Prosím o preventivní kontrolu logu

[M4RTY]

Čau, už jsem tady dlouho nebyl, počítač určitě bude zasviněný A navíc se mi nainstalovala ochrana StarForce (asi společně s TM ESWC - klidně odistaluju)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:37, on 23.4.2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Martin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Martin\Downloads\hijackthis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll C:\Windows\System32\guard32.dll C:\Windows\System32\guard32.dll
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 8185 bytes



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.04.23.03

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [administrátor]

23.4.2012 14:16:15
mbam-log-2012-04-23 (14-16-15).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 224584
Uplynulý čas: 7 minut, 29 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Users\Martin\Downloads\Keygen.exe (RiskWare.Tool.HCK) -> Umístnění do karantény a smazání se zdařilo.

(konec)

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[M4RTY]

ComboFix 12-04-24.02 - Martin 24.04.2012 15:55:36.10.3 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3519.2523 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FreeRapid
c:\program files\FreeRapid\app.log
c:\program files\FreeRapid\copyright
c:\program files\FreeRapid\doc\changes.txt
c:\program files\FreeRapid\doc\readme.cz.txt
c:\program files\FreeRapid\doc\readme.esp(LA).txt
c:\program files\FreeRapid\doc\readme.esp.txt
c:\program files\FreeRapid\doc\readme.fr.txt
c:\program files\FreeRapid\doc\readme.hr.txt
c:\program files\FreeRapid\doc\readme.ru.txt
c:\program files\FreeRapid\doc\readme.txt
c:\program files\FreeRapid\frd.exe
c:\program files\FreeRapid\frd.ico
c:\program files\FreeRapid\frd.jar
c:\program files\FreeRapid\frd.png
c:\program files\FreeRapid\frd.sh
c:\program files\FreeRapid\lib\appframework.jar
c:\program files\FreeRapid\lib\buttonpanel.jar
c:\program files\FreeRapid\lib\commons-cli-2.0-SNAPSHOT.jar
c:\program files\FreeRapid\lib\commons-codec-1.4.jar
c:\program files\FreeRapid\lib\commons-httpclient-3.1.jar
c:\program files\FreeRapid\lib\commons-logging-1.1.jar
c:\program files\FreeRapid\lib\forms.jar
c:\program files\FreeRapid\lib\ICOReader-1.04.jar
c:\program files\FreeRapid\lib\jai_codec.jar
c:\program files\FreeRapid\lib\jgoodiesbinding.jar
c:\program files\FreeRapid\lib\jlibs-core.jar
c:\program files\FreeRapid\lib\jlibs-xml.jar
c:\program files\FreeRapid\lib\jna.jar
c:\program files\FreeRapid\lib\jpf.jar
c:\program files\FreeRapid\lib\l2fprod-common-buttonbar.jar
c:\program files\FreeRapid\lib\l2fprod-common-directorychooser.jar
c:\program files\FreeRapid\lib\languages.jar
c:\program files\FreeRapid\lib\mina-core-2.0.1-sh.jar
c:\program files\FreeRapid\lib\platform.jar
c:\program files\FreeRapid\lib\slf4j-api-1.6.1.jar
c:\program files\FreeRapid\lib\slf4j-nop-1.6.1.jar
c:\program files\FreeRapid\lib\swingx.jar
c:\program files\FreeRapid\lib\trident.jar
c:\program files\FreeRapid\License
c:\program files\FreeRapid\lookandfeel\JTattoo.jar
c:\program files\FreeRapid\lookandfeel\libquaqua.jnilib
c:\program files\FreeRapid\lookandfeel\libquaqua64.jnilib
c:\program files\FreeRapid\lookandfeel\quaqua.jar
c:\program files\FreeRapid\lookandfeel\squareness.jar
c:\program files\FreeRapid\lookandfeel\substance-lite.jar
c:\program files\FreeRapid\lookandfeel\substance-swingx.jar
c:\program files\FreeRapid\lookandfeel\swing-layout.jar
c:\program files\FreeRapid\plugins\4upload.frp
c:\program files\FreeRapid\plugins\addat.frp
c:\program files\FreeRapid\plugins\alfa_files.frp
c:\program files\FreeRapid\plugins\anonym.frp
c:\program files\FreeRapid\plugins\appletrailers.frp
c:\program files\FreeRapid\plugins\ardmediathek.frp
c:\program files\FreeRapid\plugins\badongo.frp
c:\program files\FreeRapid\plugins\bagruj.frp
c:\program files\FreeRapid\plugins\barrandov.frp
c:\program files\FreeRapid\plugins\bbc.frp
c:\program files\FreeRapid\plugins\bebasupload.frp
c:\program files\FreeRapid\plugins\bigandfree.frp
c:\program files\FreeRapid\plugins\bigandfree_premium.frp
c:\program files\FreeRapid\plugins\biggerupload.frp
c:\program files\FreeRapid\plugins\bigshare.frp
c:\program files\FreeRapid\plugins\bitroad.frp
c:\program files\FreeRapid\plugins\bitshare.frp
c:\program files\FreeRapid\plugins\blogspot.frp
c:\program files\FreeRapid\plugins\cbs.frp
c:\program files\FreeRapid\plugins\co.frp
c:\program files\FreeRapid\plugins\cobrashare.frp
c:\program files\FreeRapid\plugins\container.frp
c:\program files\FreeRapid\plugins\cramit.frp
c:\program files\FreeRapid\plugins\createfile.frp
c:\program files\FreeRapid\plugins\cryptit.frp
c:\program files\FreeRapid\plugins\czshare.frp
c:\program files\FreeRapid\plugins\czshare_profi.frp
c:\program files\FreeRapid\plugins\dailymotion.frp
c:\program files\FreeRapid\plugins\data.frp
c:\program files\FreeRapid\plugins\data_premium.frp
c:\program files\FreeRapid\plugins\dataport.frp
c:\program files\FreeRapid\plugins\dataup.frp
c:\program files\FreeRapid\plugins\depositfiles.frp
c:\program files\FreeRapid\plugins\depositfiles_premium.frp
c:\program files\FreeRapid\plugins\direct.frp
c:\program files\FreeRapid\plugins\disperseit.frp
c:\program files\FreeRapid\plugins\divshare.frp
c:\program files\FreeRapid\plugins\dlfreefr.frp
c:\program files\FreeRapid\plugins\dnbshare.frp
c:\program files\FreeRapid\plugins\duckload.frp
c:\program files\FreeRapid\plugins\easyshare.frp
c:\program files\FreeRapid\plugins\easysharews.frp
c:\program files\FreeRapid\plugins\edisk.frp
c:\program files\FreeRapid\plugins\egoshare.frp
c:\program files\FreeRapid\plugins\enterupload.frp
c:\program files\FreeRapid\plugins\extabit.frp
c:\program files\FreeRapid\plugins\extrashare.frp
c:\program files\FreeRapid\plugins\facebook.frp
c:\program files\FreeRapid\plugins\fastload.frp
c:\program files\FreeRapid\plugins\fdnlinks.frp
c:\program files\FreeRapid\plugins\file2box.frp
c:\program files\FreeRapid\plugins\filebaseto.frp
c:\program files\FreeRapid\plugins\filebeam.frp
c:\program files\FreeRapid\plugins\filebitnet.frp
c:\program files\FreeRapid\plugins\filebox.frp
c:\program files\FreeRapid\plugins\filedropper.frp
c:\program files\FreeRapid\plugins\filefactory.frp
c:\program files\FreeRapid\plugins\filefactory_premium.frp
c:\program files\FreeRapid\plugins\fileflyer.frp
c:\program files\FreeRapid\plugins\filer.frp
c:\program files\FreeRapid\plugins\filerack.frp
c:\program files\FreeRapid\plugins\files.frp
c:\program files\FreeRapid\plugins\filesavr.frp
c:\program files\FreeRapid\plugins\filesdump.frp
c:\program files\FreeRapid\plugins\filesend.frp
c:\program files\FreeRapid\plugins\fileserve.frp
c:\program files\FreeRapid\plugins\fileserve_premium.frp
c:\program files\FreeRapid\plugins\fileshare.frp
c:\program files\FreeRapid\plugins\fileshost.frp
c:\program files\FreeRapid\plugins\filesmonster.frp
c:\program files\FreeRapid\plugins\filesonic.frp
c:\program files\FreeRapid\plugins\filesonic_premium.frp
c:\program files\FreeRapid\plugins\filestore.frp
c:\program files\FreeRapid\plugins\filestoreua.frp
c:\program files\FreeRapid\plugins\filestube.frp
c:\program files\FreeRapid\plugins\fileupload.frp
c:\program files\FreeRapid\plugins\flickr.frp
c:\program files\FreeRapid\plugins\flickrcollections.frp
c:\program files\FreeRapid\plugins\flyshare.frp
c:\program files\FreeRapid\plugins\flyupload.frp
c:\program files\FreeRapid\plugins\forshared.frp
c:\program files\FreeRapid\plugins\forusto.frp
c:\program files\FreeRapid\plugins\freakshare.frp
c:\program files\FreeRapid\plugins\freefolder.frp
c:\program files\FreeRapid\plugins\freevideo.frp
c:\program files\FreeRapid\plugins\fsx.frp
c:\program files\FreeRapid\plugins\gametrailers.frp
c:\program files\FreeRapid\plugins\getapp.frp
c:\program files\FreeRapid\plugins\gigapeta.frp
c:\program files\FreeRapid\plugins\gigasize.frp
c:\program files\FreeRapid\plugins\gigaup.frp
c:\program files\FreeRapid\plugins\googlevideo.frp
c:\program files\FreeRapid\plugins\gotupload.frp
c:\program files\FreeRapid\plugins\hamstershare.frp
c:\program files\FreeRapid\plugins\hellshare.frp
c:\program files\FreeRapid\plugins\hellshare_full.frp
c:\program files\FreeRapid\plugins\hellspy.frp
c:\program files\FreeRapid\plugins\hollywoodtuna.frp
c:\program files\FreeRapid\plugins\hotfile.frp
c:\program files\FreeRapid\plugins\hotfile_premium.frp
c:\program files\FreeRapid\plugins\hotfilefolder.frp
c:\program files\FreeRapid\plugins\hulkshare.frp
c:\program files\FreeRapid\plugins\hulu.frp
c:\program files\FreeRapid\plugins\hyperfileshare.frp
c:\program files\FreeRapid\plugins\channel4.frp
c:\program files\FreeRapid\plugins\i_filez.frp
c:\program files\FreeRapid\plugins\ifile.frp
c:\program files\FreeRapid\plugins\ifile_login.frp
c:\program files\FreeRapid\plugins\ifolder.frp
c:\program files\FreeRapid\plugins\ilix.frp
c:\program files\FreeRapid\plugins\imagebam.frp
c:\program files\FreeRapid\plugins\imagehaven.frp
c:\program files\FreeRapid\plugins\imageshack.frp
c:\program files\FreeRapid\plugins\imagevenue.frp
c:\program files\FreeRapid\plugins\imzupload.frp
c:\program files\FreeRapid\plugins\indowebster.frp
c:\program files\FreeRapid\plugins\iskladka.frp
c:\program files\FreeRapid\plugins\itv.frp
c:\program files\FreeRapid\plugins\jandown.frp
c:\program files\FreeRapid\plugins\keepfile.frp
c:\program files\FreeRapid\plugins\kewlshare.frp
c:\program files\FreeRapid\plugins\leteckaposta.frp
c:\program files\FreeRapid\plugins\letitbit.frp
c:\program files\FreeRapid\plugins\letitbit_premium.frp
c:\program files\FreeRapid\plugins\linkbee.frp
c:\program files\FreeRapid\plugins\linkblur.frp
c:\program files\FreeRapid\plugins\linkbucks.frp
c:\program files\FreeRapid\plugins\linksave.frp
c:\program files\FreeRapid\plugins\lixin.frp
c:\program files\FreeRapid\plugins\loadto.frp
c:\program files\FreeRapid\plugins\mediafire.frp
c:\program files\FreeRapid\plugins\mega1280.frp
c:\program files\FreeRapid\plugins\megashare.frp
c:\program files\FreeRapid\plugins\megashares.frp
c:\program files\FreeRapid\plugins\megasharevn.frp
c:\program files\FreeRapid\plugins\megaupload.frp
c:\program files\FreeRapid\plugins\megaupload_premium.frp
c:\program files\FreeRapid\plugins\megavideo.frp
c:\program files\FreeRapid\plugins\megavideo_premium.frp
c:\program files\FreeRapid\plugins\metacafe.frp
c:\program files\FreeRapid\plugins\metadivx.frp
c:\program files\FreeRapid\plugins\microsoftdownloads.frp
c:\program files\FreeRapid\plugins\mimima.frp
c:\program files\FreeRapid\plugins\miroriii.frp
c:\program files\FreeRapid\plugins\missupload.frp
c:\program files\FreeRapid\plugins\movielibrary.frp
c:\program files\FreeRapid\plugins\multiload.frp
c:\program files\FreeRapid\plugins\multishare.frp
c:\program files\FreeRapid\plugins\multishare_premium.frp
c:\program files\FreeRapid\plugins\multiupload.frp
c:\program files\FreeRapid\plugins\myurl.frp
c:\program files\FreeRapid\plugins\nahrajcz.frp
c:\program files\FreeRapid\plugins\narod.frp
c:\program files\FreeRapid\plugins\nbc.frp
c:\program files\FreeRapid\plugins\netloadin.frp
c:\program files\FreeRapid\plugins\nova.frp
c:\program files\FreeRapid\plugins\novaup.frp
c:\program files\FreeRapid\plugins\o2musicstream.frp
c:\program files\FreeRapid\plugins\odsiebie.frp
c:\program files\FreeRapid\plugins\oron.frp
c:\program files\FreeRapid\plugins\oron_premium.frp
c:\program files\FreeRapid\plugins\paid4share.frp
c:\program files\FreeRapid\plugins\photobucket.frp
c:\program files\FreeRapid\plugins\picasa.frp
c:\program files\FreeRapid\plugins\plunder.frp
c:\program files\FreeRapid\plugins\protectlinks.frp
c:\program files\FreeRapid\plugins\protectmylinks.frp
c:\program files\FreeRapid\plugins\przeklej.frp
c:\program files\FreeRapid\plugins\qshare.frp
c:\program files\FreeRapid\plugins\quickshare.frp
c:\program files\FreeRapid\plugins\quickshare_premium.frp
c:\program files\FreeRapid\plugins\radikalru.frp
c:\program files\FreeRapid\plugins\rapidlibrary.frp
c:\program files\FreeRapid\plugins\rapidshare.frp
c:\program files\FreeRapid\plugins\rapidshare_premium.frp
c:\program files\FreeRapid\plugins\rapidsharede.frp
c:\program files\FreeRapid\plugins\rapidshareuser.frp
c:\program files\FreeRapid\plugins\recaptcha.frp
c:\program files\FreeRapid\plugins\relink.frp
c:\program files\FreeRapid\plugins\remixshare.frp
c:\program files\FreeRapid\plugins\rghost.frp
c:\program files\FreeRapid\plugins\rsmonkey.frp
c:\program files\FreeRapid\plugins\rte.frp
c:\program files\FreeRapid\plugins\rtmp.frp
c:\program files\FreeRapid\plugins\rtve.frp
c:\program files\FreeRapid\plugins\ruutu.frp
c:\program files\FreeRapid\plugins\savefile.frp
c:\program files\FreeRapid\plugins\saveqube.frp
c:\program files\FreeRapid\plugins\sdilej.frp
c:\program files\FreeRapid\plugins\securedin.frp
c:\program files\FreeRapid\plugins\sendspace.frp
c:\program files\FreeRapid\plugins\sendspacepl.frp
c:\program files\FreeRapid\plugins\serienjunkies.frp
c:\program files\FreeRapid\plugins\servupcoil.frp
c:\program files\FreeRapid\plugins\shareapicnet.frp
c:\program files\FreeRapid\plugins\shareator.frp
c:\program files\FreeRapid\plugins\sharebee.frp
c:\program files\FreeRapid\plugins\sharebomb.frp
c:\program files\FreeRapid\plugins\shareflare.frp
c:\program files\FreeRapid\plugins\sharelinksbiz.frp
c:\program files\FreeRapid\plugins\shareonline.frp
c:\program files\FreeRapid\plugins\shareplace.frp
c:\program files\FreeRapid\plugins\sharerapid.frp
c:\program files\FreeRapid\plugins\sharingmatrix.frp
c:\program files\FreeRapid\plugins\sharingmatrix_premium.frp
c:\program files\FreeRapid\plugins\slingfile.frp
c:\program files\FreeRapid\plugins\socadvnet.frp
c:\program files\FreeRapid\plugins\soundcloud.frp
c:\program files\FreeRapid\plugins\spankwire.frp
c:\program files\FreeRapid\plugins\speedyshare.frp
c:\program files\FreeRapid\plugins\storage.frp
c:\program files\FreeRapid\plugins\storeplace.frp
c:\program files\FreeRapid\plugins\streamcz.frp
c:\program files\FreeRapid\plugins\superfastfile.frp
c:\program files\FreeRapid\plugins\svtplay.frp
c:\program files\FreeRapid\plugins\teradepot.frp
c:\program files\FreeRapid\plugins\tinyurl.frp
c:\program files\FreeRapid\plugins\titulky.frp
c:\program files\FreeRapid\plugins\toshared.frp
c:\program files\FreeRapid\plugins\tube8.frp
c:\program files\FreeRapid\plugins\tunescoop.frp
c:\program files\FreeRapid\plugins\turbobit.frp
c:\program files\FreeRapid\plugins\turboshare.frp
c:\program files\FreeRapid\plugins\u115.frp
c:\program files\FreeRapid\plugins\ugotfile.frp
c:\program files\FreeRapid\plugins\ulozcz.frp
c:\program files\FreeRapid\plugins\ulozisko.frp
c:\program files\FreeRapid\plugins\ulozto.frp
c:\program files\FreeRapid\plugins\ultrashare.frp
c:\program files\FreeRapid\plugins\unibytes.frp
c:\program files\FreeRapid\plugins\up-file.com.frp
c:\program files\FreeRapid\plugins\uploadbox.frp
c:\program files\FreeRapid\plugins\uploadcomua.frp
c:\program files\FreeRapid\plugins\uploadedto.frp
c:\program files\FreeRapid\plugins\uploadil.frp
c:\program files\FreeRapid\plugins\uploading.frp
c:\program files\FreeRapid\plugins\uploadjocketredirect.frp
c:\program files\FreeRapid\plugins\uploadjockey.frp
c:\program files\FreeRapid\plugins\uploadline.frp
c:\program files\FreeRapid\plugins\uploadspace.frp
c:\program files\FreeRapid\plugins\uploadstation.frp
c:\program files\FreeRapid\plugins\uppit.frp
c:\program files\FreeRapid\plugins\urlcash.frp
c:\program files\FreeRapid\plugins\usercash.frp
c:\program files\FreeRapid\plugins\usershare.frp
c:\program files\FreeRapid\plugins\videolectures.frp
c:\program files\FreeRapid\plugins\videoweed.frp
c:\program files\FreeRapid\plugins\vimeo.frp
c:\program files\FreeRapid\plugins\vip-file.frp
c:\program files\FreeRapid\plugins\webshare.frp
c:\program files\FreeRapid\plugins\webshots.frp
c:\program files\FreeRapid\plugins\wiiupload.frp
c:\program files\FreeRapid\plugins\wikiupload.frp
c:\program files\FreeRapid\plugins\x7.frp
c:\program files\FreeRapid\plugins\xtraupload.frp
c:\program files\FreeRapid\plugins\xun6.frp
c:\program files\FreeRapid\plugins\yleareena.frp
c:\program files\FreeRapid\plugins\yourfilehost.frp
c:\program files\FreeRapid\plugins\yourfiles.frp
c:\program files\FreeRapid\plugins\youtube.frp
c:\program files\FreeRapid\plugins\yunfile.frp
c:\program files\FreeRapid\plugins\zhlednito.frp
c:\program files\FreeRapid\plugins\ziddu.frp
c:\program files\FreeRapid\plugins\zippyshare.frp
c:\program files\FreeRapid\plugins\zshare.frp
c:\program files\FreeRapid\readme.txt
c:\program files\FreeRapid\search\freerapid.xml
c:\program files\FreeRapid\search\google.xml
c:\program files\FreeRapid\search\ulozto.xml
c:\program files\FreeRapid\startup.properties
c:\program files\FreeRapid\syscmd.properties
c:\program files\FreeRapid\tools\gocr\gocr.exe
c:\program files\FreeRapid\tools\nircmd\nircmd.exe
c:\program files\FreeRapid\tools\nircmd\NirCmd.chm
c:\program files\FreeRapid\tools\socks\setupproxy.sh
c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\730ycoe2.default\weave\toFetch
c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\730ycoe2.default\weave\toFetch\bookmarks.json
c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\730ycoe2.default\weave\toFetch\clients.json
c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\730ycoe2.default\weave\toFetch\forms.json
c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\730ycoe2.default\weave\toFetch\history.json
c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\730ycoe2.default\weave\toFetch\passwords.json
c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\730ycoe2.default\weave\toFetch\prefs.json
c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\730ycoe2.default\weave\toFetch\tabs.json
c:\users\Martin\AppData\Roaming\vso_ts_preview.xml
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-24 do 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 09:51 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54A0DEB5-B607-49B0-95F1-A737C7564E49}\mpengine.dll
2012-04-23 19:29 . 2012-04-23 19:29 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2012-04-23 19:29 . 2012-04-23 19:29 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-04-23 19:29 . 2012-04-23 19:29 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-04-23 18:26 . 2012-04-23 18:26 -------- d-----w- c:\programdata\Sony Ericsson
2012-04-23 18:26 . 2012-04-23 19:29 -------- d-----w- c:\program files\Sony Ericsson
2012-04-20 12:23 . 2004-03-08 23:00 224016 ----a-w- c:\windows\system32\TabCtl32.ocx
2012-04-18 16:35 . 2012-04-18 16:36 -------- d-----w- c:\program files\TrackMania Nations ESWC
2012-04-17 13:09 . 2012-04-17 13:09 -------- d-----w- c:\program files\Common Files\Skype
2012-04-14 17:48 . 2012-04-14 17:48 -------- d-----w- c:\program files\DIFX
2012-04-14 17:44 . 2012-04-14 17:46 -------- d-----w- c:\program files\Unlockroot
2012-04-14 08:55 . 2012-04-14 08:55 -------- d-----w- c:\windows\system32\sysprep
2012-04-11 05:11 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 05:11 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 05:11 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 05:11 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 05:09 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 05:09 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 10:55 . 2012-04-09 10:58 -------- d-----w- c:\users\Martin\AppData\Local\SkypeFx
2012-04-05 17:18 . 2012-04-05 17:28 -------- d-----w- c:\users\Martin\AppData\Roaming\.minecraft
2012-03-29 04:38 . 2012-04-14 17:00 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-27 18:26 . 2012-03-27 18:27 -------- d-----w- c:\users\Martin\AppData\Roaming\ProfiCAD
2012-03-27 18:26 . 2012-03-27 18:26 -------- d-----w- c:\program files\ProfiCAD
2012-03-27 17:14 . 2012-03-27 17:53 -------- d-----w- C:\Nová složka
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 17:00 . 2011-05-16 05:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2010-12-26 18:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2011-09-12 19:59 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-09-12 19:59 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-09-12 20:00 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-09-12 20:00 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-02-25 08:15 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-09-12 20:00 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-09-12 20:00 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-09-12 20:00 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2010-12-20 19:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 18:17 . 2011-01-09 16:44 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-19 18:17 . 2011-01-09 16:43 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-15 05:44 . 2012-03-14 13:59 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 13:59 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 13:59 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:35 . 2012-03-14 14:01 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:35 . 2012-03-14 14:01 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 05:35 . 2012-03-14 14:01 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:35 . 2012-03-14 14:01 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:35 . 2012-03-14 14:01 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-03 04:01 . 2012-03-14 14:01 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-19 18:35 . 2011-03-30 16:43 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-30 9914984]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Win7ZillaBootEnd.exe]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Win7ZillaBootEnd.exe
backup=c:\windows\pss\Win7ZillaBootEnd.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2011-06-14 23:47 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-05 04:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-05 18:56 136176 ----atw- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-10 20:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTV]
2011-12-28 22:41 655360 ----a-w- c:\program files\iTV\iTV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 13:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-12-10 14:55 323584 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2012-03-14 15:14 446136 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-03-18 05:11 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-19 13:55 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-06-30 18:29 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 Win7Zilla;Win7Zilla;c:\windows\system32\drivers\Win7Zilla.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [2009-12-30 114688]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 ALSysIO;ALSysIO;c:\users\Martin\AppData\Local\Temp\ALSysIO.sys [x]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 25728]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-04-23 13224]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-02-23 47360]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-23 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [2009-04-21 12800]
S1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [2009-11-03 64000]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-04-26 162544]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-04-26 44784]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
S3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\DRIVERS\CamSuiteVAC.sys [2008-09-19 37560]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 47104]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2012-04-23 27632]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-04-26 111280]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-04-26 122224]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:00]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389715676-1705300900-3093446007-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 18:56]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389715676-1705300900-3093446007-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-05 18:56]
.
2011-11-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2389715676-1705300900-3093446007-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
2012-04-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2389715676-1705300900-3093446007-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - (no file)
MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
MSConfigStartUp-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe
MSConfigStartUp-Pokki - c:\users\Martin\AppData\Local\Pokki\v0.235\pokki.exe
MSConfigStartUp-PretonClient - c:\program files\Preton\PretonSaver\PretonClient.exe
MSConfigStartUp-WebcamMaxAutoRun - c:\program files\WebcamMax\WebcamMax.exe
MSConfigStartUp-XWidget - c:\program files\XWidget\xwidget.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2389715676-1705300900-3093446007-1000\Software\SecuROM\License information*]
"datasecu"=hex:b3,d6,b8,10,4d,b0,09,ee,3f,00,0e,cf,5b,bb,f7,20,95,4f,8b,03,dc,
d7,9e,f4,f3,67,d9,9f,d3,fb,35,a0,e9,17,72,c8,50,a1,ae,a1,f6,aa,f9,c4,24,e4,\
"rkeysecu"=hex:66,e2,77,8a,0f,b4,d6,2c,27,b5,3e,f6,03,af,e0,a5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2012-04-24 16:06:01
ComboFix-quarantined-files.txt 2012-04-24 14:06
.
Před spuštěním: 1 461 940 224
Po spuštění: 3 374 329 856
.
- - End Of File - - EA26CA83A0F4F0F5E3C2F43528F81DC7


V HJT už nebylo 04..

[Žbeky]

Znáš C:\Nová složka?

Odinstaluj teamviewer 6, nech jen 7 (ano, mají tak deb**** aktualizace...)

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\users\Martin\AppData\Local\Temp\ALSysIO.sys
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389715676-1705300900-3093446007-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389715676-1705300900-3093446007-1000UA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2389715676-1705300900-3093446007-1003.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2389715676-1705300900-3093446007-1003.job

Driver::
ALSysIO

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Comodo"="c:\program files\COMODO\COMODO Internet Security\cfp.exe"

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[M4RTY]

ComboFix 12-04-24.02 - Martin 24.04.2012 19:00:13.11.3 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3519.2295 [GMT 2:00]
Spuštěný z: c:\users\Martin\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Martin\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Martin\AppData\Local\Temp\ALSysIO.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389715676-1705300900-3093446007-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389715676-1705300900-3093446007-1000UA.job"
"c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2389715676-1705300900-3093446007-1003.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2389715676-1705300900-3093446007-1003.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389715676-1705300900-3093446007-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2389715676-1705300900-3093446007-1000UA.job
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2389715676-1705300900-3093446007-1003.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2389715676-1705300900-3093446007-1003.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ALSYSIO
-------\Service_ALSysIO
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-24 do 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 17:09 . 2012-04-24 17:14 -------- d-----w- c:\users\Martin\AppData\Local\temp
2012-04-24 17:09 . 2012-04-24 17:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-24 17:09 . 2012-04-24 17:09 -------- d-----w- c:\users\Ostatní\AppData\Local\temp
2012-04-24 17:09 . 2012-04-24 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 14:10 . 2012-04-24 14:10 -------- d-----w- c:\users\Martin\AppData\Local\Adobe
2012-04-24 13:58 . 2012-04-24 13:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54A0DEB5-B607-49B0-95F1-A737C7564E49}\offreg.dll
2012-04-24 09:51 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54A0DEB5-B607-49B0-95F1-A737C7564E49}\mpengine.dll
2012-04-23 19:29 . 2012-04-23 19:29 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2012-04-23 19:29 . 2012-04-23 19:29 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-04-23 19:29 . 2012-04-23 19:29 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-04-23 18:26 . 2012-04-23 18:26 -------- d-----w- c:\programdata\Sony Ericsson
2012-04-23 18:26 . 2012-04-23 19:29 -------- d-----w- c:\program files\Sony Ericsson
2012-04-20 12:23 . 2004-03-08 23:00 224016 ----a-w- c:\windows\system32\TabCtl32.ocx
2012-04-18 16:35 . 2012-04-18 16:36 -------- d-----w- c:\program files\TrackMania Nations ESWC
2012-04-17 13:09 . 2012-04-17 13:09 -------- d-----w- c:\program files\Common Files\Skype
2012-04-14 17:48 . 2012-04-14 17:48 -------- d-----w- c:\program files\DIFX
2012-04-14 17:44 . 2012-04-14 17:46 -------- d-----w- c:\program files\Unlockroot
2012-04-14 08:55 . 2012-04-14 08:55 -------- d-----w- c:\windows\system32\sysprep
2012-04-11 05:11 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 05:11 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 05:11 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 05:11 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 05:09 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 05:09 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 10:55 . 2012-04-09 10:58 -------- d-----w- c:\users\Martin\AppData\Local\SkypeFx
2012-04-05 17:18 . 2012-04-05 17:28 -------- d-----w- c:\users\Martin\AppData\Roaming\.minecraft
2012-03-29 04:38 . 2012-04-14 17:00 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-27 18:26 . 2012-03-27 18:27 -------- d-----w- c:\users\Martin\AppData\Roaming\ProfiCAD
2012-03-27 18:26 . 2012-03-27 18:26 -------- d-----w- c:\program files\ProfiCAD
2012-03-27 17:14 . 2012-03-27 17:53 -------- d-----w- C:\Nová složka
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 17:00 . 2011-05-16 05:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2010-12-26 18:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2011-09-12 19:59 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-09-12 19:59 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-09-12 20:00 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-09-12 20:00 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-02-25 08:15 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-09-12 20:00 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-09-12 20:00 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-09-12 20:00 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2010-12-20 19:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 18:17 . 2011-01-09 16:44 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-19 18:17 . 2011-01-09 16:43 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-15 05:44 . 2012-03-14 13:59 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-14 13:59 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-14 13:59 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:35 . 2012-03-14 14:01 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:35 . 2012-03-14 14:01 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 05:35 . 2012-03-14 14:01 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:35 . 2012-03-14 14:01 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:35 . 2012-03-14 14:01 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-03 04:01 . 2012-03-14 14:01 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-19 18:35 . 2011-03-30 16:43 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-30 9914984]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HDDlife.lnk]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
backup=c:\windows\pss\Rainmeter.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Win7ZillaBootEnd.exe]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Win7ZillaBootEnd.exe
backup=c:\windows\pss\Win7ZillaBootEnd.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2011-06-14 23:47 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX210 Series]
2008-11-05 04:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-05 18:56 136176 ----atw- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-10 20:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTV]
2011-12-28 22:41 655360 ----a-w- c:\program files\iTV\iTV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-04-04 13:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2007-12-10 14:55 323584 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2012-03-14 15:14 446136 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-03-18 05:11 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-19 13:55 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-06-30 18:29 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 Win7Zilla;Win7Zilla;c:\windows\system32\drivers\Win7Zilla.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-07 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-07 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-07 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-07 25088]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 25728]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-04-23 13224]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 47104]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-02-23 47360]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-23 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [2009-04-21 12800]
S1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [2009-11-03 64000]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-04-26 162544]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-04-26 44784]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [2009-12-30 114688]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\DRIVERS\CamSuiteVAC.sys [2008-09-19 37560]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2012-04-23 27632]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-04-26 111280]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-04-26 122224]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2389715676-1705300900-3093446007-1000\Software\SecuROM\License information*]
"datasecu"=hex:b3,d6,b8,10,4d,b0,09,ee,3f,00,0e,cf,5b,bb,f7,20,95,4f,8b,03,dc,
d7,9e,f4,f3,67,d9,9f,d3,fb,35,a0,e9,17,72,c8,50,a1,ae,a1,f6,aa,f9,c4,24,e4,\
"rkeysecu"=hex:66,e2,77,8a,0f,b4,d6,2c,27,b5,3e,f6,03,af,e0,a5
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-04-24 19:21:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-24 17:21
ComboFix2.txt 2012-04-24 14:06
.
Před spuštěním: 3 005 718 528
Po spuštění: 2 722 615 296
.
- - End Of File - - BEB5C17372357DC06EA6028D5160ABDE


Složku znám, ale odstraním ji. Je zbytečná.

[memphisto]

Ten smazaný FreeRapid chceš obnovit?

[M4RTY]

Ne. Kdyžtak normálně stáhnu, že?

[memphisto]

Máš hodně málo místa na disku. Něco uvolni. 3 GB je fakt málo.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

[M4RTY]

Chtel bych neco uvolnit..ale mam tam takovy bordel, ze nevim co
Jqk dojdu domu, poslu hjt

[memphisto]

No, budeš muset něco smazat, protože 3 GB jsou opravdu málo na spolehlivou funkčnost Win

[M4RTY]

To verim. Uz tak prezivam delsi dobu. Premyslim nad reinstallem, ale jak ty data pretridit?

[memphisto]

Jednoduše... Potřebuji x nepotřebuji. Žádné jednou bych mohl potřebovat neexistuje a uvidíš, kolik budeš mít najednou místa...