\regsvr32.exe
2010-01-29 21:04 . 2010-01-29 21:04 -------- d-----w- c:\users\Ondra\AppData\Roaming\Thinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 21:09 . 2009-04-19 12:30 -------- d-----w- c:\program files\CCleaner
2010-02-27 21:04 . 2009-09-14 17:11 -------- d-----w- c:\program files\Microsoft
2010-02-27 21:03 . 2009-01-30 03:18 -------- d-----w- c:\program files\Windows Live
2010-02-27 21:01 . 2009-04-25 11:39 -------- d-----w- c:\programdata\Skype
2010-02-27 20:59 . 2009-04-10 14:27 -------- d-----w- c:\program files\Google
2010-02-27 20:41 . 2009-06-23 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 20:39 . 2009-12-12 00:47 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-27 12:20 . 2009-04-10 19:12 -------- d-----w- c:\program files\QIP Infium
2010-02-26 16:49 . 2009-06-15 18:44 -------- d-----w- c:\users\Ondra\AppData\Roaming\Corel
2010-02-26 16:49 . 2009-07-29 18:40 447088 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-26 16:45 . 2009-06-15 18:41 -------- d-----w- c:\program files\Corel
2010-02-24 08:16 . 2009-10-02 18:29 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 08:14 . 2009-01-30 11:14 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-02-24 08:14 . 2009-01-30 11:14 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-02-23 13:32 . 2009-04-11 15:29 -------- d-----w- c:\users\Ondra\AppData\Roaming\uTorrent
2010-02-21 16:27 . 2010-02-21 16:25 -------- d-----w- c:\program files\RCHelicopter
2010-02-21 08:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-02-20 10:55 . 2009-01-30 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 08:48 . 2009-05-09 09:49 -------- d-----w- c:\users\Ondra\AppData\Roaming\MyPhoneExplorer
2010-02-16 14:37 . 2009-04-10 14:35 -------- d-----w- c:\users\Ondra\AppData\Roaming\InstallShield
2010-02-16 14:26 . 2009-01-30 03:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-15 13:06 . 2009-11-21 21:18 -------- d-----w- c:\program files\vbNFSMWMegaTrainer
2010-02-14 07:57 . 2009-04-21 21:20 -------- d-----w- c:\program files\Scorpions WinCheater
2010-02-13 09:34 . 2009-04-11 06:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-12 10:20 . 2009-12-27 22:28 -------- d-----w- c:\programdata\Codemasters
2010-02-10 08:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-08 08:56 . 2009-07-03 20:51 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-01-29 21:58 . 2010-01-29 21:58 -------- d-----w- c:\windows\Fonts\AdvUninstal
2010-01-25 21:41 . 2010-01-23 15:33 -------- d-----w- c:\users\Ondra\AppData\Roaming\FileZilla
2010-01-24 12:25 . 2010-01-24 12:22 -------- d-----w- c:\users\Ondra\AppData\Roaming\IBP
2010-01-23 15:33 . 2010-01-23 15:33 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-23 14:04 . 2009-04-10 17:25 -------- d-----w- c:\program files\Total UP
2010-01-23 14:04 . 2010-01-23 14:04 -------- d-----w- c:\users\Ondra\AppData\Roaming\GHISLER
2010-01-21 20:07 . 2009-12-19 18:59 357783 ----a-w- c:\windows\system32\~.tmp
2010-01-20 19:17 . 2009-11-16 22:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 21:02 . 2009-06-12 18:40 -------- d-----w- c:\program files\SWiSHmax
2010-01-16 20:06 . 2010-01-15 17:00 -------- d-----w- c:\program files\Bryce 6
2010-01-15 17:00 . 2010-01-15 17:00 -------- d-----w- c:\program files\Common Files\DAZ
2010-01-10 22:40 . 2010-01-10 22:40 528384 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations\gill1.tla.dll
2010-01-09 11:16 . 2010-01-09 11:16 4308992 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\gill 1.tls.dll
2010-01-09 11:08 . 2010-01-09 10:58 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-09 10:58 . 2010-01-09 10:58 -------- d-----w- c:\users\Ondra\AppData\Roaming\TuneUp Software
2010-01-09 10:58 . 2010-01-09 10:58 -------- d-----w- c:\programdata\TuneUp Software
2010-01-09 10:57 . 2010-01-09 10:57 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-07 15:07 . 2009-11-01 00:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-11-01 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:38 . 2010-02-24 06:23 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 06:23 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 06:23 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 06:23 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-02 06:38 . 2010-01-21 19:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 19:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 19:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 19:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 17:28 . 2009-04-10 14:31 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-12-28 22:11 . 2009-12-28 22:11 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-27 22:24 . 2003-11-07 12:28 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-27 22:24 . 2003-11-07 12:28 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-17 23:14 . 2010-01-09 10:59 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 23:09 . 2010-01-09 10:59 21320 ----a-w- c:\windows\system32\authuitu.dll
2009-12-17 23:08 . 2010-01-09 10:59 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-15 20:38 . 2009-12-15 20:38 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-12-15 20:38 . 2009-12-15 20:38 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-11 11:43 . 2010-02-10 06:26 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 06:26 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 06:26 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 06:26 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 06:26 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 06:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 06:26 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 06:26 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 06:26 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 06:26 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 06:26 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 06:26 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 06:26 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 06:26 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 06:26 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 06:26 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 06:26 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
.

Kód: Vybrat vše

<pre>
c:\program files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
c:\program files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
</pre>

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 15:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-19 6294048]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-10-27 817672]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP5000 Status Window.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5000 Status Window.lnk
backup=c:\windows\pss\Canon LBP5000 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):45,ce,4e,a0,5b,fa,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4016117494-3182526739-4166363913-1000]
"EnableNotificationsRef"=dword:00000002

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 VD_FileDisk;VD_FileDisk;c:\windows\System32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/12 23:17];c:\program files\PowerDVD9\PowerDVD9\000.fcl [7.5.2009 20:05 87536]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16.3.2009 21:27 172032]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [14.5.2009 14:49 38240]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [30.1.2009 4:49 24576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5.5.2009 19:26 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 1044808]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26.6.2008 1:39 212992]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\System32\drivers\hidshim.sys [8.10.2008 9:43 5632]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 6:40 3668480]
R3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\System32\drivers\nuvotonhidgeneric.sys [8.10.2008 9:43 22528]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [15.12.2009 21:27 27632]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [10.4.2009 18:43 691696]
S2 gupdate1ca1091a0e80399;Služba Google Update (gupdate1ca1091a0e80399);c:\program files\Google\Update\GoogleUpdate.exe [29.7.2009 22:14 133104]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [15.12.2009 21:27 90112]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [15.12.2009 21:38 13224]
S3 InnovativeSolutions_monitor;Innovative Solutions Service Monitor;c:\program files\Common Files\Innovative Solutions\Advanced Uninstaller PRO\InnovativeSolutions_monitor_Svr.exe --> c:\program files\Common Files\Innovative Solutions\Advanced Uninstaller PRO\InnovativeSolutions_monitor_Svr.exe [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [15.12.2009 21:27 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [15.12.2009 21:27 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [15.12.2009 21:27 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [15.12.2009 21:27 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [15.12.2009 21:27 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [15.12.2009 21:27 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [15.12.2009 21:27 109736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 21:13]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 21:14]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 21:14]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4016117494-3182526739-4166363913-1000Core.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-29 19:30]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4016117494-3182526739-4166363913-1000UA.job
- c:\users\Ondra\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-29 19:30]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\7a9vku18.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ondra\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\PowerDVD9\PowerDVD9\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-27 22:50:53
ComboFix-quarantined-files.txt 2010-02-27 21:50

Před spuštěním: Volných bajtů: 52 232 650 752
Po spuštění: Volných bajtů: 52 344 852 480

- - End Of File - - C8BE56F80CCAE40585627B0B57279ECD

[Damned]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\programdata\1DD76CD431.sys
c:\programdata\KGyGaAvL.sys
c:\windows\system32\~.tmp

Driver::
KGyGaAvL
1DD76CD431
InnovativeSolutions_monitor
Innovative Solutions Service Monitor
InnovativeSolutions_monitor_Svr

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]




Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

[pikaso.andreas]

Vše jsem provedl a teď počkám, jestli se pc "kousne"...

ComboFix 10-02-27.04 - Ondra 28.02.2010 8:15.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.2235 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý


FILE ::
"c:\programdata\1DD76CD431.sys"
"c:\programdata\KGyGaAvL.sys"
"c:\windows\system32\~.tmp"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\1DD76CD431.sys
c:\programdata\KGyGaAvL.sys
c:\windows\system32\~.tmp

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_InnovativeSolutions_monitor


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-28 do 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-28 07:25 . 2010-02-28 07:44 -------- d-----w- c:\users\Ondra\AppData\Local\temp
2010-02-27 21:12 . 2010-02-27 21:12 -------- d-----w- c:\users\Ondra\AppData\Local\Apple
2010-02-26 16:47 . 2010-02-26 16:47 -------- d-----w- c:\program files\Common Files\Protexis
2010-02-26 16:47 . 2010-02-26 16:47 -------- d-----w- c:\programdata\Corel
2010-02-24 06:24 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 06:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 06:23 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 06:23 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 06:23 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 06:23 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 06:23 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 06:23 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 06:23 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 06:23 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 06:23 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 06:23 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 06:23 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-22 13:31 . 2010-02-22 16:15 1 ----a-w- c:\users\Ondra\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-22 13:30 . 2010-02-22 13:30 -------- d-----w- c:\users\Ondra\AppData\Roaming\OpenOffice.org
2010-02-22 13:25 . 2010-02-22 13:25 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-21 16:25 . 2010-02-21 16:27 -------- d-----w- c:\program files\RCHelicopter
2010-02-20 08:56 . 2010-02-20 08:56 -------- d-----w- c:\users\Ondra\AppData\Local\Logitech
2010-02-17 20:28 . 2010-02-17 20:28 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-17 20:14 . 2010-02-20 10:57 -------- d-----w- c:\program files\Rockstar Games
2010-02-17 19:00 . 2010-02-17 19:00 -------- d-----w- c:\program files\Common Files\Logitech
2010-02-17 19:00 . 2010-02-17 19:00 -------- d-----w- c:\program files\Logitech
2010-02-16 14:41 . 2010-02-16 14:41 -------- d-----w- c:\users\Ondra\AppData\Local\Ubisoft
2010-02-16 14:38 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-02-16 14:38 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-02-16 14:38 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-02-16 14:37 . 2010-02-16 14:37 -------- d-----w- c:\users\Public\Ubisoft
2010-02-16 14:37 . 2010-02-16 14:37 -------- d-----w- c:\programdata\InstallShield
2010-02-16 14:37 . 2010-02-16 14:37 -------- d-----w- c:\programdata\Ubisoft
2010-02-16 14:25 . 2010-02-21 20:20 -------- d-----w- c:\program files\Shaun White Snowboarding
2010-02-15 13:41 . 2010-02-15 13:53 -------- d-----w- c:\users\Ondra\AppData\Local\Wheelman
2010-02-15 13:41 . 2010-02-15 13:41 -------- d-----w- c:\users\Ondra\AppData\Local\PC
2010-02-14 14:04 . 2010-02-14 14:06 -------- d-----w- c:\program files\VirtualFem
2010-02-14 07:43 . 2010-02-14 07:43 -------- d-----w- c:\windows\system32\skiny
2010-02-13 14:40 . 2010-02-13 14:40 -------- d-----w- c:\program files\OSCAR Editor
2010-02-13 14:38 . 2010-02-13 14:39 -------- d-----w- c:\program files\OscarX7
2010-02-10 08:00 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-02-10 08:00 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-02-10 08:00 . 2010-02-10 08:01 -------- d-----w- c:\program files\PDFCreator
2010-02-09 18:33 . 2010-02-14 13:54 -------- d-----w- c:\users\Ondra\AppData\Roaming\Tropico 3
2010-02-09 18:29 . 2010-02-11 09:18 -------- d-----w- c:\program files\Tropico 3
2010-02-08 08:36 . 2010-02-08 08:39 -------- d-----w- c:\program files\ATITool
2010-01-29 21:58 . 2010-01-29 21:59 -------- d-----w- c:\users\Ondra\AppData\Local\Innovative Solutions
2010-01-29 21:58 . 2010-01-29 21:58 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2010-01-29 21:58 . 2010-02-27 21:12 -------- d-----w- c:\programdata\Innovative Solutions
2010-01-29 21:09 . 2010-01-29 21:09 -------- d-----w- c:\program files\PowerISO
2010-01-29 21:06 . 2010-01-29 21:06 8704 ----a-w- c:\users\Ondra\AppData\Roaming\Thinstall\PowerISO\1000000700002h\regsvr32.exe
2010-01-29 21:04 . 2010-01-29 21:04 -------- d-----w- c:\users\Ondra\AppData\Roaming\Thinstall

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 21:09 . 2009-04-19 12:30 -------- d-----w- c:\program files\CCleaner
2010-02-27 21:04 . 2009-09-14 17:11 -------- d-----w- c:\program files\Microsoft
2010-02-27 21:03 . 2009-01-30 03:18 -------- d-----w- c:\program files\Windows Live
2010-02-27 21:01 . 2009-04-25 11:39 -------- d-----w- c:\programdata\Skype
2010-02-27 20:59 . 2009-04-10 14:27 -------- d-----w- c:\program files\Google
2010-02-27 20:41 . 2009-06-23 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 20:39 . 2009-12-12 00:47 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-27 12:20 . 2009-04-10 19:12 -------- d-----w- c:\program files\QIP Infium
2010-02-26 16:49 . 2009-06-15 18:44 -------- d-----w- c:\users\Ondra\AppData\Roaming\Corel
2010-02-26 16:49 . 2009-07-29 18:40 447088 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-26 16:45 . 2009-06-15 18:41 -------- d-----w- c:\program files\Corel
2010-02-24 08:16 . 2009-10-02 18:29 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 08:14 . 2009-01-30 11:14 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-02-24 08:14 . 2009-01-30 11:14 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-02-23 13:32 . 2009-04-11 15:29 -------- d-----w- c:\users\Ondra\AppData\Roaming\uTorrent
2010-02-21 16:27 . 2010-02-21 16:25 -------- d-----w- c:\program files\RCHelicopter
2010-02-21 08:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-02-20 10:55 . 2009-01-30 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 08:48 . 2009-05-09 09:49 -------- d-----w- c:\users\Ondra\AppData\Roaming\MyPhoneExplorer
2010-02-16 14:37 . 2009-04-10 14:35 -------- d-----w- c:\users\Ondra\AppData\Roaming\InstallShield
2010-02-16 14:26 . 2009-01-30 03:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-15 13:06 . 2009-11-21 21:18 -------- d-----w- c:\program files\vbNFSMWMegaTrainer
2010-02-14 07:57 . 2009-04-21 21:20 -------- d-----w- c:\program files\Scorpions WinCheater
2010-02-13 09:34 . 2009-04-11 06:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-12 10:20 . 2009-12-27 22:28 -------- d-----w- c:\programdata\Codemasters
2010-02-10 08:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-08 08:56 . 2009-07-03 20:51 -------- d-----w- c:\program files\EVEREST Ultimate Edition
2010-01-29 21:58 . 2010-01-29 21:58 -------- d-----w- c:\windows\Fonts\AdvUninstal
2010-01-25 21:41 . 2010-01-23 15:33 -------- d-----w- c:\users\Ondra\AppData\Roaming\FileZilla
2010-01-24 12:25 . 2010-01-24 12:22 -------- d-----w- c:\users\Ondra\AppData\Roaming\IBP
2010-01-23 15:33 . 2010-01-23 15:33 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-23 14:04 . 2009-04-10 17:25 -------- d-----w- c:\program files\Total UP
2010-01-23 14:04 . 2010-01-23 14:04 -------- d-----w- c:\users\Ondra\AppData\Roaming\GHISLER
2010-01-20 19:17 . 2009-11-16 22:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 21:02 . 2009-06-12 18:40 -------- d-----w- c:\program files\SWiSHmax
2010-01-16 20:06 . 2010-01-15 17:00 -------- d-----w- c:\program files\Bryce 6
2010-01-15 17:00 . 2010-01-15 17:00 -------- d-----w- c:\program files\Common Files\DAZ
2010-01-10 22:40 . 2010-01-10 22:40 528384 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations\gill1.tla.dll
2010-01-09 11:16 . 2010-01-09 11:16 4308992 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\gill 1.tls.dll
2010-01-09 11:08 . 2010-01-09 10:58 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-01-09 10:58 . 2010-01-09 10:58 -------- d-----w- c:\users\Ondra\AppData\Roaming\TuneUp Software
2010-01-09 10:58 . 2010-01-09 10:58 -------- d-----w- c:\programdata\TuneUp Software
2010-01-09 10:57 . 2010-01-09 10:57 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-01-07 15:07 . 2009-11-01 00:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-11-01 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:38 . 2010-02-24 06:23 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 06:23 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-02-24 06:23 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 06:23 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-02 06:38 . 2010-01-21 19:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 19:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-21 19:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-21 19:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 17:28 . 2009-04-10 14:31 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-12-28 22:11 . 2009-12-28 22:11 515848 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-27 22:24 . 2003-11-07 12:28 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-27 22:24 . 2003-11-07 12:28 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-17 23:14 . 2010-01-09 10:59 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2009-12-17 23:09 . 2010-01-09 10:59 21320 ----a-w- c:\windows\system32\authuitu.dll
2009-12-17 23:08 . 2010-01-09 10:59 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-15 20:38 . 2009-12-15 20:38 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-12-15 20:38 . 2009-12-15 20:38 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-12-11 11:43 . 2010-02-10 06:26 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 06:26 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 06:26 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 06:26 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 06:26 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 06:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 06:26 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 06:26 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 06:26 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 06:26 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 06:26 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 06:26 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 06:26 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 06:26 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 06:26 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 06:26 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 06:26 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
.

Kód: Vybrat vše

<pre>
c:\program files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1 .exe
c:\program files\VirtualDJ\Plugins\VideoEffect\PictureRotation v1.1\PictureRotation v1.1 .exe
</pre>

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 15:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-19 6294048]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-10-27 817672]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP5000 Status Window.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5000 Status Window.lnk
backup=c:\windows\pss\Canon LBP5000 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):45,ce,4e,a0,5b,fa,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4016117494-3182526739-4166363913-1000]
"EnableNotificationsRef"=dword:00000002

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R1 VD_FileDisk;VD_FileDisk;c:\windows\System32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/12 23:17];c:\program files\PowerDVD9\PowerDVD9\000.fcl [7.5.2009 20:05 87536]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [16.3.2009 21:27 172032]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [14.5.2009 14:49 38240]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [30.1.2009 4:49 24576]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [15.12.2009 21:27 90112]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5.5.2009 19:26 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [18.12.2009 0:12 1044808]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [26.6.2008 1:39 212992]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\System32\drivers\hidshim.sys [8.10.2008 9:43 5632]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17.11.2008 6:40 3668480]
R3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\System32\drivers\nuvotonhidgeneric.sys [8.10.2008 9:43 22528]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [15.12.2009 21:27 27632]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 gupdate1ca1091a0e80399;Služba Google Update (gupdate1ca1091a0e80399);c:\program files\Google\Update\GoogleUpdate.exe [29.7.2009 22:14 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [15.12.2009 21:38 13224]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [15.12.2009 21:27 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [15.12.2009 21:27 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [15.12.2009 21:27 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [15.12.2009 21:27 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [15.12.2009 21:27 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [15.12.2009 21:27 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [15.12.2009 21:27 109736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-10 21:13]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\7a9vku18.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 08:44
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x863231F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8b5a2d24
\Driver\ACPI -> acpi.sys @ 0x807c2d68
\Driver\atapi -> 0x863231f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\PowerDVD9\PowerDVD9\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3696)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WinRAR\rarext.dll
c:\program files\WinRAR\rarlng.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\CNAC4RPK.EXE
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Celkový čas: 2010-02-28 08:49:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-28 07:49
ComboFix2.txt 2010-02-27 21:50

Před spuštěním: Volných bajtů: 52 257 890 304
Po spuštění: Volných bajtů: 51 824 066 560

- - End Of File - - 6E76259F48DC3E1FEE62731FC84DC02D


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:06, on 28.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca1091a0e80399) (gupdate1ca1091a0e80399) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5852 bytes

[autoprd]

Než přijde Damned.
Tak jak se chová pc pořád se zasekává ?

[pikaso.andreas]

Zatím ne!! Ale to chce tak celý den to nechat jet..

[Damned]

Start -> Spustit... a napiš do okna tento příkaz označený modře:
C:\WINDOWS\MBR.exe -f a dej Ok. mezi mbr.exe a -f je mezera
- pokud by tě bezpečnostní software upozornil na přepsání MBR tak to povol
- počkej až program proběhne a pak restartuj Pc
Po restartu Windows zadej červený příkaz (Start-->>Spustit):
C:\WINDOWS\MBR.exe a dej OK.
Spustí se znovu a log co vytvoří sem vlož (najdeš ho v C:\WINDOWS\MBR.log)