Prosím o preventivní kontrolu logu

[M4RTY]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:08:30, on 4.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/skins7/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{49E7AC88-3BD9-4673-A8D9-DA1CFF080C49}: NameServer = 10.10.10.1
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Fortres Security Runtime (fsrt) - Unknown owner - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe

--
End of file - 4627 bytes


MbaM



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4125

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4.8.2010 13:14:56
mbam-log-2010-08-04 (13-14-56).txt

Typ skenu: Rychlý sken
Skenované objekty: 130129
Uplynulý čas: 4 minuta(y), 25 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Reklama]

[jaro3]

Jsi tady nějak často...

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)


COMODO Internet Security--doufám , že využíváš jen firewall...

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Budu asi až večer..

[M4RTY]

Jsem tady často, protože se nudím, ale nevím jak si to myslel...Podle počtu shlédnutí, nebo kontrolu logů ?? :-)
Ano, používám jen firewall




Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Verze databáze: 4387

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4.8.2010 18:20:38
mbam-log-2010-08-04 (18-20-38).txt

Typ skenu: Rychlý sken
Skenované objekty: 138545
Uplynulý čas: 4 minuta(y), 16 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)


CF


ComboFix 10-08-03.04 - Martin 04.08.2010 18:26:07.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2047.1231 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-04 do 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-04 16:32 . 2010-08-04 16:33 -------- d-----w- c:\users\Martin\AppData\Local\temp
2010-08-04 16:32 . 2010-08-04 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-04 16:17 . 2010-08-04 16:17 -------- d-----w- c:\users\Martin\AppData\Local\ATI
2010-08-03 16:01 . 2010-08-03 16:08 -------- d-----w- c:\users\Martin\AppData\Local\VirtuaTennis2009
2010-07-31 18:14 . 2010-07-31 18:14 45 ---h--w- c:\windows\dwin5799.dat
2010-07-30 17:31 . 2010-07-30 17:31 -------- d-----w- c:\users\Martin\AppData\Roaming\BinarySense
2010-07-30 17:31 . 2010-08-04 11:56 -------- d-----w- c:\program files\Common Files\BinarySense
2010-07-30 11:22 . 2010-07-30 16:33 -------- d-----w- c:\program files\aTube Catcher 2.0
2010-07-28 12:38 . 2010-07-28 12:38 -------- d-----w- c:\users\Martin\AppData\Roaming\FaceGen
2010-07-28 12:34 . 2010-07-28 12:41 -------- d-----w- c:\program files\Singular Inversions
2010-07-27 16:19 . 2010-07-27 16:19 -------- d-----w- c:\users\Martin\AppData\Roaming\Need for Speed World
2010-07-27 16:15 . 2010-07-29 09:21 10708240 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\nfsw.exe
2010-07-27 16:15 . 2010-07-29 09:21 1790736 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.native.dll
2010-07-27 16:15 . 2010-07-29 09:21 4068624 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\eawebkit.dll
2010-07-27 16:15 . 2010-07-29 09:21 267536 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.dll
2010-07-27 16:15 . 2010-07-27 16:15 462864 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\d3dx10_37.dll
2010-07-27 16:15 . 2010-07-27 16:15 3786760 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\d3dx9_37.dll
2010-07-27 16:01 . 2010-07-27 16:01 883670 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbcl.dll
2010-07-27 16:01 . 2010-07-27 16:01 57344 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbag.dll
2010-07-27 15:55 . 2010-07-27 15:55 -------- d-----w- c:\users\Martin\AppData\Local\Electronic_Arts_Inc
2010-07-27 15:55 . 2010-07-27 15:55 -------- d-----w- c:\programdata\Electronic Arts
2010-07-27 12:25 . 2010-07-27 12:40 -------- d-----w- c:\programdata\TmForever
2010-07-26 13:20 . 2010-07-26 13:20 82726 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}\_853F67D554F05449430E7E.exe
2010-07-26 13:20 . 2010-07-26 13:20 82726 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}\_43EA64258A532C2A1F57BD.exe
2010-07-25 07:48 . 2010-07-25 07:48 -------- d-----w- c:\program files\OEdit
2010-07-23 10:18 . 2010-07-23 10:18 -------- d-----w- c:\users\Martin\AppData\Roaming\ATI
2010-07-23 10:18 . 2010-07-23 10:18 -------- d-----w- c:\programdata\ATI
2010-07-23 10:18 . 2010-07-23 10:18 0 ----a-w- c:\windows\ativpsrm.bin
2010-07-23 10:16 . 2010-07-23 10:16 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-07-23 10:15 . 2010-07-23 10:15 -------- d-----w- c:\program files\ATI
2010-07-23 10:15 . 2010-07-23 10:16 -------- d-----w- c:\program files\ATI Technologies
2010-07-23 10:14 . 2010-07-23 10:14 -------- d-----w- C:\ATI
2010-07-21 20:22 . 2010-07-21 20:22 -------- d-----w- c:\program files\GIGABYTE
2010-07-21 20:22 . 2010-07-22 10:42 17488 ----a-w- c:\windows\gdrv.sys
2010-07-21 18:24 . 2010-07-21 18:24 -------- d-----w- c:\program files\uTorrent
2010-07-21 18:23 . 2010-07-21 21:09 -------- d-----w- c:\users\Martin\AppData\Roaming\uTorrent
2010-07-21 17:58 . 2010-07-21 17:59 -------- d-----w- c:\users\Martin\AppData\Local\NFS Underground 2
2010-07-21 17:12 . 2010-07-21 17:12 -------- d-----w- c:\users\Martin\SystemRequirementsLab
2010-07-21 15:11 . 2010-07-21 15:11 -------- d-----w- C:\Downloads
2010-07-21 15:08 . 2010-07-21 15:19 -------- d-----w- c:\users\Martin\AppData\Roaming\BitSpirit
2010-07-15 18:42 . 2010-07-15 18:42 720896 ----a-w- c:\windows\system32\tmp_u_06_00_87.dat
2010-07-15 18:42 . 2010-07-15 18:42 -------- d-----w- c:\windows\system32\music
2010-07-15 18:42 . 2010-07-15 18:42 851968 ----a-w- c:\windows\system32\tmp_u_02_00_01.dat
2010-07-15 18:42 . 2010-07-15 18:42 1638400 ----a-w- c:\windows\system32\tmp_u_04_01_87.dat
2010-07-15 18:42 . 2010-07-15 18:42 1441792 ----a-w- c:\windows\system32\tmp_u_04_02_25.dat
2010-07-15 18:42 . 2010-07-15 18:42 1245184 ----a-w- c:\windows\system32\tmp_u_03_00_25.dat
2010-07-15 18:42 . 2010-07-15 18:42 -------- d-----w- c:\windows\system32\packages
2010-07-15 18:42 . 2010-07-15 18:42 398180 ----a-w- c:\windows\system32\levelr.dat
2010-07-15 18:42 . 2010-07-15 18:42 2525696 ----a-w- c:\windows\system32\levelr.exe
2010-07-15 11:14 . 2010-07-21 15:20 -------- d-----w- c:\program files\Pando Networks
2010-07-13 19:45 . 2010-07-13 19:45 -------- d-----w- c:\program files\Lavalys
2010-07-13 09:16 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-07-11 12:07 . 2010-07-11 12:07 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 12:07 . 2010-07-11 12:03 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-11 12:07 . 2010-07-11 12:03 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 12:07 . 2010-07-11 12:07 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-10 18:44 . 2010-07-10 18:44 -------- d-----w- c:\users\Martin\dwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 16:29 . 2009-07-14 08:44 622422 ----a-w- c:\windows\system32\perfh005.dat
2010-08-04 16:29 . 2009-07-14 08:44 118604 ----a-w- c:\windows\system32\perfc005.dat
2010-08-04 10:51 . 2010-06-21 13:48 -------- d-----w- c:\users\Martin\AppData\Roaming\AIMP
2010-08-03 15:39 . 2010-05-17 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 13:48 . 2010-05-20 14:34 -------- d-----w- c:\users\Martin\AppData\Roaming\vlc
2010-08-01 10:23 . 2010-05-20 15:22 -------- d-----w- c:\users\Martin\AppData\Roaming\dvdcss
2010-07-31 09:35 . 2010-05-17 15:51 65256 ----a-w- c:\users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-28 12:42 . 2010-06-06 19:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-28 07:33 . 2010-06-06 19:13 -------- d-----w- c:\programdata\NVIDIA
2010-07-26 20:42 . 2010-06-30 13:26 -------- d-----w- c:\users\Martin\AppData\Roaming\ICQ
2010-07-24 19:37 . 2010-06-09 15:45 -------- d-----w- c:\program files\JDownloader
2010-07-15 18:42 . 2010-07-15 18:42 2525696 ----a-w- c:\windows\system32\levelr.tmp
2010-07-15 16:15 . 2010-06-28 10:41 -------- d-----w- c:\users\Martin\AppData\Roaming\IObit
2010-07-14 08:33 . 2010-07-02 09:01 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-14 08:33 . 2010-07-02 09:01 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-11 13:12 . 2010-07-11 12:07 -------- d-----w- c:\users\Martin\AppData\Roaming\DivX
2010-07-11 12:07 . 2010-07-11 12:03 -------- d-----w- c:\programdata\DivX
2010-07-11 12:07 . 2010-07-11 12:07 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 12:07 . 2010-07-11 12:04 -------- d-----w- c:\program files\DivX
2010-07-11 12:07 . 2010-07-11 12:07 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 12:07 . 2010-07-11 12:07 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-11 12:07 . 2010-07-11 12:07 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-11 12:07 . 2010-05-19 15:21 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-11 12:06 . 2010-07-11 12:06 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-09 15:33 . 2010-05-17 18:10 -------- d-----w- c:\program files\Opera
2010-07-02 09:01 . 2010-07-02 09:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-30 19:28 . 2010-05-30 10:16 -------- d-----w- c:\program files\ICQ-Banner-Remover
2010-06-30 19:21 . 2010-06-30 19:21 -------- d-----w- c:\program files\ICQ6Toolbar
2010-06-30 19:21 . 2010-06-30 19:21 -------- d-----w- c:\programdata\ICQ
2010-06-30 19:18 . 2010-06-30 13:25 -------- d-----w- c:\program files\ICQ7.2
2010-06-30 13:20 . 2010-06-30 13:20 -------- d-----w- c:\programdata\IObit
2010-06-28 11:33 . 2010-06-28 11:30 -------- d-----w- c:\programdata\COMODO
2010-06-28 11:27 . 2010-06-28 11:27 -------- d-----w- c:\program files\COMODO
2010-06-28 11:26 . 2010-06-28 11:22 -------- d-----w- c:\programdata\Comodo Downloader
2010-06-28 10:41 . 2010-06-28 10:41 -------- d-----w- c:\program files\IObit
2010-06-28 05:02 . 2010-06-28 05:02 -------- d-----w- c:\users\Martin\AppData\Roaming\vghd
2010-06-27 10:10 . 2010-06-27 10:01 5 ----a-w- c:\windows\treeskp.sys
2010-06-27 10:10 . 2010-06-27 09:02 5 ----a-w- c:\windows\sbacknt.bin
2010-06-27 10:01 . 2010-06-27 09:02 -------- d-----w- c:\program files\vghd
2010-06-26 19:04 . 2010-06-26 19:04 -------- d-----w- c:\program files\SopCast
2010-06-26 17:40 . 2010-05-18 19:59 -------- d-----w- c:\program files\RocketDock
2010-06-26 12:23 . 2010-06-26 12:23 -------- d-----w- c:\program files\The KMPlayer
2010-06-26 12:20 . 2010-06-26 12:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-06-26 12:20 . 2010-06-26 12:20 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-26 07:56 . 2010-06-26 07:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-26 07:56 . 2010-05-17 17:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-23 15:29 . 2010-06-23 15:29 -------- d-----w- c:\program files\VirusTotalUploader2
2010-06-23 14:56 . 2010-05-28 14:36 -------- d-----w- c:\program files\GRETECH
2010-06-21 13:47 . 2010-06-21 13:47 -------- d-----w- c:\program files\AIMP2
2010-06-19 15:12 . 2010-06-19 13:23 -------- d-----w- c:\programdata\FLEXnet
2010-06-19 14:40 . 2010-05-17 16:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-19 13:16 . 2010-06-19 13:16 -------- d-----w- c:\program files\Bonjour
2010-06-19 13:11 . 2010-06-19 13:11 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-19 10:52 . 2010-06-19 10:52 -------- d-----w- c:\program files\Defraggler
2010-06-19 09:24 . 2010-05-23 09:20 -------- d-----w- c:\program files\Ashampoo
2010-06-19 09:21 . 2010-06-19 09:21 -------- d---a-w- c:\program files\Revo_Uninstaller
2010-06-19 08:49 . 2010-06-19 08:48 -------- d-----w- c:\program files\VstPlugins
2010-06-19 08:48 . 2010-06-19 08:48 -------- d-----w- c:\program files\Outsim
2010-06-17 12:00 . 2010-06-17 12:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-16 20:01 . 2010-06-16 20:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-12 13:59 . 2010-06-12 13:55 -------- d-----w- c:\program files\WhoCrashed
2010-06-12 13:22 . 2010-06-12 12:28 -------- d-----w- c:\program files\nLite
2010-06-10 18:35 . 2010-06-10 18:35 39233 ----a-w- c:\windows\SETUP1.EXE
2010-06-10 13:44 . 2010-06-10 13:44 -------- d-----w- c:\program files\IM
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\Martin\10600\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27841\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\Martin\10600\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27841\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\Martin\10600\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\Martin\10600\AcrobatUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27841\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27841\AcrobatUpdater.exe
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\users\Martin\AppData\Roaming\Apple Computer
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\program files\Safari
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\programdata\Apple Computer
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\program files\Common Files\Apple
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\program files\Apple Software Update
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\programdata\Apple
2010-06-04 10:29 . 2010-06-04 10:29 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-04 09:55 . 2010-06-04 09:55 224240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 17:00 . 2010-06-01 17:00 75944 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 17:00 . 2010-06-01 17:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 17:00 . 2010-06-01 17:00 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-30 07:16 . 2010-05-30 07:16 0 ----a-w- c:\windows\nsreg.dat
2010-05-27 19:01 . 2010-05-27 19:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 17:38 . 2010-05-27 17:38 5586432 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-05-27 17:05 . 2010-05-27 17:05 15180800 ----a-w- c:\windows\system32\atioglxx.dll
2010-05-27 17:02 . 2010-05-27 17:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-27 17:02 . 2010-05-27 17:02 511488 ----a-w- c:\windows\system32\aticfx32.dll
2010-05-27 17:00 . 2010-05-27 17:00 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-05-27 16:59 . 2010-05-27 16:59 376832 ----a-w- c:\windows\system32\atieclxx.exe
2010-05-27 16:59 . 2010-05-27 16:59 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-05-27 16:58 . 2010-05-27 16:58 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk]
backup=c:\windows\pss\HDDlife.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R2 fsrt;Fortres Security Runtime;c:\program files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE [x]
R3 FGCWL;FGCWL;c:\program files\Fortres Grand\Virtual Sandbox\FGCWL.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-26 691696]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-03-23 704760]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

.
Obsah adresáře 'Naplánované úlohy'

2010-08-04 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-06-28 15:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/skins7/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Načítať použitie &BitSpirit
TCP: {49E7AC88-3BD9-4673-A8D9-DA1CFF080C49} = 10.10.10.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\tsf9vihz.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\guard32.dll
.
Celkový čas: 2010-08-04 18:35:06
ComboFix-quarantined-files.txt 2010-08-04 16:35

Před spuštěním: Volných bajtů: 94 920 028 160
Po spuštění: Volných bajtů: 94 906 040 320

- - End Of File - - FDBCD8233A387199D79F3DC148F50776

[jaro3]

Ne , myslel jsem v sekci HJT ( viry)..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\dwin5799.dat
c:\windows\ativpsrm.bin
c:\windows\system32\tmp_u_06_00_87.dat
c:\windows\system32\tmp_u_02_00_01.dat
c:\windows\system32\tmp_u_04_01_87.dat
c:\windows\system32\tmp_u_04_02_25.dat
c:\windows\system32\tmp_u_03_00_25.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\perfc005.dat
c:\windows\sbacknt.bin

Folder::
c:\program files\ICQ6Toolbar

DirLook::
c:\windows\system32\packages


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\levelr.exe
c:\windows\system32\levelr.dat
c:\windows\system32\levelr.tmp

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

[M4RTY]

ComboFix 10-08-03.04 - Martin 04.08.2010 21:16:16.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2047.1451 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt

FILE ::
"c:\windows\ativpsrm.bin"
"c:\windows\dwin5799.dat"
"c:\windows\sbacknt.bin"
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\system32\tmp_u_02_00_01.dat"
"c:\windows\system32\tmp_u_03_00_25.dat"
"c:\windows\system32\tmp_u_04_01_87.dat"
"c:\windows\system32\tmp_u_04_02_25.dat"
"c:\windows\system32\tmp_u_06_00_87.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\ativpsrm.bin
c:\windows\dwin5799.dat
c:\windows\sbacknt.bin
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\system32\tmp_u_02_00_01.dat
c:\windows\system32\tmp_u_03_00_25.dat
c:\windows\system32\tmp_u_04_01_87.dat
c:\windows\system32\tmp_u_04_02_25.dat
c:\windows\system32\tmp_u_06_00_87.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-04 do 2010-08-04 )))))))))))))))))))))))))))))))
.

2010-08-04 19:23 . 2010-08-04 19:25 -------- d-----w- c:\users\Martin\AppData\Local\temp
2010-08-04 19:23 . 2010-08-04 19:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-04 16:17 . 2010-08-04 16:17 -------- d-----w- c:\users\Martin\AppData\Local\ATI
2010-08-03 16:01 . 2010-08-03 16:08 -------- d-----w- c:\users\Martin\AppData\Local\VirtuaTennis2009
2010-07-30 17:31 . 2010-07-30 17:31 -------- d-----w- c:\users\Martin\AppData\Roaming\BinarySense
2010-07-30 17:31 . 2010-08-04 11:56 -------- d-----w- c:\program files\Common Files\BinarySense
2010-07-30 11:22 . 2010-07-30 16:33 -------- d-----w- c:\program files\aTube Catcher 2.0
2010-07-28 12:38 . 2010-07-28 12:38 -------- d-----w- c:\users\Martin\AppData\Roaming\FaceGen
2010-07-28 12:34 . 2010-07-28 12:41 -------- d-----w- c:\program files\Singular Inversions
2010-07-27 16:19 . 2010-07-27 16:19 -------- d-----w- c:\users\Martin\AppData\Roaming\Need for Speed World
2010-07-27 16:15 . 2010-07-29 09:21 10708240 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\nfsw.exe
2010-07-27 16:15 . 2010-07-29 09:21 1790736 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.native.dll
2010-07-27 16:15 . 2010-07-29 09:21 4068624 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\eawebkit.dll
2010-07-27 16:15 . 2010-07-29 09:21 267536 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.dll
2010-07-27 16:15 . 2010-07-27 16:15 462864 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\d3dx10_37.dll
2010-07-27 16:15 . 2010-07-27 16:15 3786760 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\d3dx9_37.dll
2010-07-27 16:01 . 2010-07-27 16:01 883670 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbcl.dll
2010-07-27 16:01 . 2010-07-27 16:01 57344 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbag.dll
2010-07-27 15:55 . 2010-07-27 15:55 -------- d-----w- c:\users\Martin\AppData\Local\Electronic_Arts_Inc
2010-07-27 15:55 . 2010-07-27 15:55 -------- d-----w- c:\programdata\Electronic Arts
2010-07-27 12:25 . 2010-07-27 12:40 -------- d-----w- c:\programdata\TmForever
2010-07-26 13:20 . 2010-07-26 13:20 82726 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}\_853F67D554F05449430E7E.exe
2010-07-26 13:20 . 2010-07-26 13:20 82726 ----a-r- c:\users\Martin\AppData\Roaming\Microsoft\Installer\{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}\_43EA64258A532C2A1F57BD.exe
2010-07-25 07:48 . 2010-07-25 07:48 -------- d-----w- c:\program files\OEdit
2010-07-23 10:18 . 2010-07-23 10:18 -------- d-----w- c:\users\Martin\AppData\Roaming\ATI
2010-07-23 10:18 . 2010-07-23 10:18 -------- d-----w- c:\programdata\ATI
2010-07-23 10:16 . 2010-07-23 10:16 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-07-23 10:15 . 2010-07-23 10:15 -------- d-----w- c:\program files\ATI
2010-07-23 10:15 . 2010-07-23 10:16 -------- d-----w- c:\program files\ATI Technologies
2010-07-23 10:14 . 2010-07-23 10:14 -------- d-----w- C:\ATI
2010-07-21 20:22 . 2010-07-21 20:22 -------- d-----w- c:\program files\GIGABYTE
2010-07-21 20:22 . 2010-07-22 10:42 17488 ----a-w- c:\windows\gdrv.sys
2010-07-21 18:24 . 2010-07-21 18:24 -------- d-----w- c:\program files\uTorrent
2010-07-21 18:23 . 2010-07-21 21:09 -------- d-----w- c:\users\Martin\AppData\Roaming\uTorrent
2010-07-21 17:58 . 2010-07-21 17:59 -------- d-----w- c:\users\Martin\AppData\Local\NFS Underground 2
2010-07-21 17:12 . 2010-07-21 17:12 -------- d-----w- c:\users\Martin\SystemRequirementsLab
2010-07-21 15:11 . 2010-07-21 15:11 -------- d-----w- C:\Downloads
2010-07-21 15:08 . 2010-07-21 15:19 -------- d-----w- c:\users\Martin\AppData\Roaming\BitSpirit
2010-07-15 18:42 . 2010-07-15 18:42 -------- d-----w- c:\windows\system32\music
2010-07-15 18:42 . 2010-07-15 18:42 -------- d-----w- c:\windows\system32\packages
2010-07-15 18:42 . 2010-07-15 18:42 398180 ----a-w- c:\windows\system32\levelr.dat
2010-07-15 18:42 . 2010-07-15 18:42 2525696 ----a-w- c:\windows\system32\levelr.exe
2010-07-15 11:14 . 2010-07-21 15:20 -------- d-----w- c:\program files\Pando Networks
2010-07-13 19:45 . 2010-07-13 19:45 -------- d-----w- c:\program files\Lavalys
2010-07-13 09:16 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-07-11 12:07 . 2010-07-11 12:07 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-11 12:07 . 2010-07-11 12:03 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-11 12:07 . 2010-07-11 12:03 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-11 12:07 . 2010-07-11 12:07 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-10 18:44 . 2010-07-10 18:44 -------- d-----w- c:\users\Martin\dwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 10:51 . 2010-06-21 13:48 -------- d-----w- c:\users\Martin\AppData\Roaming\AIMP
2010-08-03 15:39 . 2010-05-17 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 13:48 . 2010-05-20 14:34 -------- d-----w- c:\users\Martin\AppData\Roaming\vlc
2010-08-01 10:23 . 2010-05-20 15:22 -------- d-----w- c:\users\Martin\AppData\Roaming\dvdcss
2010-07-31 09:35 . 2010-05-17 15:51 65256 ----a-w- c:\users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-28 12:42 . 2010-06-06 19:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-28 07:33 . 2010-06-06 19:13 -------- d-----w- c:\programdata\NVIDIA
2010-07-26 20:42 . 2010-06-30 13:26 -------- d-----w- c:\users\Martin\AppData\Roaming\ICQ
2010-07-24 19:37 . 2010-06-09 15:45 -------- d-----w- c:\program files\JDownloader
2010-07-15 18:42 . 2010-07-15 18:42 2525696 ----a-w- c:\windows\system32\levelr.tmp
2010-07-15 16:15 . 2010-06-28 10:41 -------- d-----w- c:\users\Martin\AppData\Roaming\IObit
2010-07-14 08:33 . 2010-07-02 09:01 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-14 08:33 . 2010-07-02 09:01 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-11 13:12 . 2010-07-11 12:07 -------- d-----w- c:\users\Martin\AppData\Roaming\DivX
2010-07-11 12:07 . 2010-07-11 12:03 -------- d-----w- c:\programdata\DivX
2010-07-11 12:07 . 2010-07-11 12:07 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-11 12:07 . 2010-07-11 12:04 -------- d-----w- c:\program files\DivX
2010-07-11 12:07 . 2010-07-11 12:07 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-11 12:07 . 2010-07-11 12:07 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-07-11 12:07 . 2010-07-11 12:07 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-11 12:07 . 2010-05-19 15:21 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-11 12:06 . 2010-07-11 12:06 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-07-11 12:06 . 2010-07-11 12:06 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-09 15:33 . 2010-05-17 18:10 -------- d-----w- c:\program files\Opera
2010-07-02 09:01 . 2010-07-02 09:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-30 19:28 . 2010-05-30 10:16 -------- d-----w- c:\program files\ICQ-Banner-Remover
2010-06-30 19:21 . 2010-06-30 19:21 -------- d-----w- c:\programdata\ICQ
2010-06-30 19:18 . 2010-06-30 13:25 -------- d-----w- c:\program files\ICQ7.2
2010-06-30 13:20 . 2010-06-30 13:20 -------- d-----w- c:\programdata\IObit
2010-06-28 11:33 . 2010-06-28 11:30 -------- d-----w- c:\programdata\COMODO
2010-06-28 11:27 . 2010-06-28 11:27 -------- d-----w- c:\program files\COMODO
2010-06-28 11:26 . 2010-06-28 11:22 -------- d-----w- c:\programdata\Comodo Downloader
2010-06-28 10:41 . 2010-06-28 10:41 -------- d-----w- c:\program files\IObit
2010-06-28 05:02 . 2010-06-28 05:02 -------- d-----w- c:\users\Martin\AppData\Roaming\vghd
2010-06-27 10:10 . 2010-06-27 10:01 5 ----a-w- c:\windows\treeskp.sys
2010-06-27 10:01 . 2010-06-27 09:02 -------- d-----w- c:\program files\vghd
2010-06-26 19:04 . 2010-06-26 19:04 -------- d-----w- c:\program files\SopCast
2010-06-26 17:40 . 2010-05-18 19:59 -------- d-----w- c:\program files\RocketDock
2010-06-26 12:23 . 2010-06-26 12:23 -------- d-----w- c:\program files\The KMPlayer
2010-06-26 12:20 . 2010-06-26 12:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-06-26 12:20 . 2010-06-26 12:20 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-26 07:56 . 2010-06-26 07:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-06-26 07:56 . 2010-05-17 17:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-23 15:29 . 2010-06-23 15:29 -------- d-----w- c:\program files\VirusTotalUploader2
2010-06-23 14:56 . 2010-05-28 14:36 -------- d-----w- c:\program files\GRETECH
2010-06-21 13:47 . 2010-06-21 13:47 -------- d-----w- c:\program files\AIMP2
2010-06-19 15:12 . 2010-06-19 13:23 -------- d-----w- c:\programdata\FLEXnet
2010-06-19 14:40 . 2010-05-17 16:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-19 13:16 . 2010-06-19 13:16 -------- d-----w- c:\program files\Bonjour
2010-06-19 13:11 . 2010-06-19 13:11 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-06-19 10:52 . 2010-06-19 10:52 -------- d-----w- c:\program files\Defraggler
2010-06-19 09:24 . 2010-05-23 09:20 -------- d-----w- c:\program files\Ashampoo
2010-06-19 09:21 . 2010-06-19 09:21 -------- d---a-w- c:\program files\Revo_Uninstaller
2010-06-19 08:49 . 2010-06-19 08:48 -------- d-----w- c:\program files\VstPlugins
2010-06-19 08:48 . 2010-06-19 08:48 -------- d-----w- c:\program files\Outsim
2010-06-17 12:00 . 2010-06-17 12:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-16 20:01 . 2010-06-16 20:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-12 13:59 . 2010-06-12 13:55 -------- d-----w- c:\program files\WhoCrashed
2010-06-12 13:22 . 2010-06-12 12:28 -------- d-----w- c:\program files\nLite
2010-06-10 18:35 . 2010-06-10 18:35 39233 ----a-w- c:\windows\SETUP1.EXE
2010-06-10 13:44 . 2010-06-10 13:44 -------- d-----w- c:\program files\IM
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\Martin\10600\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27841\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\Martin\10600\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27841\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\Martin\10600\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\Martin\10600\AcrobatUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27841\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\27841\AcrobatUpdater.exe
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\users\Martin\AppData\Roaming\Apple Computer
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\program files\Safari
2010-06-08 18:04 . 2010-06-08 18:04 -------- d-----w- c:\programdata\Apple Computer
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\program files\Common Files\Apple
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\program files\Apple Software Update
2010-06-08 18:03 . 2010-06-08 18:03 -------- d-----w- c:\programdata\Apple
2010-06-04 10:29 . 2010-06-04 10:29 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-04 09:55 . 2010-06-04 09:55 224240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 17:00 . 2010-06-01 17:00 75944 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 17:00 . 2010-06-01 17:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 17:00 . 2010-06-01 17:00 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-30 07:16 . 2010-05-30 07:16 0 ----a-w- c:\windows\nsreg.dat
2010-05-27 19:01 . 2010-05-27 19:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 17:38 . 2010-05-27 17:38 5586432 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-05-27 17:05 . 2010-05-27 17:05 15180800 ----a-w- c:\windows\system32\atioglxx.dll
2010-05-27 17:02 . 2010-05-27 17:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-27 17:02 . 2010-05-27 17:02 511488 ----a-w- c:\windows\system32\aticfx32.dll
2010-05-27 17:00 . 2010-05-27 17:00 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-05-27 16:59 . 2010-05-27 16:59 376832 ----a-w- c:\windows\system32\atieclxx.exe
2010-05-27 16:59 . 2010-05-27 16:59 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-05-27 16:58 . 2010-05-27 16:58 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-05-27 16:58 . 2010-05-27 16:58 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-05-27 16:58 . 2010-05-27 16:58 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-05-27 16:57 . 2010-05-27 16:57 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-05-27 16:54 . 2010-05-27 16:54 3668480 ----a-w- c:\windows\system32\atidxx32.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\packages ----

2010-07-15 18:42 . 2010-07-15 18:42 1448 ----a-w- c:\windows\system32\packages\44_31.pack
2010-07-15 18:42 . 2010-07-15 18:42 4608 ----a-w- c:\windows\system32\packages\51_1.pack


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk]
backup=c:\windows\pss\HDDlife.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R2 fsrt;Fortres Security Runtime;c:\program files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE [x]
R3 FGCWL;FGCWL;c:\program files\Fortres Grand\Virtual Sandbox\FGCWL.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-26 691696]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-03-23 704760]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-31 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-31 96896]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/skins7/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Načítať použitie &BitSpirit
TCP: {49E7AC88-3BD9-4673-A8D9-DA1CFF080C49} = 10.10.10.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\tsf9vihz.default\
FF - prefs.js: browser.startup.homepage - google.com

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-08-04 21:27:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-04 19:27
ComboFix2.txt 2010-08-04 16:35

Před spuštěním: Volných bajtů: 94 365 749 248
Po spuštění: Volných bajtů: 94 301 884 416

- - End Of File - - AF1F68CB2D2F3195816E56F830CA00A1


Levelr -> To jsem měl hru, ale nešla

exe
dat
tmp

[M4RTY]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:40:21, on 4.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/skins7/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{49E7AC88-3BD9-4673-A8D9-DA1CFF080C49}: NameServer = 10.10.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Fortres Security Runtime (fsrt) - Unknown owner - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FSRT.EXE (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe

--
End of file - 3991 bytes


+ Odkazy v minulém příspěvku

[jaro3]

Ještě dej na VirusTotal toto:
c:\windows\system32\packages\44_31.pack
c:\windows\system32\packages\51_1.pack

[M4RTY]

44_31.pack
51_1.pack

[jaro3]

Tu hru odinstaluj..


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
fsrt
FGCWL


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu.

[M4RTY]

Hra odinstalována

Překročen počat povolených znaků
http://leteckaposta.cz/174993085

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Zkus ještě na VT:
c:\users\Martin\AppData\Roaming\Microsoft\Installer\{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}\_853F67D554F05449430E7E.exe
c:\users\Martin\AppData\Roaming\Microsoft\Installer\{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}\_43EA64258A532C2A1F57BD.exe

[M4RTY]

1
2