Prosím o kontrolu logu.

matko · Příspěvekod **matko** » 20 úno 2011 10:50

Mám problém s windows 7. Občas se stane, že se mi zapne PC a má jak kdyby přehozený funkce klávesnice. Například při caps locku mi to píše malým. Numerická klávesnice vůbec nepíše. Ale třeba i myška. Chci v prohlížeči kliknout na nějakou stránku a vyhodí mi to nový okno.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:38, on 20.2.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Matko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Matko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Users\Matko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matko\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matko\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.battlefieldheroes.com/en/fro ... andingPage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.31.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11132 bytes

Reklama

Příspěvekod **Žbeky** » 20 úno 2011 10:59

V HJT fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.battlefieldheroes.com/en/fro ... andingPage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O13 - Gopher Prefix: 
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.31.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

matko · Příspěvekod **matko** » 20 úno 2011 11:14

ok tak za 45 min páč jsem spustil nejdrřív microsoft security essentials...
zatím díky

matko · Příspěvekod **matko** » 20 úno 2011 13:44

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5817

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.2.2011 13:41:18
mbam-log-2011-02-20 (13-41-18).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 269217
Uplynulý čas: 16 minut, 20 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adwar
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Příspěvekod **Žbeky** » 20 úno 2011 13:46

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

matko · Příspěvekod **matko** » 20 úno 2011 14:11

ComboFix 11-02-19.02 - Matko 20.02.2011 14:00:37.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.8190.4280 [GMT 1:00]
Spuštěný z: c:\users\Matko\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Matko\AppData\Roaming\EurekaLog
c:\users\Matko\AppData\Roaming\ubot

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-20 do 2011-02-20 )))))))))))))))))))))))))))))))
.

2011-02-20 13:04 . 2011-02-20 13:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-20 12:20 . 2011-02-20 12:20 -------- d-----w- c:\users\Matko\AppData\Roaming\Malwarebytes
2011-02-20 12:20 . 2011-02-20 12:20 -------- d-----w- c:\programdata\Malwarebytes
2011-02-20 12:20 . 2011-02-20 12:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-20 12:20 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-20 10:32 . 2011-02-20 10:32 -------- d-----w- c:\users\Matko\DoctorWeb
2011-02-20 07:50 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E744C080-045D-49CD-AB48-B073A24CF0E1}\mpengine.dll
2011-02-19 17:26 . 2005-05-26 14:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-02-19 17:26 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2011-02-19 17:21 . 2011-02-19 17:21 -------- d-----w- c:\program files (x86)\Activision
2011-02-19 13:37 . 2011-02-19 13:37 -------- d-----w- c:\users\Matko\AppData\Local\Xenocode
2011-02-19 12:48 . 2011-02-19 12:48 -------- d-----w- c:\windows\Sun
2011-02-17 20:32 . 2011-02-17 20:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-17 20:01 . 2011-02-17 20:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-17 20:01 . 2011-02-17 20:01 -------- d-----w- c:\program files (x86)\Java
2011-02-17 17:33 . 2011-02-20 13:06 -------- d-----w- c:\program files (x86)\Steam
2011-02-15 20:22 . 2011-02-15 20:22 -------- d-----w- C:\Multimedia Files
2011-02-15 20:22 . 2011-02-15 20:22 -------- d-----w- c:\program files (x86)\Microsoft GIF Animator
2011-02-15 20:01 . 2011-02-15 20:01 -------- d-----w- c:\program files (x86)\MagicHTML
2011-02-15 18:55 . 2011-02-15 18:55 -------- d-----w- c:\program files (x86)\Banner Maker Pro 7
2011-02-13 17:06 . 2011-02-13 17:06 -------- d-----w- c:\users\Matko\AppData\Roaming\AI Internet Solutions
2011-02-13 17:05 . 2005-09-01 17:32 72192 ----a-w- c:\windows\unlite3.exe
2011-02-13 17:05 . 2011-02-13 17:05 -------- d-----w- c:\program files (x86)\Bradbury
2011-02-13 17:05 . 2011-01-08 01:42 3647728 ----a-w- c:\windows\SysWow64\csevalidator.dll
2011-02-13 17:05 . 2011-02-13 19:22 -------- d-----w- c:\program files (x86)\HTMLValidatorLite100
2011-02-07 20:02 . 2011-02-07 20:06 -------- d-----w- c:\users\Matko\AppData\Roaming\Notepad++
2011-02-07 20:02 . 2011-02-07 20:02 -------- d-----w- c:\program files (x86)\Notepad++
2011-02-07 19:30 . 2011-02-17 19:25 -------- d-----w- c:\users\Matko\AppData\Roaming\GSA Auto Website Submitter
2011-02-07 19:29 . 2011-02-07 19:42 -------- d-----w- c:\program files (x86)\GSA Auto Website Submitter
2011-02-06 20:03 . 2011-02-06 20:03 -------- d-----w- c:\programdata\Submit Suite
2011-02-06 20:03 . 2011-02-06 20:03 -------- d-----w- c:\program files (x86)\Submit Suite
2011-02-05 17:13 . 2011-02-05 17:13 -------- d-----w- c:\users\Matko\VirtualBox VMs
2011-02-05 17:13 . 2011-02-20 07:44 -------- d-----w- c:\users\Matko\.VirtualBox
2011-02-05 17:11 . 2011-01-18 16:05 226448 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-02-05 17:11 . 2011-01-18 16:05 54864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-02-05 17:11 . 2011-02-05 17:11 -------- d-----w- c:\program files\Oracle
2011-02-04 17:27 . 2011-02-04 17:27 -------- d-----w- c:\users\Matko\AppData\Local\Plus500
2011-02-04 17:27 . 2011-02-04 17:27 -------- d-----w- c:\program files (x86)\Plus500
2011-02-04 12:16 . 2009-08-27 03:33 28311591 ----a-w- C:\os.bin
2011-02-04 12:11 . 2011-02-04 12:13 -------- d-----w- c:\windows\WindowsMobile
2011-02-03 21:38 . 2011-02-03 21:38 -------- d-----w- c:\users\Matko\AppData\Local\ElevatedDiagnostics
2011-01-30 18:40 . 2011-02-05 18:03 -------- d-----w- c:\program files (x86)\SafeSurf
2011-01-30 13:56 . 2011-01-30 14:29 -------- d-----w- c:\users\Matko\AppData\Roaming\WebSurf.ru
2011-01-29 21:09 . 2011-01-29 21:09 -------- d-----w- c:\program files (x86)\Alcohol Soft
2011-01-29 20:04 . 2011-01-29 20:04 868848 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-29 20:04 . 2011-01-29 20:04 -------- d-----w- c:\program files (x86)\Franzis
2011-01-29 11:26 . 2011-01-29 11:26 -------- d-----w- c:\users\Matko\AppData\Local\{CB0E3105-38A5-4A80-AB0B-081A8BF72AEE}
2011-01-29 10:49 . 2011-01-29 10:49 -------- d-----w- c:\windows\cs
2011-01-29 10:45 . 2011-01-29 10:45 -------- d-----w- c:\windows\en
2011-01-29 10:15 . 2011-01-29 10:47 -------- d-----w- c:\program files (x86)\Windows Live
2011-01-29 10:10 . 2011-01-29 10:10 -------- d-----w- c:\program files\Windows Live
2011-01-29 10:06 . 2009-09-04 16:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-01-29 10:06 . 2009-09-04 16:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-01-29 10:06 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-01-29 10:06 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-01-29 10:06 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-01-29 10:06 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-01-29 10:04 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-01-29 10:04 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-01-29 10:04 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-01-29 10:04 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-01-29 10:02 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2011-01-29 10:02 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-29 10:02 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-01-29 10:02 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-29 10:02 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-01-29 10:02 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2011-01-29 10:02 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-29 09:59 . 2011-01-29 11:27 -------- d-----w- c:\users\Matko\AppData\Local\Windows Live
2011-01-29 09:59 . 2011-01-29 09:59 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-01-29 09:46 . 2011-01-29 09:46 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-01-29 09:43 . 2011-01-29 09:43 -------- d-----w- c:\program files (x86)\Google
2011-01-25 18:23 . 2011-01-25 18:23 -------- d-----w- c:\program files\Paint.NET
2011-01-25 18:22 . 2011-01-25 18:46 -------- d-----w- c:\users\Matko\AppData\Local\Paint.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 17:26 . 2011-01-11 05:55 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-02-19 17:26 . 2011-01-11 05:55 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-01-31 17:46 . 2011-01-13 01:58 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-01-30 18:48 . 2011-01-11 05:55 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-01-18 16:05 . 2011-01-18 16:05 154256 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-01-18 16:05 . 2011-01-18 16:05 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-01-18 16:05 . 2011-01-18 16:05 173840 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-01-15 04:00 . 2011-01-15 04:00 57344 ----a-r- c:\users\Matko\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-01-15 03:59 . 2011-01-15 04:00 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2011-01-13 10:20 . 2011-01-11 14:05 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-10 04:17 . 2011-01-10 03:34 20544 ----a-w- c:\windows\gdrv.sys
2011-01-10 03:36 . 2011-01-10 03:36 525792 ----a-w- c:\windows\DIFxAPI.dll
2011-01-10 03:35 . 2011-01-10 03:35 315392 ----a-w- c:\windows\HideWin.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-30 18:43 . 2011-01-11 03:26 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F8AFEBD-0653-419A-B567-6280A15565A2}\gapaengine.dll
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-26 04:20 . 2010-11-26 04:20 8120320 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-11-26 03:19 . 2010-11-26 03:19 21610496 ----a-w- c:\windows\system32\atio6axx.dll
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-11-26 02:57 . 2010-11-26 02:57 648704 ----a-w- c:\windows\system32\aticfx64.dll
2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2010-11-26 02:54 478720 ----a-w- c:\windows\system32\atieclxx.exe
2010-11-26 02:54 . 2010-11-26 02:54 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2010-11-26 02:53 . 2010-11-26 02:53 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-11-26 02:52 . 2010-11-26 02:52 423424 ----a-w- c:\windows\system32\atipdl64.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 16384 ----a-w- c:\windows\system32\atimuixx.dll
2010-11-26 02:52 . 2010-11-26 02:52 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-11-26 02:40 . 2009-07-13 21:59 4794368 ----a-w- c:\windows\system32\atidxx64.dll
2010-11-26 02:30 . 2010-11-26 02:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-11-26 02:29 . 2010-11-26 02:29 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
2010-11-26 02:29 . 2010-11-26 02:29 3217408 ----a-w- c:\windows\system32\atiumd6a.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-11-26 02:24 . 2010-11-26 02:24 58880 ----a-w- c:\windows\system32\coinst.dll
2010-11-26 02:24 . 2010-11-26 02:24 5258240 ----a-w- c:\windows\system32\atiumd64.dll
2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 351232 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-11-26 02:17 . 2010-11-26 02:17 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 31744 ----a-w- c:\windows\system32\atig6txx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 289792 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-11-26 02:16 . 2010-11-26 02:16 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-11-26 02:15 . 2010-11-26 02:15 37888 ----a-w- c:\windows\system32\atiu9p64.dll
2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\atimpc64.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-18 205976]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-02-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 336384]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~3\SPYWAR~1\sp_rsdel.exe \??\c:\progra~3\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Corporate Edition\kerneld.amd64 [2010-03-31 26752]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-29 868848]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-01-18 226448]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-01-18 54864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-01-18 154256]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-01-18 173840]

.
Obsah adresáře 'Naplánované úlohy'

2011-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-954783555-2626920665-567852362-1000Core.job
- c:\users\Matko\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 03:50]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-954783555-2626920665-567852362-1000UA.job
- c:\users\Matko\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 03:50]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6430208]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.battlefieldheroes.com/en/fro ... andingPage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Corporate Edition\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-02-20 14:09:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-20 13:09

Před spuštěním: 812 252 364 800 bytes free
Po spuštění: 811 876 388 864 bytes free

- - End Of File - - 6DCFDEE541DD504A4631227A85DD3EE6

Příspěvekod **memphisto** » 20 úno 2011 22:13

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableLUA"=-
"EnableUIADesktopToggle"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"=-

Driver::
EverestDriver
NisDrv
NisSrv

File::
c:\program files (x86)\Lavalys\EVEREST Corporate Edition\kerneld.amd64
c:\windows\system32\DRIVERS\NisDrvWFP.sys
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-954783555-2626920665-567852362-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-954783555-2626920665-567852362-1000UA.job

DDS::
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.battlefieldheroes.com/en/fro ... andingPage
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

matko · Příspěvekod **matko** » 21 úno 2011 17:52

ComboFix 11-02-19.02 - Matko 21.02.2011 17:09:47.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.8190.4728 [GMT 1:00]
Spuštěný z: c:\users\Matko\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Matko\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\program files (x86)\Lavalys\EVEREST Corporate Edition\kerneld.amd64"
"c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe"
"c:\windows\system32\DRIVERS\NisDrvWFP.sys"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-954783555-2626920665-567852362-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-954783555-2626920665-567852362-1000UA.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files (x86)\Lavalys\EVEREST Corporate Edition\kerneld.amd64
c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-954783555-2626920665-567852362-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-954783555-2626920665-567852362-1000UA.job

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EVERESTDRIVER
-------\Legacy_NISDRV
-------\Service_EverestDriver
-------\Service_NisDrv
-------\Service_NisSrv

((((((((((((((((((((((((( Soubory vytvořené od 2011-01-21 do 2011-02-21 )))))))))))))))))))))))))))))))
.

2011-02-21 16:13 . 2011-02-21 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-21 13:56 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B2B63907-C55F-4537-BA24-3692C8D22F31}\mpengine.dll
2011-02-20 13:35 . 2011-02-20 13:35 -------- d-----w- c:\program files (x86)\GamePark
2011-02-20 12:20 . 2011-02-20 12:20 -------- d-----w- c:\users\Matko\AppData\Roaming\Malwarebytes
2011-02-20 12:20 . 2011-02-20 12:20 -------- d-----w- c:\programdata\Malwarebytes
2011-02-20 12:20 . 2011-02-20 12:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-20 12:20 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-20 10:32 . 2011-02-20 10:32 -------- d-----w- c:\users\Matko\DoctorWeb
2011-02-19 17:26 . 2005-05-26 14:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-02-19 17:26 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2011-02-19 17:21 . 2011-02-19 17:21 -------- d-----w- c:\program files (x86)\Activision
2011-02-19 13:37 . 2011-02-19 13:37 -------- d-----w- c:\users\Matko\AppData\Local\Xenocode
2011-02-19 12:48 . 2011-02-19 12:48 -------- d-----w- c:\windows\Sun
2011-02-17 20:32 . 2011-02-17 20:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-02-17 20:01 . 2011-02-17 20:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-17 20:01 . 2011-02-17 20:01 -------- d-----w- c:\program files (x86)\Java
2011-02-17 17:33 . 2011-02-21 16:31 -------- d-----w- c:\program files (x86)\Steam
2011-02-15 20:22 . 2011-02-15 20:22 -------- d-----w- C:\Multimedia Files
2011-02-15 20:22 . 2011-02-15 20:22 -------- d-----w- c:\program files (x86)\Microsoft GIF Animator
2011-02-15 20:01 . 2011-02-15 20:01 -------- d-----w- c:\program files (x86)\MagicHTML
2011-02-15 18:55 . 2011-02-15 18:55 -------- d-----w- c:\program files (x86)\Banner Maker Pro 7
2011-02-13 17:06 . 2011-02-13 17:06 -------- d-----w- c:\users\Matko\AppData\Roaming\AI Internet Solutions
2011-02-13 17:05 . 2005-09-01 17:32 72192 ----a-w- c:\windows\unlite3.exe
2011-02-13 17:05 . 2011-02-13 17:05 -------- d-----w- c:\program files (x86)\Bradbury
2011-02-13 17:05 . 2011-01-08 01:42 3647728 ----a-w- c:\windows\SysWow64\csevalidator.dll
2011-02-13 17:05 . 2011-02-13 19:22 -------- d-----w- c:\program files (x86)\HTMLValidatorLite100
2011-02-07 20:02 . 2011-02-07 20:06 -------- d-----w- c:\users\Matko\AppData\Roaming\Notepad++
2011-02-07 20:02 . 2011-02-07 20:02 -------- d-----w- c:\program files (x86)\Notepad++
2011-02-07 19:30 . 2011-02-17 19:25 -------- d-----w- c:\users\Matko\AppData\Roaming\GSA Auto Website Submitter
2011-02-07 19:29 . 2011-02-07 19:42 -------- d-----w- c:\program files (x86)\GSA Auto Website Submitter
2011-02-06 20:03 . 2011-02-06 20:03 -------- d-----w- c:\programdata\Submit Suite
2011-02-06 20:03 . 2011-02-06 20:03 -------- d-----w- c:\program files (x86)\Submit Suite
2011-02-05 17:13 . 2011-02-05 17:13 -------- d-----w- c:\users\Matko\VirtualBox VMs
2011-02-05 17:13 . 2011-02-21 05:05 -------- d-----w- c:\users\Matko\.VirtualBox
2011-02-05 17:11 . 2011-01-18 16:05 226448 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-02-05 17:11 . 2011-01-18 16:05 54864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-02-05 17:11 . 2011-02-05 17:11 -------- d-----w- c:\program files\Oracle
2011-02-04 17:27 . 2011-02-04 17:27 -------- d-----w- c:\users\Matko\AppData\Local\Plus500
2011-02-04 17:27 . 2011-02-04 17:27 -------- d-----w- c:\program files (x86)\Plus500
2011-02-04 12:16 . 2009-08-27 03:33 28311591 ----a-w- C:\os.bin
2011-02-04 12:11 . 2011-02-04 12:13 -------- d-----w- c:\windows\WindowsMobile
2011-02-03 21:38 . 2011-02-21 14:20 -------- d-----w- c:\users\Matko\AppData\Local\ElevatedDiagnostics
2011-01-30 18:40 . 2011-02-05 18:03 -------- d-----w- c:\program files (x86)\SafeSurf
2011-01-30 13:56 . 2011-01-30 14:29 -------- d-----w- c:\users\Matko\AppData\Roaming\WebSurf.ru
2011-01-29 21:09 . 2011-01-29 21:09 -------- d-----w- c:\program files (x86)\Alcohol Soft
2011-01-29 20:04 . 2011-01-29 20:04 868848 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-29 20:04 . 2011-01-29 20:04 -------- d-----w- c:\program files (x86)\Franzis
2011-01-29 11:26 . 2011-01-29 11:26 -------- d-----w- c:\users\Matko\AppData\Local\{CB0E3105-38A5-4A80-AB0B-081A8BF72AEE}
2011-01-29 10:49 . 2011-01-29 10:49 -------- d-----w- c:\windows\cs
2011-01-29 10:45 . 2011-01-29 10:45 -------- d-----w- c:\windows\en
2011-01-29 10:15 . 2011-01-29 10:47 -------- d-----w- c:\program files (x86)\Windows Live
2011-01-29 10:10 . 2011-01-29 10:10 -------- d-----w- c:\program files\Windows Live
2011-01-29 10:06 . 2009-09-04 16:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-01-29 10:06 . 2009-09-04 16:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-01-29 10:06 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-01-29 10:06 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-01-29 10:06 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-01-29 10:06 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-01-29 10:04 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-01-29 10:04 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-01-29 10:04 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-01-29 10:04 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-01-29 10:02 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2011-01-29 10:02 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-29 10:02 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-01-29 10:02 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-29 10:02 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-01-29 10:02 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2011-01-29 10:02 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-29 09:59 . 2011-01-29 11:27 -------- d-----w- c:\users\Matko\AppData\Local\Windows Live
2011-01-29 09:59 . 2011-01-29 09:59 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-01-29 09:46 . 2011-01-29 09:46 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-01-29 09:43 . 2011-01-29 09:43 -------- d-----w- c:\program files (x86)\Google
2011-01-25 18:23 . 2011-01-25 18:23 -------- d-----w- c:\program files\Paint.NET
2011-01-25 18:22 . 2011-01-25 18:46 -------- d-----w- c:\users\Matko\AppData\Local\Paint.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-20 17:42 . 2011-01-13 01:58 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-02-20 17:42 . 2011-01-11 05:55 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-02-20 17:40 . 2011-01-11 05:55 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-02-20 16:18 . 2011-01-11 05:55 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-01-18 16:05 . 2011-01-18 16:05 154256 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-01-18 16:05 . 2011-01-18 16:05 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2011-01-18 16:05 . 2011-01-18 16:05 173840 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-01-15 04:00 . 2011-01-15 04:00 57344 ----a-r- c:\users\Matko\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-01-15 03:59 . 2011-01-15 04:00 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2011-01-13 10:20 . 2011-01-11 14:05 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-10 04:17 . 2011-01-10 03:34 20544 ----a-w- c:\windows\gdrv.sys
2011-01-10 03:36 . 2011-01-10 03:36 525792 ----a-w- c:\windows\DIFxAPI.dll
2011-01-10 03:35 . 2011-01-10 03:35 315392 ----a-w- c:\windows\HideWin.exe
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-11-30 18:43 . 2011-01-11 03:26 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F8AFEBD-0653-419A-B567-6280A15565A2}\gapaengine.dll
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-26 04:20 . 2010-11-26 04:20 8120320 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-11-26 03:19 . 2010-11-26 03:19 21610496 ----a-w- c:\windows\system32\atio6axx.dll
2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-11-26 02:57 . 2010-11-26 02:57 648704 ----a-w- c:\windows\system32\aticfx64.dll
2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2010-11-26 02:54 478720 ----a-w- c:\windows\system32\atieclxx.exe
2010-11-26 02:54 . 2010-11-26 02:54 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2010-11-26 02:53 . 2010-11-26 02:53 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-11-26 02:52 . 2010-11-26 02:52 423424 ----a-w- c:\windows\system32\atipdl64.dll
2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-11-26 02:52 . 2010-11-26 02:52 16384 ----a-w- c:\windows\system32\atimuixx.dll
2010-11-26 02:52 . 2010-11-26 02:52 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-11-26 02:40 . 2009-07-13 21:59 4794368 ----a-w- c:\windows\system32\atidxx64.dll
2010-11-26 02:30 . 2010-11-26 02:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-11-26 02:30 . 2010-11-26 02:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-11-26 02:29 . 2010-11-26 02:29 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
2010-11-26 02:29 . 2010-11-26 02:29 3217408 ----a-w- c:\windows\system32\atiumd6a.dll
2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-11-26 02:24 . 2010-11-26 02:24 58880 ----a-w- c:\windows\system32\coinst.dll
2010-11-26 02:24 . 2010-11-26 02:24 5258240 ----a-w- c:\windows\system32\atiumd64.dll
2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-11-26 02:17 . 2010-11-26 02:17 351232 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-11-26 02:17 . 2010-11-26 02:17 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-11-26 02:17 . 2010-11-26 02:17 31744 ----a-w- c:\windows\system32\atig6txx.dll
2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-11-26 02:16 . 2010-11-26 02:16 289792 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-11-26 02:16 . 2010-11-26 02:16 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-11-26 02:15 . 2010-11-26 02:15 37888 ----a-w- c:\windows\system32\atiu9p64.dll
2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\atimpc64.dll
2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-20_13.05.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-10 04:22 . 2011-02-21 13:44 33272 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-21 13:44 29934 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-02-20 13:07 29934 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-10 03:29 . 2011-02-21 13:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-10 03:29 . 2011-02-20 12:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-10 03:29 . 2011-02-20 12:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-10 03:29 . 2011-02-21 13:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-20 12:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-21 13:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-10 05:12 . 2011-02-20 09:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-10 05:12 . 2011-02-21 14:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-10 05:12 . 2011-02-21 14:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-10 05:12 . 2011-02-20 09:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-10 04:18 . 2011-02-21 13:44 6104 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-954783555-2626920665-567852362-1000_UserData.bin
- 2011-02-20 13:05 . 2011-02-20 13:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-21 16:31 . 2011-02-21 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-21 16:31 . 2011-02-21 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-20 13:05 . 2011-02-20 13:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:12 . 2011-02-21 13:55 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-02-20 07:54 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-01-15 04:07 . 2011-02-21 14:24 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-01-15 04:07 . 2011-01-15 04:07 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-01-10 04:15 . 2011-02-20 13:04 610776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-01-10 04:15 . 2011-02-21 16:30 610776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-02-21 16:30 396660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-02-20 13:04 396660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-20 05:52 . 2011-02-21 06:55 671250 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-954783555-2626920665-567852362-1000-12288.dat
- 2011-01-20 05:52 . 2011-02-19 22:10 671250 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-954783555-2626920665-567852362-1000-12288.dat
- 2009-07-14 02:34 . 2011-02-20 08:03 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-02-21 14:06 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-18 205976]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-02-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 336384]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~3\SPYWAR~1\sp_rsdel.exe \??\c:\progra~3\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-10 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-29 868848]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-01-18 226448]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-01-18 54864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-01-18 154256]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-01-18 173840]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF28540.cfxxe" [X]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6430208]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2011-02-21 17:35:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-21 16:35
ComboFix2.txt 2011-02-20 13:09

Před spuštěním: 816 197 713 920 bytes free
Po spuštění: 815 475 539 968 bytes free

- - End Of File - - 80DD91B9CA2F918C0DECFD64909EBA70

matko · Příspěvekod **matko** » 21 úno 2011 19:25

problém přetrvává, musím pokaždé resetovat pc. nepíše mi to čšščžž a podobně místo toho čísla. Otevírají se mi nové okna v prohlížeči po otevření nové stránky. když chci otevřít soubor označí se mi všechny soubory na ploše. Nedá se s tím absolutně pracovat, ale třeba 2 dny se mi to nestalo až teď po cc 5hod chodu pc

bledulka · Příspěvekod **bledulka** » 23 úno 2011 22:06

Ahoj, záskok za memphista.

To je notas? Nemáš možnost vyzkoušet jinou klávesnici?

Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všech jednotek
-co najde nech léčit
-pak sem vlož log.

Prosím o kontrolu logu.

Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Kdo je online