Win7 - co asi smazalo body obnovy ...

Stinger · Příspěvekod **Stinger** » 03 zář 2011 17:40

ComboFix 11-08-26.04 - Rene_Negro 03.09.2011 17:09:42.3.2 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3582.2414 [GMT 2:00]
Spuštěný z: c:\users\Rene_Negro\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Rene_Negro\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_6633.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-03 do 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 15:11 . 2011-09-03 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-03 15:11 . 2011-09-03 15:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-09-02 07:16 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79615862-F550-4614-AA2B-6A30F7BBFA97}\mpengine.dll
2011-08-27 20:04 . 2011-08-27 20:05 -------- d-----w- c:\program files (x86)\ICQ7.6
2011-08-25 12:05 . 2011-08-25 12:05 -------- d-----w- c:\users\Rene_Negro\AppData\Roaming\Malwarebytes
2011-08-25 12:05 . 2011-08-25 12:05 -------- d-----w- c:\programdata\Malwarebytes
2011-08-25 12:05 . 2011-08-26 14:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-25 12:05 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 06:12 . 2011-08-25 06:12 -------- d-----w- c:\windows\cs
2011-08-25 06:07 . 2011-08-25 06:07 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-24 15:13 . 2011-08-24 15:14 -------- d-----w- c:\program files (x86)\QuickTime
2011-08-24 15:13 . 2011-08-24 15:13 -------- d-----w- c:\programdata\Apple Computer
2011-08-24 15:11 . 2011-08-24 15:11 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-08-24 05:39 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 05:39 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 12:34 . 2011-08-23 12:38 -------- d-----w- c:\users\Rene_Negro\Neznámé soubory
2011-08-23 12:33 . 2011-08-23 12:33 -------- d-----w- c:\users\Rene_Negro\Pro poradny a fóra
2011-08-23 08:09 . 2011-08-23 08:09 229408 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-08-23 08:09 . 2007-02-16 14:40 11264 ----a-w- c:\windows\system32\relog_ap.dll
2011-08-18 15:16 . 2011-08-18 15:16 -------- d-----w- c:\program files (x86)\SweetIM
2011-08-18 15:16 . 2011-08-18 15:16 -------- d-----w- c:\programdata\SweetIM
2011-08-17 15:39 . 2011-08-17 15:39 -------- d-----w- c:\programdata\ICQ
2011-08-15 14:45 . 2011-08-15 14:45 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9c4aaaa1cc5b5a01\MeshBetaRemover.exe
2011-08-15 13:32 . 2011-08-15 13:45 -------- d-----w- c:\users\Rene_Negro\.gimp-2.6
2011-08-15 08:54 . 2011-08-15 09:01 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2010
2011-08-13 17:11 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-13 17:11 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-13 17:11 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-13 17:11 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-12 09:49 . 2011-08-12 09:49 -------- d-----w- c:\programdata\NetSoftware01
2011-08-07 16:09 . 2011-08-07 16:10 -------- d-----w- c:\program files (x86)\Trust Webcam 16175
2011-08-07 16:08 . 2011-08-07 16:08 -------- d-----w- c:\users\Rene_Negro\AppData\Roaming\InstallShield
2011-08-06 13:18 . 2011-08-06 13:18 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-06 13:18 . 2011-08-06 13:18 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-08-06 13:18 . 2011-08-06 13:18 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-06 13:18 . 2011-08-06 13:18 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-06 13:18 . 2009-04-02 09:38 1908736 ------w- c:\windows\system32\Sens_oal.dll
2011-08-06 13:18 . 2009-04-02 09:33 2873820 ------w- c:\windows\SysWow64\Sens_oal.dll
2011-08-06 13:18 . 2011-08-06 13:18 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2011-08-06 13:17 . 2009-03-26 12:48 190976 ----a-w- c:\windows\system32\APOMgr64.DLL
2011-08-06 13:17 . 2009-03-26 12:46 148480 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2011-08-06 13:17 . 2009-02-06 16:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2011-08-06 13:17 . 2009-02-06 16:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2011-08-06 13:14 . 2011-08-06 13:18 -------- d-----w- c:\program files\Creative
2011-08-06 12:58 . 2007-03-13 01:53 55296 ----a-w- c:\windows\system32\ctppld.dll
2011-08-06 12:57 . 2011-08-06 12:57 -------- d-----w- c:\windows\SysWow64\Data
2011-08-06 12:57 . 2011-08-06 12:57 -------- d-----w- c:\windows\system32\Data
2011-08-06 12:57 . 2005-06-15 09:07 11264 ----a-w- c:\windows\SysWow64\INRES.DLL
2011-08-06 11:13 . 2011-08-06 11:13 -------- d-----w- c:\users\Rene_Negro\AppData\Roaming\Creative
2011-08-06 10:19 . 2011-08-06 13:17 -------- d-----w- c:\programdata\Creative
2011-08-06 10:13 . 2003-06-12 21:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd
2011-08-06 10:12 . 2006-10-06 06:17 53248 ------w- c:\windows\Ctregrun.exe
2011-08-06 10:10 . 2011-08-06 10:10 -------- d-----w- c:\program files (x86)\Common Files\Creative
2011-08-06 10:10 . 2011-08-06 13:18 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2011-08-06 10:06 . 2011-08-06 13:18 -------- d-----w- c:\program files (x86)\Creative
2011-08-06 10:04 . 2003-11-10 16:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-08-06 10:04 . 2003-11-10 16:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-08-06 10:04 . 2003-11-10 16:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-08-06 10:04 . 2003-11-10 16:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-08-06 10:04 . 2003-11-10 16:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-08-06 10:04 . 2011-08-06 10:04 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-08-06 10:04 . 2011-08-06 10:04 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 08:09 . 2010-04-08 14:54 81952 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2011-08-23 08:09 . 2010-04-08 14:54 711712 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-08-23 08:09 . 2010-04-08 14:54 593952 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2011-07-16 04:26 . 2011-08-13 17:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-20 12:59 . 2011-06-20 12:59 22 --sha-w- c:\users\Rene_Negro\AppData\Roaming\Sys2662.Config.Repository.bin
2011-06-15 10:36 . 2011-06-15 10:36 11194368 ----a-w- c:\program files (x86)\MailClient.exe
2011-06-15 10:35 . 2011-06-15 10:35 409600 ----a-w- c:\program files (x86)\HTMLEditorControl.dll
2011-06-15 10:35 . 2011-06-15 10:35 53760 ----a-w- c:\program files (x86)\IcewarpDllProxy.exe
2011-06-15 10:35 . 2011-06-15 10:35 3072 ----a-w- c:\program files (x86)\MailClient.Localization.dll
2011-06-15 10:35 . 2011-06-15 10:35 81408 ----a-w- c:\program files (x86)\MailClient.Mail.dll
2011-06-15 10:35 . 2011-06-15 10:35 125440 ----a-w- c:\program files (x86)\SgmlReader.dll
2011-06-15 06:46 . 2011-05-13 18:33 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07 . 2011-07-13 07:51 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-19 13:23 . 2011-05-19 13:23 19968 ----a-w- c:\program files (x86)\MailClient.Mapi.dll
2011-05-19 13:21 . 2011-05-19 13:21 544768 ----a-w- c:\program files (x86)\jabber-net.dll
2011-05-19 13:21 . 2011-05-19 13:21 64512 ----a-w- c:\program files (x86)\DbRepair.exe
2011-05-19 13:21 . 2011-05-19 13:21 19968 ----a-w- c:\program files (x86)\MailClient.Collections.dll
2011-05-19 13:21 . 2011-05-19 13:21 13824 ----a-w- c:\program files (x86)\Microsoft.Experimental.IO.dll
2011-05-19 13:21 . 2011-05-19 13:21 11776 ----a-w- c:\program files (x86)\OutlookAccountInterfaces.dll
2011-05-19 13:21 . 2011-05-19 13:21 160256 ----a-w- c:\program files (x86)\System.Data.SQLite.dll
2011-05-19 13:21 . 2011-05-19 13:21 308736 ----a-w- c:\program files (x86)\HtmlInterop.dll
2011-05-19 13:21 . 2011-05-19 13:21 29184 ----a-w- c:\program files (x86)\NHunspell.dll
2011-05-19 13:21 . 2011-05-19 13:21 15872 ----a-w- c:\program files (x86)\netlib.Dns.dll
2011-03-03 15:02 . 2011-03-03 15:02 322048 ----a-w- c:\program files (x86)\Newtonsoft.Json.Net20.dll
2011-03-02 14:56 . 2011-03-02 14:56 73728 ----a-w- c:\program files (x86)\zlib.net.dll
2011-03-02 14:56 . 2011-03-02 14:56 592384 ----a-w- c:\program files (x86)\Hunspellx64.dll
2011-03-02 14:56 . 2011-03-02 14:56 452096 ----a-w- c:\program files (x86)\Hunspellx86.dll
2011-03-02 14:49 . 2011-03-02 14:49 964472 ----a-w- c:\program files (x86)\Microsoft.Office.Interop.Outlook.dll
2011-03-02 14:49 . 2011-03-02 14:49 86016 ----a-w- c:\program files (x86)\Google.GData.Extensions.dll
2011-03-02 14:49 . 2011-03-02 14:49 57344 ----a-w- c:\program files (x86)\RSS.NET.dll
2011-03-02 14:49 . 2011-03-02 14:49 28160 ----a-w- c:\program files (x86)\Google.GData.Contacts.dll
2011-03-02 14:49 . 2011-03-02 14:49 25592 ----a-w- c:\program files (x86)\stdole.dll
2011-03-02 14:49 . 2011-03-02 14:49 192512 ----a-w- c:\program files (x86)\ICSharpCode.SharpZipLib.dll
2011-03-02 14:49 . 2011-03-02 14:49 18944 ----a-w- c:\program files (x86)\Interop.QuartzTypeLib.dll
2011-03-02 14:49 . 2011-03-02 14:49 18944 ----a-w- c:\program files (x86)\GoogleTranslateAPI.dll
2011-03-02 14:49 . 2011-03-02 14:49 184320 ----a-w- c:\program files (x86)\Google.GData.Client.dll
2011-03-02 14:49 . 2011-03-02 14:49 155648 ----a-w- c:\program files (x86)\Interop.SKYPE4COMLib.dll
2011-03-02 14:49 . 2011-03-02 14:49 134144 ----a-w- c:\program files (x86)\Facebook.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-28_08.53.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-10 08:51 . 2011-09-03 15:13 76506 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-03 15:13 67408 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-10 08:46 . 2011-09-03 15:13 16858 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2980873199-2753670378-1813586586-1000_UserData.bin
+ 2010-08-26 16:14 . 2011-08-28 09:08 5640 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-08-28 08:52 . 2011-08-28 08:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-03 15:12 . 2011-09-03 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-28 08:52 . 2011-08-28 08:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-03 15:12 . 2011-09-03 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-10 10:48 . 2011-08-31 09:41 399302 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-08-28 06:40 619398 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-30 10:26 619398 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2011-08-30 10:26 636226 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2011-08-28 06:40 636226 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-08-28 06:40 107718 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-08-30 10:26 107718 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-08-28 06:40 123768 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-08-30 10:26 123768 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2011-09-03 15:05 447508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-28 08:42 447508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-21 09:17 . 2011-08-31 09:05 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
- 2011-07-21 09:17 . 2011-07-28 09:35 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-08-31 09:05 . 2011-08-31 09:05 3378176 c:\windows\Installer\6b4a9e.msi
+ 2010-04-30 11:15 . 2011-09-03 15:05 28061964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2980873199-2753670378-1813586586-1000-8192.dat
+ 2011-02-21 12:11 . 2011-08-29 15:10 12107428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2980873199-2753670378-1813586586-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ConMet"="c:\program files (x86)\ConMet\ConMet.exe" [2011-08-18 4258816]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-08-27 127040]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-08-18 17360520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" /path="c:\program files\NetSoftware"
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-09 136176]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-06 79360]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-03-13 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-09 136176]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-01-25 3051848]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2011-07-19 206336]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-05-31 1403200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2716216]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 3942216]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\program files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files (x86)\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files (x86)\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 81.200.48.12 81.200.48.11
FF - ProfilePath - c:\users\Rene_Negro\AppData\Roaming\Mozilla\Firefox\Profiles\9x9xjqa8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,44,33,08,23,31,e7,45,b9,1e,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,44,33,08,23,31,e7,45,b9,1e,12,\
.
[HKEY_USERS\S-1-5-21-2980873199-2753670378-1813586586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2980873199-2753670378-1813586586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
\OpenWithList]
@Class="Shell"
"a"="POWERPNT.EXE"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2980873199-2753670378-1813586586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
\OpenWithProgids]
"č_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2980873199-2753670378-1813586586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*
]
"0"=hex:48,00,6c,00,75,00,62,00,6f,00,6b,00,e1,00,20,00,2e,00,2e,00,2e,00,20,
00,76,00,2e,00,0d,01,00,00,82,00,36,00,00,00,00,00,00,00,00,00,00,00,48,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2980873199-2753670378-1813586586-1000_Classes\.*
]
@Allowed: (Read) (RestrictedCode)
@="č_auto_file"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="869EF9D33BC1DDF05334B5551BDF89393056AADAFBA92E5F1C110EBFBE95AE8852552D341F9340ED8DA0875E46DF8F74E569FB4BEE147A813B600E3C1214D02A2C012C32B2C4B12F27759359A715EC4A003F3E3803D5FACA1ABFDF38036405012783F177141D7BF8EC67DAEE652D378DA20490E589A3B8BCDA6FE237295C67D97D52C0E44439E98651421B7C0AA810041BF553CEB482C3C940453A6F7F2995758AF5990DA8884D86EA63DA12055D956AD56AAD9F1D4BAE5B33274DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB3452B31F08CA53103AC1D707949F0504DC6D6BB16FD7F59B4E949C5FFDCEE77EC5081F0EFC2B547E84C6A01B1992488A96C50F77D96E8D9D6233AB665644ADD10ADD6FD5BE1EB8F79C9E413DB67D624113D9F70DFDE37278288A3037E4677D52EEE670BE195DF142CC0620DBBC0CF4E7B2A747AA4FF31205B37BA7F1E32530115E031DF1ACA667C97600554B52EC1462E9F2D46D1BDECCC02EA8461BE5EC9543D6D7257CEF3CF31B0B52AFC170D1C7B9C0C329557FE6F74D567BF31E4CB46EC2EACE6ED22AE0E7E911082FDBE5F10C99536484C6ED545C6DFB1FCAC7CF74710E3F9490CA7862848D276E8A99D208CFD05163D98B3074B78B85841D497C2948471199591E4B0C02027A18ABDB2E53F75500154E4DDD943AB3EADEEBB7B1D31133AB95486B67308B63CDD92FEC41955DBC378FBC1F67098998B9A7EF8CA277DCBC727E91B567233F76F8506675AA95CAC3632F33738FA9BE8C141A93A5D71EB3725B941EE2B5BF30A2E7575707DB1F814A85927424EBD1668A2FB678442DD48E0472560B3D14E466F19913BA939AFDB355AF9C786C6962012F54426F0DD2AADAC8530AA87317F15C9220E700F37F880B0B0CF469ECC43E85B95F43028ACB36FB3B32B87B98A84D8059A480C76279922338D606A3AA124C5B11C287EBAA700EC67754B0BAA103E037BBE0CB66FE4A780B4DDF7FBB0EB7F8DF3D831E1B3CEAD085411501D4693A1A56D4257BE6CC081848DD8BD4F76370B363EABBDB34F6BC1E77FC6280E9AF306C29E2530585331B54D22052BCD25A4B70ACEB18D78DF3391ACC363D474D949FC96E4A6523B57D43131572BFB1F908A92773B3D9EFB42F886E2C1ABC33882113AED99164D49ADA904070D374F3D064C352E55CD5C3660C26C7B0F90C64D8BC6E1892E2EF5A905F6949B8E7A586ECCB24F124A27536994F61D566CB6841ACB8E388B30F3B3C228208A136769A301A7FA98AC2E6B6EFF2A0DDCED12A25F22AC5FC044B068EC2929FF84024EBAE7C562406234BAE2ADE4F10946966D2A6E5A9FA9814DC6043FB5775201FB2D755B9D3404247BB"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\MHotKey.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\ChiFuncExt.exe
.
**************************************************************************
.
Celkový čas: 2011-09-03 17:15:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-03 15:15
ComboFix2.txt 2011-09-02 15:21
ComboFix3.txt 2011-08-28 08:57
.
Před spuštěním: Volných bajtů: 13 330 878 464
Po spuštění: Volných bajtů: 13 267 468 288
.
- - End Of File - - DAF2F731DD324C97FB07B17FBCD0E31D

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:48, on 3.9.2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Program Files (x86)\ConMet\ConMet.exe
C:\Program Files (x86)\ICQ7.6\ICQ.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
E:\Instalátory - extra\Od 1.1.2011 Instalátory\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ConMet] C:\Program Files (x86)\ConMet\ConMet.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11358 bytes

Moc děkuju za ochotu + vstřícnost .... :smile:

Reklama

Stinger · Příspěvekod **Stinger** » 03 zář 2011 18:07

ComboFix 11-08-26.04 - Rene_Negro 03.09.2011 17:09:42.3.2 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3582.2414 [GMT 2:00]
Spuštěný z: c:\users\Rene_Negro\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Rene_Negro\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_6633.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-03 do 2011-09-03 )))))))))))))))))))))))))))))))
.
.
2011-09-03 15:11 . 2011-09-03 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-03 15:11 . 2011-09-03 15:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-09-02 07:16 . 2011-08-16 06:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79615862-F550-4614-AA2B-6A30F7BBFA97}\mpengine.dll
2011-08-27 20:04 . 2011-08-27 20:05 -------- d-----w- c:\program files (x86)\ICQ7.6
2011-08-25 12:05 . 2011-08-25 12:05 -------- d-----w- c:\users\Rene_Negro\AppData\Roaming\Malwarebytes
2011-08-25 12:05 . 2011-08-25 12:05 -------- d-----w- c:\programdata\Malwarebytes
2011-08-25 12:05 . 2011-08-26 14:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-25 12:05 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-25 06:12 . 2011-08-25 06:12 -------- d-----w- c:\windows\cs
2011-08-25 06:07 . 2011-08-25 06:07 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-08-24 15:14 . 2011-08-24 15:14 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2011-08-24 15:13 . 2011-08-24 15:14 -------- d-----w- c:\program files (x86)\QuickTime
2011-08-24 15:13 . 2011-08-24 15:13 -------- d-----w- c:\programdata\Apple Computer
2011-08-24 15:11 . 2011-08-24 15:11 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-08-24 05:39 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 05:39 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 12:34 . 2011-08-23 12:38 -------- d-----w- c:\users\Rene_Negro\Neznámé soubory
2011-08-23 12:33 . 2011-08-23 12:33 -------- d-----w- c:\users\Rene_Negro\Pro poradny a fóra
2011-08-23 08:09 . 2011-08-23 08:09 229408 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-08-23 08:09 . 2007-02-16 14:40 11264 ----a-w- c:\windows\system32\relog_ap.dll
2011-08-18 15:16 . 2011-08-18 15:16 -------- d-----w- c:\program files (x86)\SweetIM
2011-08-18 15:16 . 2011-08-18 15:16 -------- d-----w- c:\programdata\SweetIM
2011-08-17 15:39 . 2011-08-17 15:39 -------- d-----w- c:\programdata\ICQ
2011-08-15 14:45 . 2011-08-15 14:45 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9c4aaaa1cc5b5a01\MeshBetaRemover.exe
2011-08-15 13:32 . 2011-08-15 13:45 -------- d-----w- c:\users\Rene_Negro\.gimp-2.6
2011-08-15 08:54 . 2011-08-15 09:01 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2010
2011-08-13 17:11 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-13 17:11 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-13 17:11 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-13 17:11 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-12 09:49 . 2011-08-12 09:49 -------- d-----w- c:\programdata\NetSoftware01
2011-08-07 16:09 . 2011-08-07 16:10 -------- d-----w- c:\program files (x86)\Trust Webcam 16175
2011-08-07 16:08 . 2011-08-07 16:08 -------- d-----w- c:\users\Rene_Negro\AppData\Roaming\InstallShield
2011-08-06 13:18 . 2011-08-06 13:18 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-06 13:18 . 2011-08-06 13:18 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-08-06 13:18 . 2011-08-06 13:18 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-06 13:18 . 2011-08-06 13:18 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-06 13:18 . 2009-04-02 09:38 1908736 ------w- c:\windows\system32\Sens_oal.dll
2011-08-06 13:18 . 2009-04-02 09:33 2873820 ------w- c:\windows\SysWow64\Sens_oal.dll
2011-08-06 13:18 . 2011-08-06 13:18 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2011-08-06 13:17 . 2009-03-26 12:48 190976 ----a-w- c:\windows\system32\APOMgr64.DLL
2011-08-06 13:17 . 2009-03-26 12:46 148480 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2011-08-06 13:17 . 2009-02-06 16:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
2011-08-06 13:17 . 2009-02-06 16:52 73728 ----a-w- c:\windows\SysWow64\CmdRtr.DLL
2011-08-06 13:14 . 2011-08-06 13:18 -------- d-----w- c:\program files\Creative
2011-08-06 12:58 . 2007-03-13 01:53 55296 ----a-w- c:\windows\system32\ctppld.dll
2011-08-06 12:57 . 2011-08-06 12:57 -------- d-----w- c:\windows\SysWow64\Data
2011-08-06 12:57 . 2011-08-06 12:57 -------- d-----w- c:\windows\system32\Data
2011-08-06 12:57 . 2005-06-15 09:07 11264 ----a-w- c:\windows\SysWow64\INRES.DLL
2011-08-06 11:13 . 2011-08-06 11:13 -------- d-----w- c:\users\Rene_Negro\AppData\Roaming\Creative
2011-08-06 10:19 . 2011-08-06 13:17 -------- d-----w- c:\programdata\Creative
2011-08-06 10:13 . 2003-06-12 21:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd
2011-08-06 10:12 . 2006-10-06 06:17 53248 ------w- c:\windows\Ctregrun.exe
2011-08-06 10:10 . 2011-08-06 10:10 -------- d-----w- c:\program files (x86)\Common Files\Creative
2011-08-06 10:10 . 2011-08-06 13:18 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2011-08-06 10:06 . 2011-08-06 13:18 -------- d-----w- c:\program files (x86)\Creative
2011-08-06 10:04 . 2003-11-10 16:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-08-06 10:04 . 2003-11-10 16:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-08-06 10:04 . 2003-11-10 16:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-08-06 10:04 . 2003-11-10 16:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-08-06 10:04 . 2003-11-10 16:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-08-06 10:04 . 2011-08-06 10:04 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-08-06 10:04 . 2011-08-06 10:04 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 08:09 . 2010-04-08 14:54 81952 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2011-08-23 08:09 . 2010-04-08 14:54 711712 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-08-23 08:09 . 2010-04-08 14:54 593952 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2011-07-16 04:26 . 2011-08-13 17:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-20 12:59 . 2011-06-20 12:59 22 --sha-w- c:\users\Rene_Negro\AppData\Roaming\Sys2662.Config.Repository.bin
2011-06-15 10:36 . 2011-06-15 10:36 11194368 ----a-w- c:\program files (x86)\MailClient.exe
2011-06-15 10:35 . 2011-06-15 10:35 409600 ----a-w- c:\program files (x86)\HTMLEditorControl.dll
2011-06-15 10:35 . 2011-06-15 10:35 53760 ----a-w- c:\program files (x86)\IcewarpDllProxy.exe
2011-06-15 10:35 . 2011-06-15 10:35 3072 ----a-w- c:\program files (x86)\MailClient.Localization.dll
2011-06-15 10:35 . 2011-06-15 10:35 81408 ----a-w- c:\program files (x86)\MailClient.Mail.dll
2011-06-15 10:35 . 2011-06-15 10:35 125440 ----a-w- c:\program files (x86)\SgmlReader.dll
2011-06-15 06:46 . 2011-05-13 18:33 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-11 03:07 . 2011-07-13 07:51 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-05-19 13:23 . 2011-05-19 13:23 19968 ----a-w- c:\program files (x86)\MailClient.Mapi.dll
2011-05-19 13:21 . 2011-05-19 13:21 544768 ----a-w- c:\program files (x86)\jabber-net.dll
2011-05-19 13:21 . 2011-05-19 13:21 64512 ----a-w- c:\program files (x86)\DbRepair.exe
2011-05-19 13:21 . 2011-05-19 13:21 19968 ----a-w- c:\program files (x86)\MailClient.Collections.dll
2011-05-19 13:21 . 2011-05-19 13:21 13824 ----a-w- c:\program files (x86)\Microsoft.Experimental.IO.dll
2011-05-19 13:21 . 2011-05-19 13:21 11776 ----a-w- c:\program files (x86)\OutlookAccountInterfaces.dll
2011-05-19 13:21 . 2011-05-19 13:21 160256 ----a-w- c:\program files (x86)\System.Data.SQLite.dll
2011-05-19 13:21 . 2011-05-19 13:21 308736 ----a-w- c:\program files (x86)\HtmlInterop.dll
2011-05-19 13:21 . 2011-05-19 13:21 29184 ----a-w- c:\program files (x86)\NHunspell.dll
2011-05-19 13:21 . 2011-05-19 13:21 15872 ----a-w- c:\program files (x86)\netlib.Dns.dll
2011-03-03 15:02 . 2011-03-03 15:02 322048 ----a-w- c:\program files (x86)\Newtonsoft.Json.Net20.dll
2011-03-02 14:56 . 2011-03-02 14:56 73728 ----a-w- c:\program files (x86)\zlib.net.dll
2011-03-02 14:56 . 2011-03-02 14:56 592384 ----a-w- c:\program files (x86)\Hunspellx64.dll
2011-03-02 14:56 . 2011-03-02 14:56 452096 ----a-w- c:\program files (x86)\Hunspellx86.dll
2011-03-02 14:49 . 2011-03-02 14:49 964472 ----a-w- c:\program files (x86)\Microsoft.Office.Interop.Outlook.dll
2011-03-02 14:49 . 2011-03-02 14:49 86016 ----a-w- c:\program files (x86)\Google.GData.Extensions.dll
2011-03-02 14:49 . 2011-03-02 14:49 57344 ----a-w- c:\program files (x86)\RSS.NET.dll
2011-03-02 14:49 . 2011-03-02 14:49 28160 ----a-w- c:\program files (x86)\Google.GData.Contacts.dll
2011-03-02 14:49 . 2011-03-02 14:49 25592 ----a-w- c:\program files (x86)\stdole.dll
2011-03-02 14:49 . 2011-03-02 14:49 192512 ----a-w- c:\program files (x86)\ICSharpCode.SharpZipLib.dll
2011-03-02 14:49 . 2011-03-02 14:49 18944 ----a-w- c:\program files (x86)\Interop.QuartzTypeLib.dll
2011-03-02 14:49 . 2011-03-02 14:49 18944 ----a-w- c:\program files (x86)\GoogleTranslateAPI.dll
2011-03-02 14:49 . 2011-03-02 14:49 184320 ----a-w- c:\program files (x86)\Google.GData.Client.dll
2011-03-02 14:49 . 2011-03-02 14:49 155648 ----a-w- c:\program files (x86)\Interop.SKYPE4COMLib.dll
2011-03-02 14:49 . 2011-03-02 14:49 134144 ----a-w- c:\program files (x86)\Facebook.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-28_08.53.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-10 08:51 . 2011-09-03 15:13 76506 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-09-03 15:13 67408 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-10 08:46 . 2011-09-03 15:13 16858 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2980873199-2753670378-1813586586-1000_UserData.bin
+ 2010-08-26 16:14 . 2011-08-28 09:08 5640 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-08-28 08:52 . 2011-08-28 08:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-03 15:12 . 2011-09-03 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-28 08:52 . 2011-08-28 08:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-03 15:12 . 2011-09-03 15:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-10 10:48 . 2011-08-31 09:41 399302 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-08-28 06:40 619398 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-30 10:26 619398 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2011-08-30 10:26 636226 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2011-08-28 06:40 636226 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-08-28 06:40 107718 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-08-30 10:26 107718 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-08-28 06:40 123768 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-08-30 10:26 123768 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2011-09-03 15:05 447508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-28 08:42 447508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-21 09:17 . 2011-08-31 09:05 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
- 2011-07-21 09:17 . 2011-07-28 09:35 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-08-31 09:05 . 2011-08-31 09:05 3378176 c:\windows\Installer\6b4a9e.msi
+ 2010-04-30 11:15 . 2011-09-03 15:05 28061964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2980873199-2753670378-1813586586-1000-8192.dat
+ 2011-02-21 12:11 . 2011-08-29 15:10 12107428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2980873199-2753670378-1813586586-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ConMet"="c:\program files (x86)\ConMet\ConMet.exe" [2011-08-18 4258816]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-08-27 127040]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-08-18 17360520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" /path="c:\program files\NetSoftware"
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-09 136176]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-08-06 79360]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-03-13 30192]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-09 136176]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-11-16 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-01-25 3051848]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\Zrychleni Pocitace\PCSUService.exe [2011-07-19 206336]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-05-31 1403200]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Rene_Negro\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2716216]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-01-25 3942216]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\program files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files (x86)\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files (x86)\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 81.200.48.12 81.200.48.11
FF - ProfilePath - c:\users\Rene_Negro\AppData\Roaming\Mozilla\Firefox\Profiles\9x9xjqa8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,44,33,08,23,31,e7,45,b9,1e,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,44,33,08,23,31,e7,45,b9,1e,12,\
.
[HKEY_USERS\S-1-5-21-2980873199-2753670378-1813586586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2980873199-2753670378-1813586586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
\OpenWithList]
@Class="Shell"
"a"="POWERPNT.EXE"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2980873199-2753670378-1813586586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*
\OpenWithProgids]
"č_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-2980873199-2753670378-1813586586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*
]
"0"=hex:48,00,6c,00,75,00,62,00,6f,00,6b,00,e1,00,20,00,2e,00,2e,00,2e,00,20,
00,76,00,2e,00,0d,01,00,00,82,00,36,00,00,00,00,00,00,00,00,00,00,00,48,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-2980873199-2753670378-1813586586-1000_Classes\.*
]
@Allowed: (Read) (RestrictedCode)
@="č_auto_file"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="869EF9D33BC1DDF05334B5551BDF89393056AADAFBA92E5F1C110EBFBE95AE8852552D341F9340ED8DA0875E46DF8F74E569FB4BEE147A813B600E3C1214D02A2C012C32B2C4B12F27759359A715EC4A003F3E3803D5FACA1ABFDF38036405012783F177141D7BF8EC67DAEE652D378DA20490E589A3B8BCDA6FE237295C67D97D52C0E44439E98651421B7C0AA810041BF553CEB482C3C940453A6F7F2995758AF5990DA8884D86EA63DA12055D956AD56AAD9F1D4BAE5B33274DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933C038D530D6EB3452B31F08CA53103AC1D707949F0504DC6D6BB16FD7F59B4E949C5FFDCEE77EC5081F0EFC2B547E84C6A01B1992488A96C50F77D96E8D9D6233AB665644ADD10ADD6FD5BE1EB8F79C9E413DB67D624113D9F70DFDE37278288A3037E4677D52EEE670BE195DF142CC0620DBBC0CF4E7B2A747AA4FF31205B37BA7F1E32530115E031DF1ACA667C97600554B52EC1462E9F2D46D1BDECCC02EA8461BE5EC9543D6D7257CEF3CF31B0B52AFC170D1C7B9C0C329557FE6F74D567BF31E4CB46EC2EACE6ED22AE0E7E911082FDBE5F10C99536484C6ED545C6DFB1FCAC7CF74710E3F9490CA7862848D276E8A99D208CFD05163D98B3074B78B85841D497C2948471199591E4B0C02027A18ABDB2E53F75500154E4DDD943AB3EADEEBB7B1D31133AB95486B67308B63CDD92FEC41955DBC378FBC1F67098998B9A7EF8CA277DCBC727E91B567233F76F8506675AA95CAC3632F33738FA9BE8C141A93A5D71EB3725B941EE2B5BF30A2E7575707DB1F814A85927424EBD1668A2FB678442DD48E0472560B3D14E466F19913BA939AFDB355AF9C786C6962012F54426F0DD2AADAC8530AA87317F15C9220E700F37F880B0B0CF469ECC43E85B95F43028ACB36FB3B32B87B98A84D8059A480C76279922338D606A3AA124C5B11C287EBAA700EC67754B0BAA103E037BBE0CB66FE4A780B4DDF7FBB0EB7F8DF3D831E1B3CEAD085411501D4693A1A56D4257BE6CC081848DD8BD4F76370B363EABBDB34F6BC1E77FC6280E9AF306C29E2530585331B54D22052BCD25A4B70ACEB18D78DF3391ACC363D474D949FC96E4A6523B57D43131572BFB1F908A92773B3D9EFB42F886E2C1ABC33882113AED99164D49ADA904070D374F3D064C352E55CD5C3660C26C7B0F90C64D8BC6E1892E2EF5A905F6949B8E7A586ECCB24F124A27536994F61D566CB6841ACB8E388B30F3B3C228208A136769A301A7FA98AC2E6B6EFF2A0DDCED12A25F22AC5FC044B068EC2929FF84024EBAE7C562406234BAE2ADE4F10946966D2A6E5A9FA9814DC6043FB5775201FB2D755B9D3404247BB"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\MHotKey.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\ChiFuncExt.exe
.
**************************************************************************
.
Celkový čas: 2011-09-03 17:15:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-03 15:15
ComboFix2.txt 2011-09-02 15:21
ComboFix3.txt 2011-08-28 08:57
.
Před spuštěním: Volných bajtů: 13 330 878 464
Po spuštění: Volných bajtů: 13 267 468 288
.
- - End Of File - - DAF2F731DD324C97FB07B17FBCD0E31D

___________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:48, on 3.9.2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\MHotKey.exe
C:\Program Files (x86)\ConMet\ConMet.exe
C:\Program Files (x86)\ICQ7.6\ICQ.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\ChiFuncExt.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
E:\Instalátory - extra\Od 1.1.2011 Instalátory\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\NetSoftware\IEHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ConMet] C:\Program Files (x86)\ConMet\ConMet.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files (x86)\Zrychleni Pocitace\PCSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11358 bytes

Velké díky za vstřícnost a za srozumitelné navádění na diagnostiku problémů v mém PC ...

bledulka · Příspěvekod **bledulka** » 03 zář 2011 21:33

Jak to ted vypadá s počítačem?

Stinger · Příspěvekod **Stinger** » 04 zář 2011 16:30

D.d. - A opět mám problém = provedl jsem doporučenou prověrku ComboFixem - opět až v Nouzovém režimu - vše probíhalo jako jindy - po dokončení SNAD 50. fáze proběhlo mazání několika položek - pak se spustil restart - a po náběhu PC nevidím log = a to ani v "C" a ani v tamní sl. Combofix ...

A čekám opět na radu či pokyn k tomu co mám dále dělat ... díky za "Něco"

Je také zajímavé toto: ComboFix nechce skenovat v běžně spuštěném PC, a i v NOuzovém režimu a za použití 3 dny starého instalátoru skončil sken rychle a byla jen zobrazené dokončení fáze 49 a pak restart a NIC ...

Pro další sken jsem si stáhl nový instalátor = měl na disku o několik desítek bajtů více ... s novým souborem CF se - a opět v Nouzovém režimu - se sken rozběhl a průběh byl jak je výše uvedené = OK, ale log není ... nebyl také zobrazen po náběhu PC na ploše PC ...

Příspěvekod **jaro3** » 04 zář 2011 19:05

A co tady:

C:\Combofix(číslo).txt ??

Stinger · Příspěvekod **Stinger** » 05 zář 2011 17:02

D.d, - včera = v neděli 4.9. jsem trochu zazmatkoval = neuvědomil jsem si že Log Combofixu z 3.9. je zpracován na základě CFScriptu z 3.9. - a dtto platí i následném logu Hijackthisu, který navázal na výše zmíněný log ComboFixu ...

- 4.9. opakovaný pokus skenu CF byl zbytečný a neúspěšný = výsledek skénu z 4.9. uvádím v dalším ...
- V sobotu jsem zapomněl vložit výsledky testem Virustotalem ... je dnes přiložen

V C: Combofix = je uložen jen log CF zobrazený po neúpěšném testu či skenu CF ...

K PC = zdá se mi, že se chová normálně ... a SNAD bychom mohli ukončit tento příspěvek jako úspěšný ...

Pozn.: tento příspěvek byl založen především k vůli tomu, že se mi z Win7 ztrácely, byly něčím či někým mazané všechny Body obnovení systému ...

Tuto záležitost řešil tvůj kolega v paralelně běžícím příspěvku - jednalo se o zásah do registru v XP a tak je zabráněné tomu, aby XP mohly ve Win7 mazat Body obnovení ... tento paralelně běžící příspěvek jsem již ukončil jako vyřešený problém ...

Nálezy Virustotalem:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:

Sys2662.Config.Repository.bin
Submission date:
2011-09-03 08:36:18 (UTC)
Current status:
finished
Result:
0/ 44 (0.0%)

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
IcewarpDllProxy.exe
Submission date:
2011-09-03 09:29:10 (UTC)
Current status:
finished
Result:
0/ 44 (0.0%)

Microsoft.Experimental.IO.dll
Submission date:
2011-09-03 08:58:03 (UTC)
Current status:
finished
Result:
0/ 44 (0.0%)

OutlookAccountInterfaces.dll
Submission date:
2011-09-03 09:00:48 (UTC)
Current status:
finished
Result:
0/ 44 (0.0%)

HtmlInterop.dll
Submission date:
2011-09-03 09:11:29 (UTC)
Current status:
finished
Result:
0/ 44 (0.0%)

NHunspell.dll
Submission date:
2011-09-03 09:06:22 (UTC)
Current status:
finished
Result:
0/ 44 (0.0%)

Log CF ze 4.9. = neuplný ...:
ComboFix 11-09-03.01 - Rene_Negro 04.09.2011 15:46:39.7.2 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3582.2452 [GMT 2:00]
Spuštěný z: C:\Users\Rene_Negro\Desktop\ComboFix.exe
Použité ovládací přepínače :: C:\Users\Rene_Negro\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\Rene_Negro\AppData\Roaming\ACD Systems\ACDSee\ImageDB.ddf

((((((((((((((((((((((((( Soubory vytvořené od 2011-08-04 do 2011-09-04 )))))))))))))))))))))))))))))))

- Moc děkuju za trpělivost při řešení mého problému ...

Příspěvekod **jaro3** » 05 zář 2011 17:33

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
http://www.edisk.cz/stahni/29485/T-Clea ... 8.5KB.html

smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.

Možností proč nejsou body obnovy je více , nákaza , vypnutí obnovy (překontroluj) ap..

Ještě vlož nový log z HJT.

Win7 - co asi smazalo body obnovy ...

Re: Win7 - co asi smazalo body obnovy ...

Re: Win7 - co asi smazalo body obnovy ...

Re: Win7 - co asi smazalo body obnovy ...

Re: Win7 - co asi smazalo body obnovy ...

Re: Win7 - co asi smazalo body obnovy ...

Re: Win7 - co asi smazalo body obnovy ...

Re: Win7 - co asi smazalo body obnovy ...

Kdo je online