Prosím o kontrolu-pomalý notebook :(

ChrisX · Příspěvekod **ChrisX** » 08 led 2011 18:08

Prosím o kontrolu logu

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:03:42, on 8.1.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Hardy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hardy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hardy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hardy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hardy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5538
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.flashget.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5538
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5538
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Hardy\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Hardy\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Hardy\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 13021 bytes

Reklama

Příspěvekod **memphisto** » 08 led 2011 19:24

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

ChrisX · Příspěvekod **ChrisX** » 08 led 2011 22:43

Tady to je :-)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5485

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

8.1.2011 22:42:24
mbam-log-2011-01-08 (22-42-15).txt

Typ kontroly: Rychlý test
Testované objekty: 136276
Uplynulý čas: 24 minut, 13 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 1
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x ... r.asp?Ext=%s) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\Users\Hardy\AppData\Roaming\microsoft\internet explorer\quick launch\.url (Malware.Trace) -> No action taken.
c:\Windows\System32\secushr.dat (Malware.Trace) -> No action taken.

Příspěvekod **memphisto** » 09 led 2011 00:04

Používáš Flashget?

ChrisX · Příspěvekod **ChrisX** » 09 led 2011 00:17

Jen trošku, ale ano.

Příspěvekod **memphisto** » 09 led 2011 00:43

Tak spusť zase Mbam a nechej proběhnout test a na konci zaškrtni smazat vše kromě:
c:\Windows\System32\secushr.dat

Mbam to chybně detekuje jako nákazu. Proto první log a až poté mazat

Pak udělej:
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

ChrisX · Příspěvekod **ChrisX** » 09 led 2011 02:28

ComboFix 11-01-08.03 - Hardy 09.01.2011 1:53.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2811.1605 [GMT 1:00]
Spuštěný z: c:\users\Hardy\Desktop\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Hardy\AppData\Roaming\.#

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-09 do 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 01:14 . 2011-01-09 01:16 -------- d-----w- c:\users\Hardy\AppData\Local\temp
2011-01-09 01:14 . 2011-01-09 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-08 21:15 . 2011-01-08 21:15 -------- d-----w- c:\users\Hardy\AppData\Roaming\Malwarebytes
2011-01-08 21:15 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-08 21:15 . 2011-01-08 21:15 -------- d-----w- c:\programdata\Malwarebytes
2011-01-08 21:15 . 2011-01-08 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-08 21:15 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-08 19:30 . 2011-01-08 19:30 -------- d-----w- c:\users\Hardy\DoctorWeb
2011-01-08 16:56 . 2011-01-08 16:56 388096 ----a-r- c:\users\Hardy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-08 16:56 . 2011-01-08 16:56 -------- d-----w- c:\program files\Trend Micro
2011-01-02 17:54 . 2010-03-19 11:33 51360 ----a-w- c:\windows\system32\CMStarter_Kor.dll
2011-01-02 17:54 . 2010-03-19 11:33 51360 ----a-w- c:\windows\system32\CMStarter_Eng.dll
2011-01-02 17:54 . 2010-03-19 11:33 362656 ----a-w- c:\windows\system32\CMStarterCore.exe
2011-01-02 17:14 . 2011-01-02 17:54 -------- d-----w- c:\program files\Webzen
2011-01-02 12:22 . 2011-01-02 20:44 -------- d-----w- c:\program files\MKMT2 - Cliente de Setembro
2011-01-02 11:41 . 2011-01-02 11:41 -------- d-----w- C:\MyWinLockerData
2010-12-29 05:38 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-12-28 23:13 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-28 23:06 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-28 22:57 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-12-24 08:15 . 2010-12-24 08:15 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-12-22 18:37 . 2010-12-22 18:37 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-12-19 17:20 . 2010-12-19 17:20 -------- d-----w- c:\program files\Common Files\Skype
2010-12-19 02:08 . 2010-12-19 02:11 -------- d-----w- C:\Fraps
2010-12-16 22:51 . 2010-12-16 22:51 -------- d-----w- C:\bd332b3c735cf3a1530e91cbf60a
2010-12-14 18:11 . 2010-12-14 18:12 -------- d-----w- c:\program files\CCleaner
2010-12-14 10:52 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-16 11:01 . 2010-12-03 09:54 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72007957-9C71-43EE-930E-59345A993B7A}\mpengine.dll
2010-11-09 17:55 . 2010-11-09 17:55 230752 ----a-w- c:\windows\patchw32.dll
2010-11-04 18:55 . 2010-12-15 06:13 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-10-19 09:41 . 2010-08-19 08:08 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-03-26 18:38 39208 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-17 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe" [2010-05-11 2385456]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-10 7399968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-17 30192]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-12-02 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-03-26 345384]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-06-23 703008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-09 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-08-17 200704]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-26 866824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-04-13 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-04-13 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-03-05 173288]

c:\users\Hardy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-6-24 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 135664]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Webzen\ArchLord\GameGuard\dump_wmimmc.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-17 30192]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-17 3717904]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-18 697328]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110107.002\IDSvix86.sys [2010-11-09 353912]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-11-11 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-11-11 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-11-11 59952]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-09 176128]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-14 75048]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-05-05 117256]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-06-23 723488]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-03-26 305448]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-27 102448]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-10-09 23096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 18:21]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 18:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.flashget.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5538
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: ????3??
IE: ????3??????
IE: Download all by FlashGet3 - c:\users\Hardy\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Hardy\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: ????3?? - c:\users\Hardy\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Hardy\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKCU-Run-ICQ - c:\program files\ICQ7.2\ICQ.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-09 02:15
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2839542139-3687427439-2716046507-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Hardy\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-2839542139-3687427439-2716046507-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Hardy\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1412)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2011-01-09 02:21:22
ComboFix-quarantined-files.txt 2011-01-09 01:21

Před spuštěním: Volných bajtů: 133 803 126 784
Po spuštění: Volných bajtů: 133 734 019 072

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 096353A9BC5F8C09B3718C6035D80051

Příspěvekod **memphisto** » 09 led 2011 09:25

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\_MSRSTRT.EXE

DirLook::
C:\bd332b3c735cf3a1530e91cbf60a

Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=-
"EnableUIADesktopToggle"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

ChrisX · Příspěvekod **ChrisX** » 09 led 2011 12:06

ComboFix 11-01-08.03 - Hardy 09.01.2011 11:32:31.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2811.1704 [GMT 1:00]
Spuštěný z: c:\users\Hardy\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Hardy\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\_MSRSTRT.EXE"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_1997.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\_MSRSTRT.EXE

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-09 do 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 10:41 . 2011-01-09 10:49 -------- d-----w- c:\users\Hardy\AppData\Local\temp
2011-01-09 10:41 . 2011-01-09 10:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-08 21:15 . 2011-01-08 21:15 -------- d-----w- c:\users\Hardy\AppData\Roaming\Malwarebytes
2011-01-08 21:15 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-08 21:15 . 2011-01-08 21:15 -------- d-----w- c:\programdata\Malwarebytes
2011-01-08 21:15 . 2011-01-08 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-08 21:15 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-08 19:30 . 2011-01-08 19:30 -------- d-----w- c:\users\Hardy\DoctorWeb
2011-01-08 16:56 . 2011-01-08 16:56 388096 ----a-r- c:\users\Hardy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-08 16:56 . 2011-01-08 16:56 -------- d-----w- c:\program files\Trend Micro
2011-01-02 17:54 . 2010-03-19 11:33 51360 ----a-w- c:\windows\system32\CMStarter_Kor.dll
2011-01-02 17:54 . 2010-03-19 11:33 51360 ----a-w- c:\windows\system32\CMStarter_Eng.dll
2011-01-02 17:54 . 2010-03-19 11:33 362656 ----a-w- c:\windows\system32\CMStarterCore.exe
2011-01-02 17:14 . 2011-01-02 17:54 -------- d-----w- c:\program files\Webzen
2011-01-02 12:22 . 2011-01-02 20:44 -------- d-----w- c:\program files\MKMT2 - Cliente de Setembro
2011-01-02 11:41 . 2011-01-02 11:41 -------- d-----w- C:\MyWinLockerData
2010-12-29 05:38 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-12-28 23:13 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-28 23:06 . 2010-11-02 06:03 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2010-12-28 22:57 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-12-24 08:15 . 2010-12-24 08:15 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-12-19 17:20 . 2010-12-19 17:20 -------- d-----w- c:\program files\Common Files\Skype
2010-12-19 02:08 . 2010-12-19 02:11 -------- d-----w- C:\Fraps
2010-12-16 22:51 . 2010-12-16 22:51 -------- d-----w- C:\bd332b3c735cf3a1530e91cbf60a
2010-12-14 18:11 . 2010-12-14 18:12 -------- d-----w- c:\program files\CCleaner
2010-12-14 10:52 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-16 11:01 . 2010-12-03 09:54 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72007957-9C71-43EE-930E-59345A993B7A}\mpengine.dll
2010-11-09 17:55 . 2010-11-09 17:55 230752 ----a-w- c:\windows\patchw32.dll
2010-11-04 18:55 . 2010-12-15 06:13 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-10-19 09:41 . 2010-08-19 08:08 222080 ------w- c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\bd332b3c735cf3a1530e91cbf60a ----

2010-03-18 20:26 . 2010-03-18 20:26 1163264 ------w- c:\bd332b3c735cf3a1530e91cbf60a\netfx_Core_x86.msi
2010-03-18 20:24 . 2010-03-18 20:24 115880689 ------w- c:\bd332b3c735cf3a1530e91cbf60a\netfx_Core.mzz
2010-03-18 20:16 . 2010-03-18 20:16 78152 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Setup.exe
2010-03-18 20:16 . 2010-03-18 20:16 807256 ------w- c:\bd332b3c735cf3a1530e91cbf60a\SetupEngine.dll
2010-03-18 20:16 . 2010-03-18 20:16 295248 ------w- c:\bd332b3c735cf3a1530e91cbf60a\SetupUi.dll
2010-03-18 20:16 . 2010-03-18 20:16 17240 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1025\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 14168 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1028\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1029\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1030\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18776 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1031\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 19288 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1032\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 17240 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1033\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1035\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18776 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1036\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 16728 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1037\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18776 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1038\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1040\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 15704 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1041\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 15192 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1042\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 19288 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1043\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 17752 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1044\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1045\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1046\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18264 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1049\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 17752 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1053\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 17752 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1055\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 14168 ------w- c:\bd332b3c735cf3a1530e91cbf60a\2052\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18776 ------w- c:\bd332b3c735cf3a1530e91cbf60a\2070\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 14168 ------w- c:\bd332b3c735cf3a1530e91cbf60a\3076\SetupResources.dll
2010-03-18 20:16 . 2010-03-18 20:16 18776 ------w- c:\bd332b3c735cf3a1530e91cbf60a\3082\SetupResources.dll
2010-03-18 20:00 . 2010-03-18 20:00 74214 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1025\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 60816 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1028\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 80970 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1029\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 77748 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1030\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 82346 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1031\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 86284 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1032\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 77022 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1035\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 82962 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1036\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 72076 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1037\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 86442 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1038\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 80060 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1040\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 68226 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1041\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 65238 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1042\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 79634 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1043\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 79296 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1044\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 82374 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1045\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 80738 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1046\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 81482 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1049\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 77680 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1053\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 76818 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1055\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 60684 ------w- c:\bd332b3c735cf3a1530e91cbf60a\2052\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 80254 ------w- c:\bd332b3c735cf3a1530e91cbf60a\2070\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 60816 ------w- c:\bd332b3c735cf3a1530e91cbf60a\3076\LocalizedData.xml
2010-03-18 20:00 . 2010-03-18 20:00 79996 ------w- c:\bd332b3c735cf3a1530e91cbf60a\3082\LocalizedData.xml
2010-03-18 19:58 . 2010-03-18 19:58 96088 ------w- c:\bd332b3c735cf3a1530e91cbf60a\SetupUtility.exe
2010-03-18 19:56 . 2010-03-18 19:56 201796 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Parameterinfo.xml
2010-03-18 19:56 . 2010-03-18 19:56 201796 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Client\ParameterInfo.xml
2010-03-18 19:56 . 2010-03-18 19:56 77232 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1033\LocalizedData.xml
2010-03-18 19:11 . 2010-03-18 19:11 2141433 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Windows6.1-KB958488-v6001-x86.msu
2010-03-18 17:19 . 2010-03-18 17:19 2192672 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Windows6.0-KB956250-v6001-x86.msu
2010-03-11 04:29 . 2010-03-11 04:29 7567 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1025\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 6309 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1028\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3726 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1029\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3314 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1030\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3419 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1031\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 8876 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1032\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3702 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1035\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3526 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1036\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 6851 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1037\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 4254 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1038\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3643 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1040\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 10125 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1041\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 12687 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1042\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3546 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1043\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3046 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1044\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 4040 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1045\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3683 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1046\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 54456 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1049\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3865 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1053\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3859 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1055\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 5827 ------w- c:\bd332b3c735cf3a1530e91cbf60a\2052\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 4015 ------w- c:\bd332b3c735cf3a1530e91cbf60a\2070\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 6309 ------w- c:\bd332b3c735cf3a1530e91cbf60a\3076\eula.rtf
2010-03-11 04:29 . 2010-03-11 04:29 3069 ------w- c:\bd332b3c735cf3a1530e91cbf60a\3082\eula.rtf
2010-03-04 03:07 . 2010-03-04 03:07 3188 ------w- c:\bd332b3c735cf3a1530e91cbf60a\1033\eula.rtf
2010-01-11 05:10 . 2010-01-11 05:10 10134 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\stop.ico
2009-11-05 06:41 . 2009-11-05 06:41 39042 ------w- c:\bd332b3c735cf3a1530e91cbf60a\UiInfo.xml
2009-11-05 06:41 . 2009-11-05 06:41 39042 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Client\UiInfo.xml
2009-11-05 06:41 . 2009-11-05 06:41 30120 ------w- c:\bd332b3c735cf3a1530e91cbf60a\SetupUi.xsd
2009-08-31 10:50 . 2009-08-31 10:50 88533 ------w- c:\bd332b3c735cf3a1530e91cbf60a\DisplayIcon.ico
2009-08-31 10:50 . 2009-08-31 10:50 41080 ------w- c:\bd332b3c735cf3a1530e91cbf60a\SplashScreen.bmp
2009-08-31 10:50 . 2009-08-31 10:50 14084 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Strings.xml
2009-08-31 10:49 . 2009-08-31 10:49 1150 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\Print.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\Rotate1.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\Rotate2.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\Rotate3.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\Rotate4.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\Rotate5.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\Rotate6.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\Rotate7.ico
2009-08-31 10:49 . 2009-08-31 10:49 894 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\Rotate8.ico
2009-08-31 10:49 . 2009-08-31 10:49 1150 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\Save.ico
2009-08-31 10:49 . 2009-08-31 10:49 36710 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\Setup.ico
2009-08-31 10:49 . 2009-08-31 10:49 1150 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\SysReqMet.ico
2009-08-31 10:49 . 2009-08-31 10:49 1150 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\SysReqNotMet.ico
2009-08-31 10:49 . 2009-08-31 10:49 10134 ------w- c:\bd332b3c735cf3a1530e91cbf60a\Graphics\warn.ico
2009-08-31 10:49 . 2009-08-31 10:49 16118 ------w- c:\bd332b3c735cf3a1530e91cbf60a\DHtmlHeader.html
2009-08-31 10:44 . 2009-08-31 10:44 144416 ------w- c:\bd332b3c735cf3a1530e91cbf60a\sqmapi.dll
2009-08-31 10:41 . 2009-08-31 10:41 3628 ------w- c:\bd332b3c735cf3a1530e91cbf60a\header.bmp
2009-08-31 10:41 . 2009-08-31 10:41 104072 ------w- c:\bd332b3c735cf3a1530e91cbf60a\watermark.bmp
2009-08-31 09:11 . 2009-08-31 09:11 94720 ------w- c:\bd332b3c735cf3a1530e91cbf60a\RGB9Rast_x86.msi

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-03-26 18:38 39208 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-17 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe" [2010-05-11 2385456]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-10 7399968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-17 30192]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-12-02 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-03-26 345384]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-06-23 703008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-09 61440]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-08-17 200704]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-26 866824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-04-13 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-04-13 202024]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-03-05 173288]

c:\users\Hardy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-6-24 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 135664]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Webzen\ArchLord\GameGuard\dump_wmimmc.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-17 30192]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-17 3717904]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva281;XDva281;c:\windows\system32\XDva281.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-18 697328]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110107.002\IDSvix86.sys [2010-11-09 353912]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-11-11 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-11-11 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-11-11 59952]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-09 176128]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-14 75048]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-05-05 117256]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-06-23 723488]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-03-26 305448]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-27 102448]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-10-09 23096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 18:21]

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 18:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.flashget.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5538
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: ????3??
IE: ????3??????
IE: Download all by FlashGet3 - c:\users\Hardy\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Hardy\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: ????3?? - c:\users\Hardy\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\Hardy\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2839542139-3687427439-2716046507-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Hardy\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-2839542139-3687427439-2716046507-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@Allowed: (Read) (RestrictedCode)
@="c:\\Users\\Hardy\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3956)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlUI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\GDIExtendCtrl.dll
c:\program files\EgisTec\MyWinLocker 3\x86\mwlOP.dll
c:\program files\EgisTec\MyWinLocker 3\x86\CryptoAPI.dll
c:\program files\EgisTec\MyWinLocker 3\x86\ShowErrMsg.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2011-01-09 11:54:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-09 10:54
ComboFix2.txt 2011-01-09 01:21

Před spuštěním: Volných bajtů: 133 299 781 632
Po spuštění: Volných bajtů: 133 264 683 008

- - End Of File - - CE513449B1B8AB8DC3BB81529AF7B995

Příspěvekod **memphisto** » 09 led 2011 12:24

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ odinstaluj Spybot - není třeba, máš Nortona
+ HJT

Jak se chová PC?

ChrisX · Příspěvekod **ChrisX** » 09 led 2011 13:08

Mam trošku problém se stažením T-cleaneru..když kliknu na odkaz, tak mi to napíše stránka je nedostupná a nic se neděje..
Když jsem hledal přes různé stránky a na googlu, tak mi to stažení tohoto programu nenašlo..

Jinak vše ostatní mám hotové.

Příspěvekod **memphisto** » 09 led 2011 13:21

Aha, taky mi to teď dělá, ale tak jednou ze 3 pokusů. Klikni na to víckrát a jednou se to povede :smile:

Vypni si ale ty antiviry, protože ten by ti ho hned po stažení smazal, protože jej bohužel detekují jako infekci a přitom je to neškodný program

Prosím o kontrolu-pomalý notebook :( Vyřešeno

Prosím o kontrolu-pomalý notebook :( Vyřešeno

Re: Prosím o kontrolu-pomalý notebook :(

Re: Prosím o kontrolu-pomalý notebook :(

Re: Prosím o kontrolu-pomalý notebook :(

Re: Prosím o kontrolu-pomalý notebook :(

Re: Prosím o kontrolu-pomalý notebook :(

Re: Prosím o kontrolu-pomalý notebook :(

Re: Prosím o kontrolu-pomalý notebook :(

Re: Prosím o kontrolu-pomalý notebook :(

Re: Prosím o kontrolu-pomalý notebook :(

Re: Prosím o kontrolu-pomalý notebook :(

Re: Prosím o kontrolu-pomalý notebook :(

Kdo je online