pomůžete prosím? posílám log: a předem díky
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2006-12-18 726568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-01-12 370296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~1\WEBIE.DLL []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-09-21 917504]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SiS Tray"=C:\WINDOWS\system32\sistray.EXE [2003-10-30 667648]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-28 188416]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-01-12 185896]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-03-03 536576]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe [2003-10-30 249856]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Disabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\ASUS\WL-520GU Wireless Router Utilities\Discovery.exe"="C:\Program Files\ASUS\WL-520GU Wireless Router Utilities\Discovery.exe:*:Enabled:ASUS Device Discovery Application"
"C:\Program Files\ASUS\Printer Utilities\UsbService.exe"="C:\Program Files\ASUS\Printer Utilities\UsbService.exe:*:Enabled:ASUS Virtual USB Service"
"C:\Documents and Settings\Antonovičová\Plocha\UT_4025_Printer\Printer\Printer.exe"="C:\Documents and Settings\Antonovičová\Plocha\UT_4025_Printer\Printer\Printer.exe:*:Enabled:ASUS Virtual USB Utility"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-07-23 16:49:53 ----D---- C:\Program Files\trend micro
2009-07-23 16:49:51 ----D---- C:\rsit
2009-07-15 21:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-15 21:36:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 21:36:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 21:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-15 21:34:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 21:23:14 ----A---- C:\WINDOWS\system32\wpa.bak
2009-07-15 21:23:06 ----A---- C:\WINDOWS\system32\pidgen.dll.wga
2009-07-15 21:23:05 ----A---- C:\WINDOWS\system32\dpcdll.dll.wga
2009-07-15 03:07:19 ----D---- C:\WINDOWS\Prefetch
2009-07-14 20:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-14 20:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-14 20:24:52 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-14 20:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-14 20:24:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-14 20:24:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-14 20:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-14 20:23:45 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-14 20:23:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-14 20:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-14 20:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-14 20:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-14 20:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-14 20:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-14 20:21:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-14 20:21:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-14 20:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-14 20:21:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-14 20:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-14 20:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-14 20:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-14 20:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-14 20:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-14 20:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-14 20:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-14 20:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-14 20:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-14 20:11:35 ----D---- C:\WINDOWS\system32\cs
2009-07-14 20:11:35 ----D---- C:\WINDOWS\l2schemas
2009-07-14 20:11:34 ----D---- C:\WINDOWS\system32\bits
2009-07-14 20:05:24 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-14 20:00:10 ----D---- C:\WINDOWS\network diagnostic
2009-07-14 19:50:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-13 15:34:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-07-13 15:34:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-07-13 15:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-07-13 15:33:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-07-13 15:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-07-13 15:33:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-07-13 15:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-13 15:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-07-13 15:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-07-13 15:29:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-07-13 15:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-07-13 15:28:35 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-07-13 15:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-13 15:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-07-13 15:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-13 15:25:43 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-13 15:24:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-07-13 15:23:36 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-07-13 15:23:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-07-13 15:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-07-13 15:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-07-13 15:20:36 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-07-13 15:20:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-07-13 15:20:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-07-13 15:18:40 ----D---- C:\WINDOWS\ie8updates
2009-07-13 15:13:45 ----HDC---- C:\WINDOWS\ie8
2009-07-13 15:07:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-07-13 15:03:38 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-13 15:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-07-13 15:00:58 ----D---- C:\WINDOWS\ie7updates
2009-07-13 15:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-07-13 14:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-07-13 14:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-07-13 14:58:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-07-13 14:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-07-13 14:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-07-13 14:57:59 ----D---- C:\Program Files\MSXML 4.0
2009-07-13 14:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-07-13 12:03:18 ----D---- C:\WINDOWS\system32\PreInstall
2009-07-13 12:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-07-13 12:01:33 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-07-13 11:54:46 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-07-12 19:56:58 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-12 19:27:44 ----D---- C:\WINDOWS\Minidump
2009-07-11 22:46:53 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-07-08 22:09:31 ----A---- C:\WINDOWS\CONTEXT.INI
======List of files/folders modified in the last 1 months======
2009-07-23 16:50:54 ----D---- C:\WINDOWS\Temp
2009-07-23 16:49:53 ----RD---- C:\Program Files
2009-07-23 16:46:01 ----D---- C:\WINDOWS\system32\drivers
2009-07-23 16:02:00 ----D---- C:\Documents and Settings
2009-07-23 15:25:13 ----D---- C:\LigaVozicKlient
2009-07-23 14:47:29 ----D---- C:\Program Files\Mozilla Firefox
2009-07-23 09:09:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-22 16:16:59 ----SHD---- C:\System Volume Information
2009-07-22 16:16:59 ----D---- C:\WINDOWS\system32\Restore
2009-07-22 12:55:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-19 22:24:47 ----A---- C:\WINDOWS\WDICT32.INI
2009-07-19 22:24:28 ----D---- C:\WINDOWS
2009-07-15 22:46:44 ----D---- C:\WINDOWS\system32
2009-07-15 22:46:43 ----HD---- C:\WINDOWS\inf
2009-07-15 22:33:02 ----D---- C:\Program Files\TC PowerPack
2009-07-15 22:31:07 ----D---- C:\WINDOWS\Help
2009-07-15 22:20:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-15 22:18:44 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-15 21:56:24 ----D---- C:\Documents and Settings\Antonovičová\Data aplikací\Skype
2009-07-15 21:36:56 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 21:36:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 21:23:21 ----A---- C:\WINDOWS\setuplog.txt
2009-07-15 08:21:35 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-15 03:09:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-15 03:06:53 ----D---- C:\WINDOWS\system32\Setup
2009-07-15 03:06:53 ----D---- C:\WINDOWS\AppPatch
2009-07-15 03:06:53 ----D---- C:\Program Files\Messenger
2009-07-15 03:06:52 ----D---- C:\WINDOWS\system32\wbem
2009-07-15 03:06:52 ----D---- C:\Program Files\Outlook Express
2009-07-15 03:06:52 ----D---- C:\Program Files\Common Files\System
2009-07-15 03:06:51 ----RSD---- C:\WINDOWS\Fonts
2009-07-15 03:06:11 ----D---- C:\WINDOWS\security
2009-07-14 20:25:33 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-14 20:19:27 ----D---- C:\WINDOWS\WinSxS
2009-07-14 20:12:29 ----D---- C:\Program Files\Windows Media Player
2009-07-14 20:12:04 ----D---- C:\WINDOWS\ehome
2009-07-14 20:12:00 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-14 20:11:58 ----D---- C:\WINDOWS\ime
2009-07-14 20:11:37 ----D---- C:\WINDOWS\system32\usmt
2009-07-14 20:11:37 ----D---- C:\WINDOWS\system32\cs-cz
2009-07-14 20:11:35 ----SHD---- C:\WINDOWS\Installer
2009-07-14 20:11:34 ----D---- C:\WINDOWS\PeerNet
2009-07-14 20:11:34 ----D---- C:\Program Files\Movie Maker
2009-07-14 20:04:31 ----D---- C:\WINDOWS\system32\npp
2009-07-14 20:04:29 ----D---- C:\WINDOWS\msagent
2009-07-14 20:04:26 ----D---- C:\WINDOWS\srchasst
2009-07-14 20:04:25 ----D---- C:\Program Files\NetMeeting
2009-07-14 20:04:21 ----D---- C:\WINDOWS\system32\Com
2009-07-14 20:04:12 ----D---- C:\Program Files\Windows NT
2009-07-14 20:03:09 ----D---- C:\WINDOWS\system32\oobe
2009-07-14 20:03:04 ----D---- C:\WINDOWS\system
2009-07-14 19:56:01 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-13 19:24:42 ----SD---- C:\WINDOWS\Tasks
2009-07-13 19:21:39 ----D---- C:\WINDOWS\Media
2009-07-13 19:21:39 ----D---- C:\Program Files\Internet Explorer
2009-07-13 15:03:48 ----D---- C:\WINDOWS\Debug
2009-07-13 11:55:47 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-13 11:55:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-13 10:24:35 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-12 22:29:42 ----D---- C:\Program Files\Common Files\ACD Systems
2009-07-12 21:16:22 ----D---- C:\Program Files\ESET
2009-07-12 20:30:54 ----D---- C:\Documents and Settings\Antonovičová\Data aplikací\Zoner
2009-07-12 20:25:36 ----D---- C:\Program Files\Google
2009-07-12 20:25:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google
2009-07-11 22:13:01 ----D---- C:\WINDOWS\system32\config
2009-07-02 15:20:17 ----A---- C:\WINDOWS\wincmd.ini
2009-07-02 15:19:42 ----A---- C:\WINDOWS\wcx_ftp.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2003-10-29 11264]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 fips32cup;fips32cup; \??\C:\WINDOWS\system32\drivers\fips32cup.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2003-10-29 427776]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 vuhub;Virtual Usb Hub; C:\WINDOWS\system32\DRIVERS\vuhub.sys [2007-12-20 66432]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 acpi32;acpi32; \??\C:\WINDOWS\system32\drivers\acpi32.sys []
S2 amd64si;amd64si; \??\C:\WINDOWS\system32\drivers\amd64si.sys []
S2 ati64si;ati64si; \??\C:\WINDOWS\system32\drivers\ati64si.sys []
S2 i386si;i386si; \??\C:\WINDOWS\system32\drivers\i386si.sys []
S2 ksi32sk;ksi32sk; \??\C:\WINDOWS\system32\drivers\ksi32sk.sys []
S2 netsik;netsik; \??\C:\WINDOWS\system32\drivers\netsik.sys []
S2 nicsk32;nicsk32; \??\C:\WINDOWS\system32\drivers\nicsk32.sys []
S2 port135sik;port135sik; \??\C:\WINDOWS\system32\drivers\port135sik.sys []
S2 securentm;securentm; \??\C:\WINDOWS\system32\drivers\securentm.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S2 systemntmi;systemntmi; \??\C:\WINDOWS\system32\drivers\systemntmi.sys []
S2 ws2_32sik;ws2_32sik; \??\C:\WINDOWS\system32\drivers\ws2_32sik.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-09-21 495616]
R2 UsbService;ASUS Virtual MFP Service; C:\Program Files\ASUS\Printer Utilities\UsbService.exe [2008-07-21 217088]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kryptik ZJ, ZY - prosim o pomoc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: kryptik ZJ, ZY - prosim o pomoc
Hezký podvečer 
Zapojte do pc všechny usb klíče, flashky...co používáte
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Zapojte do pc všechny usb klíče, flashky...co používáte Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: kryptik ZJ, ZY - prosim o pomoc
NOD jsem sice vypnula (tlačítkem zavřít - ikona zmizela), ale Combofix hlásí, že NOD má zapnutý rezidentní štít - co s tím? 
Re: kryptik ZJ, ZY - prosim o pomoc
pokračujte s combofixem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: kryptik ZJ, ZY - prosim o pomoc
on pokračuje samovolně sám, i když jsem to neodsouhlasila
Re: kryptik ZJ, ZY - prosim o pomoc
ComboFix 09-07-23.02 - Antonovičová 23.07.2009 23:33.1.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.700 [GMT 2:00]
Spuštěný z: c:\documents and settings\Antonovičová\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\NetworkService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_acpi32
-------\Service_ati64si
-------\Service_fips32cup
-------\Service_i386si
-------\Service_ksi32sk
-------\Service_netsik
-------\Service_nicsk32
-------\Service_port135sik
-------\Service_securentm
-------\Service_systemntmi
-------\Service_ws2_32sik
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-23 do 2009-07-23 )))))))))))))))))))))))))))))))
.
2009-07-23 14:49 . 2009-07-23 14:49 -------- d-----w- c:\program files\trend micro
2009-07-23 14:49 . 2009-07-23 14:50 -------- d-----w- C:\rsit
2009-07-16 13:14 . 2009-07-20 19:42 -------- d-----w- c:\documents and settings\BUSSSS\Konzultace BUS
2009-07-14 18:11 . 2009-07-14 18:11 -------- d-----w- c:\windows\l2schemas
2009-07-14 18:11 . 2009-07-14 18:11 -------- d-----w- c:\windows\system32\cs
2009-07-14 18:11 . 2009-07-14 18:11 -------- d-----w- c:\windows\system32\bits
2009-07-14 18:05 . 2009-07-14 18:12 -------- d-----w- c:\windows\ServicePackFiles
2009-07-14 08:13 . 2009-07-20 07:48 -------- d-----w- c:\documents and settings\BUSSSS\matuska posudek
2009-07-13 17:24 . 2009-07-13 17:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-13 17:22 . 2009-07-13 17:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-13 17:22 . 2009-07-13 17:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 13:19 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 13:18 . 2009-07-13 13:19 -------- d-----w- c:\windows\ie8updates
2009-07-13 13:18 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 13:18 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 13:13 . 2009-07-13 13:18 -------- dc-h--w- c:\windows\ie8
2009-07-13 12:57 . 2009-07-13 12:57 -------- d-----w- c:\program files\MSXML 4.0
2009-07-13 11:42 . 2004-08-03 20:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-07-13 11:42 . 2004-08-03 20:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-07-13 11:42 . 2004-08-03 20:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-07-13 11:42 . 2004-08-03 20:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-07-13 11:42 . 2004-08-03 20:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-07-13 11:42 . 2004-08-03 20:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2009-07-13 11:42 . 2004-08-03 20:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2009-07-13 11:42 . 2004-08-03 20:41 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2009-07-13 11:42 . 2004-08-03 20:41 404990 ------w- c:\windows\system32\drivers\slntamr.sys
2009-07-13 11:42 . 2004-08-03 20:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
2009-07-13 11:41 . 2004-08-03 20:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
2009-07-13 11:41 . 2004-08-03 20:41 13776 ------w- c:\windows\system32\drivers\recagent.sys
2009-07-13 11:41 . 2004-08-03 20:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2009-07-13 11:41 . 2002-04-03 12:35 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-07-13 11:41 . 2001-10-25 13:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-07-13 11:41 . 2004-08-03 20:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2009-07-13 11:41 . 2004-08-03 20:41 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2009-07-13 11:41 . 2004-08-03 20:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2009-07-13 11:41 . 2004-08-03 20:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-07-13 11:41 . 2004-08-03 20:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-07-13 11:41 . 2004-08-03 20:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-07-13 11:41 . 2004-08-03 20:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-07-13 10:14 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-13 10:14 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-13 10:13 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-13 10:13 . 2009-02-09 11:26 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-13 10:13 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-13 10:13 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-13 10:13 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-13 10:13 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-13 10:13 . 2009-02-09 10:56 728064 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-13 10:13 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-13 10:13 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-13 10:13 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-13 10:13 . 2009-02-09 11:26 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-13 10:13 . 2009-02-09 11:26 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-13 10:12 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-07-13 10:12 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-13 10:12 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-13 10:11 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-13 10:10 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-13 10:10 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-25 21:37 . 2009-07-16 13:14 -------- d-----w- c:\documents and settings\BUSSSS\podklady skládačka Map MMB 09
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 21:01 . 2007-09-21 19:11 -------- d-----w- c:\program files\ESET
2009-07-15 20:33 . 2007-09-21 19:11 -------- d-----w- c:\program files\TC PowerPack
2009-07-15 20:18 . 2007-09-21 19:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 01:09 . 2001-10-25 13:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2009-07-15 01:09 . 2001-10-25 13:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2009-07-14 18:16 . 2007-09-21 18:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-14 18:16 . 2007-09-21 18:40 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-07-12 20:29 . 2007-09-21 19:19 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-07-12 18:25 . 2007-12-26 11:40 -------- d-----w- c:\program files\Google
2009-06-16 14:40 . 2004-08-17 14:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 19:54 . 2009-01-20 16:54 -------- d-----w- c:\program files\rajce
2009-06-03 19:11 . 2004-08-17 14:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:05 . 2004-08-17 14:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2004-08-17 14:49 346624 ----a-w- c:\windows\system32\localspl.dll
2007-11-18 22:30 . 2007-11-18 22:30 260471 ----a-w- c:\program files\Mpeg2DSSetup.exe
2007-09-22 15:53 . 2007-09-22 15:53 5827472 ----a-w- c:\program files\Firefox Setup 2.0.0.7.exe
2006-04-23 14:49 . 2007-10-16 19:57 2897821 ----a-w- c:\program files\bsplayer137.826.exe
2009-07-15 21:16 . 2008-12-17 20:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-02-04 21:42 . 2008-02-04 21:40 24 --sha-w- c:\windows\SB2D9A271.tmp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-09-21 917504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-12 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-03 536576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2007-9-28 233472]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ASUS\\WL-520GU Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.7.2008 14:03 222456]
R2 UsbService;ASUS Virtual MFP Service;c:\program files\ASUS\Printer Utilities\UsbService.exe [8.5.2009 16:05 217088]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [8.5.2009 16:05 66432]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = proxy.karneval.cz:3128
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\WEBIE.DLL
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Antonovičová\Data aplikací\Mozilla\Firefox\Profiles\vg435rd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 23:42
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-07-23 23:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-23 21:47
Před spuštěním: Volných bajtů: 47 555 969 024
Po spuštění: Volných bajtů: 65 979 834 368
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
276 --- E O F --- 2009-07-15 19:37
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.700 [GMT 2:00]
Spuštěný z: c:\documents and settings\Antonovičová\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\NetworkService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\system32\drivers\ati64si.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_acpi32
-------\Service_ati64si
-------\Service_fips32cup
-------\Service_i386si
-------\Service_ksi32sk
-------\Service_netsik
-------\Service_nicsk32
-------\Service_port135sik
-------\Service_securentm
-------\Service_systemntmi
-------\Service_ws2_32sik
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-23 do 2009-07-23 )))))))))))))))))))))))))))))))
.
2009-07-23 14:49 . 2009-07-23 14:49 -------- d-----w- c:\program files\trend micro
2009-07-23 14:49 . 2009-07-23 14:50 -------- d-----w- C:\rsit
2009-07-16 13:14 . 2009-07-20 19:42 -------- d-----w- c:\documents and settings\BUSSSS\Konzultace BUS
2009-07-14 18:11 . 2009-07-14 18:11 -------- d-----w- c:\windows\l2schemas
2009-07-14 18:11 . 2009-07-14 18:11 -------- d-----w- c:\windows\system32\cs
2009-07-14 18:11 . 2009-07-14 18:11 -------- d-----w- c:\windows\system32\bits
2009-07-14 18:05 . 2009-07-14 18:12 -------- d-----w- c:\windows\ServicePackFiles
2009-07-14 08:13 . 2009-07-20 07:48 -------- d-----w- c:\documents and settings\BUSSSS\matuska posudek
2009-07-13 17:24 . 2009-07-13 17:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-13 17:22 . 2009-07-13 17:22 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-13 17:22 . 2009-07-13 17:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-13 13:19 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-13 13:18 . 2009-07-13 13:19 -------- d-----w- c:\windows\ie8updates
2009-07-13 13:18 . 2009-04-30 21:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-13 13:18 . 2009-04-30 21:16 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 13:13 . 2009-07-13 13:18 -------- dc-h--w- c:\windows\ie8
2009-07-13 12:57 . 2009-07-13 12:57 -------- d-----w- c:\program files\MSXML 4.0
2009-07-13 11:42 . 2004-08-03 20:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2009-07-13 11:42 . 2004-08-03 20:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2009-07-13 11:42 . 2004-08-03 20:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2009-07-13 11:42 . 2004-08-03 20:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2009-07-13 11:42 . 2004-08-03 20:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2009-07-13 11:42 . 2004-08-03 20:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2009-07-13 11:42 . 2004-08-03 20:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2009-07-13 11:42 . 2004-08-03 20:41 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2009-07-13 11:42 . 2004-08-03 20:41 404990 ------w- c:\windows\system32\drivers\slntamr.sys
2009-07-13 11:42 . 2004-08-03 20:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
2009-07-13 11:41 . 2004-08-03 20:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
2009-07-13 11:41 . 2004-08-03 20:41 13776 ------w- c:\windows\system32\drivers\recagent.sys
2009-07-13 11:41 . 2004-08-03 20:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2009-07-13 11:41 . 2002-04-03 12:35 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2009-07-13 11:41 . 2001-10-25 13:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2009-07-13 11:41 . 2004-08-03 20:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2009-07-13 11:41 . 2004-08-03 20:41 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2009-07-13 11:41 . 2004-08-03 20:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2009-07-13 11:41 . 2004-08-03 20:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-07-13 11:41 . 2004-08-03 20:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-07-13 11:41 . 2004-08-03 20:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-07-13 11:41 . 2004-08-03 20:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-07-13 10:14 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-13 10:14 . 2008-06-14 17:35 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-13 10:13 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-13 10:13 . 2009-02-09 11:26 2191232 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-13 10:13 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-07-13 10:13 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-07-13 10:13 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-07-13 10:13 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-07-13 10:13 . 2009-02-09 10:56 728064 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-13 10:13 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-07-13 10:13 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-07-13 10:13 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-13 10:13 . 2009-02-09 11:26 2147328 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-13 10:13 . 2009-02-09 11:26 2025984 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-13 10:12 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-07-13 10:12 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-13 10:12 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-07-13 10:11 . 2008-04-11 19:06 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-13 10:10 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-13 10:10 . 2008-04-21 21:15 216576 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-25 21:37 . 2009-07-16 13:14 -------- d-----w- c:\documents and settings\BUSSSS\podklady skládačka Map MMB 09
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 21:01 . 2007-09-21 19:11 -------- d-----w- c:\program files\ESET
2009-07-15 20:33 . 2007-09-21 19:11 -------- d-----w- c:\program files\TC PowerPack
2009-07-15 20:18 . 2007-09-21 19:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 01:09 . 2001-10-25 13:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2009-07-15 01:09 . 2001-10-25 13:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2009-07-14 18:16 . 2007-09-21 18:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-14 18:16 . 2007-09-21 18:40 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-07-12 20:29 . 2007-09-21 19:19 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-07-12 18:25 . 2007-12-26 11:40 -------- d-----w- c:\program files\Google
2009-06-16 14:40 . 2004-08-17 14:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 19:54 . 2009-01-20 16:54 -------- d-----w- c:\program files\rajce
2009-06-03 19:11 . 2004-08-17 14:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:05 . 2004-08-17 14:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2004-08-17 14:49 346624 ----a-w- c:\windows\system32\localspl.dll
2007-11-18 22:30 . 2007-11-18 22:30 260471 ----a-w- c:\program files\Mpeg2DSSetup.exe
2007-09-22 15:53 . 2007-09-22 15:53 5827472 ----a-w- c:\program files\Firefox Setup 2.0.0.7.exe
2006-04-23 14:49 . 2007-10-16 19:57 2897821 ----a-w- c:\program files\bsplayer137.826.exe
2009-07-15 21:16 . 2008-12-17 20:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-02-04 21:42 . 2008-02-04 21:40 24 --sha-w- c:\windows\SB2D9A271.tmp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-09-21 917504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-12 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-03 536576]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2007-9-28 233472]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ASUS\\WL-520GU Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.7.2008 14:03 222456]
R2 UsbService;ASUS Virtual MFP Service;c:\program files\ASUS\Printer Utilities\UsbService.exe [8.5.2009 16:05 217088]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [8.5.2009 16:05 66432]
S2 amd64si;amd64si;\??\c:\windows\system32\drivers\amd64si.sys --> c:\windows\system32\drivers\amd64si.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = proxy.karneval.cz:3128
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\WEBIE.DLL
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Antonovičová\Data aplikací\Mozilla\Firefox\Profiles\vg435rd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 23:42
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2356)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-07-23 23:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-07-23 21:47
Před spuštěním: Volných bajtů: 47 555 969 024
Po spuštění: Volných bajtů: 65 979 834 368
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
276 --- E O F --- 2009-07-15 19:37
Re: kryptik ZJ, ZY - prosim o pomoc
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu
-Log zkopírujte sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: kryptik ZJ, ZY - prosim o pomoc
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2542
Windows 5.1.2600 Service Pack 3
1.8.2009 23:06:12
mbam-log-2009-08-01 (23-05-58).txt
Typ skenu: Rychlý sken
Objektu skenováno: 85871
Uplynulý cas: 5 minute(s), 33 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 4
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\web translator (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
c:\documents and settings\antonovičová\local settings\temporary internet files\REG.EXE (Trojan.Agent) -> No action taken.
c:\documents and settings\antonovičová\local settings\temporary internet files\UN32.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Antonovičová\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Antonovičová\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
//dik//
Verze databáze: 2542
Windows 5.1.2600 Service Pack 3
1.8.2009 23:06:12
mbam-log-2009-08-01 (23-05-58).txt
Typ skenu: Rychlý sken
Objektu skenováno: 85871
Uplynulý cas: 5 minute(s), 33 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 4
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\web translator (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
c:\documents and settings\antonovičová\local settings\temporary internet files\REG.EXE (Trojan.Agent) -> No action taken.
c:\documents and settings\antonovičová\local settings\temporary internet files\UN32.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Antonovičová\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Antonovičová\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
//dik//
Re: kryptik ZJ, ZY - prosim o pomoc
Vše smažte
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe - ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: kryptik ZJ, ZY - prosim o pomoc
jeste uplny sken:
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2542
Windows 5.1.2600 Service Pack 3
1.8.2009 23:50:40
2mbam-log-2009-08-01 (23-50-33)
Typ skenu: Úplný sken (A:\|C:\|D:\|)
Objektu skenováno: 127674
Uplynulý cas: 39 minute(s), 30 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 4
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\web translator (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
c:\documents and settings\antonovičová\local settings\temporary internet files\REG.EXE (Trojan.Agent) -> No action taken.
c:\documents and settings\antonovičová\local settings\temporary internet files\UN32.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Antonovičová\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Antonovičová\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2542
Windows 5.1.2600 Service Pack 3
1.8.2009 23:50:40
2mbam-log-2009-08-01 (23-50-33)
Typ skenu: Úplný sken (A:\|C:\|D:\|)
Objektu skenováno: 127674
Uplynulý cas: 39 minute(s), 30 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 4
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\amd64si (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\web translator (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
c:\documents and settings\antonovičová\local settings\temporary internet files\REG.EXE (Trojan.Agent) -> No action taken.
c:\documents and settings\antonovičová\local settings\temporary internet files\UN32.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Antonovičová\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\Documents and Settings\Antonovičová\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
Re: kryptik ZJ, ZY - prosim o pomoc
vše smažte
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: kryptik ZJ, ZY - prosim o pomoc
smazáno, mám ještě něco zkontrolovat? PC funguje bez problémů...dík.
Re: kryptik ZJ, ZY - prosim o pomoc
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Smažte cache Firefoxu bud ručně nebo ATF Cleanerem
http://www.slunecnice.cz/sw/atf-cleaner/
- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
-zatrhněte Select All a pak klikněte na Empty Selected
pozor - přijdete o všechna hesla uložená ve FF /Opere!
-Na záložce main zaškrtněte All users temp a potvrdte Empty selected
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\drivers\amd64si.sys
c:\windows\system32\Drivers\SSPORT.sys
c:\windows\SB2D9A271.tmp
Driver::
amd64si
SSPORT
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Smažte cache Firefoxu bud ručně nebo ATF Cleaneremhttp://www.slunecnice.cz/sw/atf-cleaner/
- v menu nahoře vyberte záložku Firefox / Opera a klikněte na ni
-zatrhněte Select All a pak klikněte na Empty Selected
pozor - přijdete o všechna hesla uložená ve FF /Opere!
-Na záložce main zaškrtněte All users temp a potvrdte Empty selected
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: kryptik ZJ, ZY - prosim o pomoc
ComboFix 09-08-03.A1 - Antonovičová 04.08.2009 14:33.2.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.657 [GMT 2:00]
Spuštěný z: c:\documents and settings\Antonovičová\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Antonovičová\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
FILE ::
"c:\windows\SB2D9A271.tmp"
"c:\windows\system32\drivers\amd64si.sys"
"c:\windows\system32\Drivers\SSPORT.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\SB2D9A271.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SSPORT
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-04 do 2009-08-04 )))))))))))))))))))))))))))))))
.
2009-08-03 18:55 . 2009-08-04 06:51 -------- d-----w- c:\program files\NOS
2009-08-03 09:55 . 2009-08-03 10:11 -------- d-----w- c:\documents and settings\FOTO\F PRACOVNÍ
2009-08-03 09:48 . 2009-08-03 09:49 -------- d-----w- c:\documents and settings\FOTO\F 2009
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\ABBA
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\Aeoliah
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\African Fire Lizzy Hammond
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\Bobby McFerinn
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\Bratri Ebenove - Chlebicky (2008)
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\Buty - Kapradí
2009-08-02 20:33 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\Buty - Votom
2009-08-02 20:33 . 2009-08-02 20:33 -------- d-----w- c:\documents and settings\Hudba NEW\Bárta Dan - Entropicture2003
2009-08-02 20:33 . 2009-08-02 20:33 -------- d-----w- c:\documents and settings\Hudba NEW\Celtic woman
2009-08-02 20:33 . 2009-08-02 20:33 -------- d-----w- c:\documents and settings\Hudba NEW\Chinaski - 07
2009-08-02 20:33 . 2009-08-02 20:33 -------- d-----w- c:\documents and settings\Hudba NEW\Dan Bárta - Animage
2009-08-02 20:32 . 2009-08-02 20:33 -------- d-----w- c:\documents and settings\Hudba NEW\Deva Prema Embrace
2009-08-02 20:32 . 2009-08-02 20:32 -------- d-----w- c:\documents and settings\Hudba NEW\Dylanovky
2009-08-02 20:32 . 2009-08-02 20:32 -------- d-----w- c:\documents and settings\Hudba NEW\Gipsy CZ
2009-08-02 20:32 . 2009-08-02 20:32 -------- d-----w- c:\documents and settings\Hudba NEW\Hair - Original soundtrack
2009-08-02 20:32 . 2009-08-02 20:32 -------- d-----w- c:\documents and settings\Hudba NEW\Hansard Glen & Markéta Irglová - The Swell Season
2009-08-02 20:32 . 2009-08-02 20:32 -------- d-----w- c:\documents and settings\Hudba NEW\Hapka + Horáček - Mohlo by tu být i líp
2009-08-02 20:31 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\Hegerová Hana
2009-08-02 20:31 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\Inner peace
2009-08-02 20:31 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\Jana Kirschner
2009-08-02 20:31 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\KM
2009-08-02 20:31 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\KM 3 new
2009-08-02 20:30 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\Karunesh
2009-08-02 20:30 . 2009-08-02 20:30 -------- d-----w- c:\documents and settings\Hudba NEW\Khoiba
2009-08-02 20:30 . 2009-08-02 20:30 -------- d-----w- c:\documents and settings\Hudba NEW\Loop Guru
2009-08-02 20:30 . 2009-08-02 20:30 -------- d-----w- c:\documents and settings\Hudba NEW\Medicine dance
2009-08-02 20:30 . 2009-08-02 20:30 -------- d-----w- c:\documents and settings\Hudba NEW\Mix CZ
2009-08-02 20:29 . 2009-08-02 20:30 -------- d-----w- c:\documents and settings\Hudba NEW\Native spirit
2009-08-02 20:29 . 2009-08-02 20:29 -------- d-----w- c:\documents and settings\Hudba NEW\Nina Simone
2009-08-02 20:29 . 2009-08-02 20:29 -------- d-----w- c:\documents and settings\Hudba NEW\Nohavica - Ikarus
2009-08-02 20:29 . 2009-08-02 20:29 -------- d-----w- c:\documents and settings\Hudba NEW\Pavlica Jura - Slunovrat
2009-08-02 20:29 . 2009-08-02 20:29 -------- d-----w- c:\documents and settings\Hudba NEW\Roland Sante
2009-08-02 20:28 . 2009-08-02 20:29 -------- d-----w- c:\documents and settings\Hudba NEW\Sto zvířat
2009-08-02 20:28 . 2009-08-02 20:28 -------- d-----w- c:\documents and settings\Hudba NEW\The Healing- A Trip To Infinity Disc 1
2009-08-02 20:27 . 2009-08-02 20:28 -------- d-----w- c:\documents and settings\Hudba NEW\cafe around the world
2009-08-02 20:27 . 2009-08-02 20:27 -------- d-----w- c:\documents and settings\Hudba NEW\gipsy kings
2009-08-02 20:27 . 2009-08-02 20:27 -------- d-----w- c:\documents and settings\Hudba NEW\magic light touch
2009-08-02 20:26 . 2009-08-02 20:27 -------- d-----w- c:\documents and settings\Hudba NEW\meditační
2009-08-02 20:24 . 2009-08-02 20:26 -------- d-----w- c:\documents and settings\Hudba NEW\milarepa atd
2009-08-02 20:24 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW
2009-08-02 20:24 . 2009-08-02 20:24 -------- d-----w- c:\documents and settings\Hudba NEW\šum svistu Tančírna
2009-08-02 20:21 . 2009-08-02 20:23 -------- d-----w- c:\documents and settings\hudba\LAA
2009-08-02 20:14 . 2009-08-02 20:15 -------- d-----w- c:\documents and settings\hudba\ZZ TEXTY C, D
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\Zuzana Navarova
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\XX na MP3
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\Xavier Baumaxa
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\X jednotlive
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\WAn vjeci
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\vyber ESP PV
2009-08-02 20:13 . 2009-08-02 20:13 -------- d-----w- c:\documents and settings\hudba\Vlasta Redl
2009-08-02 20:13 . 2009-08-02 20:13 -------- d-----w- c:\documents and settings\hudba\videoklipy
2009-08-02 20:13 . 2009-08-02 20:13 -------- d-----w- c:\documents and settings\hudba\Tracy Chapman
2009-08-02 20:13 . 2009-08-02 20:13 -------- d-----w- c:\documents and settings\hudba\Traband 11
2009-08-02 20:12 . 2009-08-02 20:13 -------- d-----w- c:\documents and settings\hudba\traband
2009-08-02 20:12 . 2009-08-02 20:12 -------- d-----w- c:\documents and settings\hudba\Toward the Within
2009-08-02 20:12 . 2009-08-02 20:12 -------- d-----w- c:\documents and settings\hudba\The Beatles
2009-08-02 20:11 . 2009-08-02 20:12 -------- d-----w- c:\documents and settings\hudba\TEXTY
2009-08-02 20:11 . 2009-08-02 20:11 -------- d-----w- c:\documents and settings\hudba\šakalí léta
2009-08-02 20:11 . 2009-08-02 20:11 -------- d-----w- c:\documents and settings\hudba\Sting
2009-08-02 20:11 . 2009-08-02 20:11 -------- d-----w- c:\documents and settings\hudba\Spaleny Jan a ASPM
2009-08-02 20:11 . 2009-08-02 20:11 -------- d-----w- c:\documents and settings\hudba\RZBlues
2009-08-02 20:10 . 2009-08-02 20:10 -------- d-----w- c:\documents and settings\hudba\Ry Cooder & Manuel Galbán
2009-08-02 20:10 . 2009-08-02 20:10 -------- d-----w- c:\documents and settings\hudba\Rubén González
2009-08-02 20:10 . 2009-08-02 20:10 -------- d-----w- c:\documents and settings\hudba\Robert Křesťan
2009-08-02 20:05 . 2009-08-02 20:05 -------- d-----w- c:\documents and settings\hudba\RICHAR~2
2009-08-02 20:05 . 2009-08-02 20:05 -------- d-----w- c:\documents and settings\hudba\Redl-Janoušek-Lenk
2009-08-02 20:05 . 2009-08-02 20:05 -------- d-----w- c:\documents and settings\hudba\Redl Vlasta - Dopisy z květin
2009-08-02 20:05 . 2009-08-02 20:05 -------- d-----w- c:\documents and settings\hudba\Radůza
2009-08-02 20:04 . 2009-08-02 20:05 -------- d-----w- c:\documents and settings\hudba\Raduza
2009-08-02 20:04 . 2009-08-02 20:04 -------- d-----w- c:\documents and settings\hudba\Pink Floyd
2009-08-02 20:04 . 2009-08-02 20:04 -------- d-----w- c:\documents and settings\hudba\PETR VIT
2009-08-02 20:04 . 2009-08-02 20:04 -------- d-----w- c:\documents and settings\hudba\Peha
2009-08-02 20:03 . 2009-08-02 20:04 -------- d-----w- c:\documents and settings\hudba\Patricia Kaas
2009-08-02 20:03 . 2009-08-02 20:03 -------- d-----w- c:\documents and settings\hudba\Norah Jones
2009-08-02 20:03 . 2009-08-02 20:03 -------- d-----w- c:\documents and settings\hudba\nohavica
2009-08-02 20:03 . 2009-08-02 20:03 -------- d-----w- c:\documents and settings\hudba\Natalika
2009-08-02 20:03 . 2009-08-02 20:03 -------- d-----w- c:\documents and settings\hudba\Mylene Farmer
2009-08-02 20:02 . 2009-08-02 20:03 -------- d-----w- c:\documents and settings\hudba\Mike Oldfield
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Marsyas
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Mari Boine
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Maita Vende Ca
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Led Zeppelin
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Kryštof -
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Koa
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\Kings of Convenience
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\Karel Plihal
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\Jiří Schmitzer
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\Jean Michel Jarre
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\Jana Kirchner
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\JAHOBO
2009-08-02 20:00 . 2009-08-02 20:00 -------- d-----w- c:\documents and settings\hudba\Jablkon
2009-08-02 20:00 . 2009-08-02 20:00 -------- d-----w- c:\documents and settings\hudba\Ivan Kral
2009-08-02 20:00 . 2009-08-02 20:00 -------- d-----w- c:\documents and settings\hudba\Ivan Gurierez
2009-08-02 20:00 . 2009-08-02 20:00 -------- d-----w- c:\documents and settings\hudba\Iva Frühling
2009-08-02 20:00 . 2009-08-02 20:00 -------- d-----w- c:\documents and settings\hudba\Ibrahim Ferrer
2009-08-02 19:59 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\Chinaski
2009-08-02 19:59 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\hapka-Horáček
2009-08-02 19:59 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\Grease
2009-08-02 19:59 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\Ester Kočičková
2009-08-02 19:59 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\Enya
2009-08-02 19:58 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\Druhá tráva
2009-08-02 19:58 . 2009-08-02 19:58 -------- d-----w- c:\documents and settings\hudba\Dama dama
2009-08-02 19:58 . 2009-08-02 20:07 -------- d-----w- c:\documents and settings\hudba\Cp 8
2009-08-02 19:58 . 2009-08-02 20:07 -------- d-----w- c:\documents and settings\hudba\Corrs
2009-08-02 19:57 . 2009-08-02 19:58 -------- d-----w- c:\documents and settings\hudba\Cohen_Leonard-Greatest_Hits
2009-08-02 19:57 . 2009-08-02 19:57 -------- d-----w- c:\documents and settings\hudba\Buena Vista Social Club
2009-08-02 19:57 . 2009-08-02 19:57 -------- d-----w- c:\documents and settings\hudba\Bratři Ebenové
2009-08-02 19:57 . 2009-08-02 19:57 -------- d-----w- c:\documents and settings\hudba\Bob Dylan
2009-08-02 19:56 . 2009-08-02 19:56 -------- d-----w- c:\documents and settings\hudba\Björk
2009-08-02 19:56 . 2009-08-02 19:56 -------- d-----w- c:\documents and settings\hudba\Bassem Yazbeck
2009-08-02 19:55 . 2009-08-02 19:56 -------- d-----w- c:\documents and settings\hudba\Bára Basiková
2009-08-02 19:55 . 2009-08-02 19:55 -------- d-----w- c:\documents and settings\hudba\Baez
2009-08-02 19:55 . 2009-08-02 19:55 -------- d-----w- c:\documents and settings\hudba\Avril Lavigne
2009-08-02 19:55 . 2009-08-02 19:55 -------- d-----w- c:\documents and settings\hudba\Amelie
2009-08-02 19:55 . 2009-08-03 13:52 -------- d-----w- c:\documents and settings\hudba
2009-08-02 19:50 . 2009-08-02 19:50 -------- d-----w- c:\documents and settings\ODBORNE\zdrail tp 1.4
2009-08-02 19:50 . 2009-08-02 19:50 -------- d-----w- c:\documents and settings\ODBORNE\výrobky
2009-08-02 19:50 . 2009-08-02 19:50 -------- d-----w- c:\documents and settings\ODBORNE\vyjádření - prvky
2009-08-02 19:50 . 2009-08-02 19:50 -------- d-----w- c:\documents and settings\ODBORNE\vyber legislativa BUS
2009-08-02 19:50 . 2009-08-02 19:50 -------- d-----w- c:\documents and settings\ODBORNE\umyv-detaily
2009-08-02 19:47 . 2009-08-02 19:47 -------- d-----w- c:\documents and settings\ODBORNE\design for AE
2009-08-02 19:44 . 2009-08-02 19:45 -------- d-----w- c:\documents and settings\FOTO\AFoto 7-09 neww
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 12:14 . 2007-09-21 19:11 -------- d-----w- c:\program files\ESET
2009-08-03 18:56 . 2007-12-26 11:40 -------- d-----w- c:\program files\Google
2009-08-02 14:44 . 2007-09-28 13:29 -------- d-----w- c:\program files\Common Files\Nikon
2009-08-02 14:25 . 2007-09-28 13:31 -------- d-----w- c:\program files\Nikon
2009-08-02 14:24 . 2003-03-19 10:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-08-02 14:24 . 2007-09-21 19:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-02 14:14 . 2001-10-25 13:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2009-08-02 14:14 . 2001-10-25 13:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2009-08-02 11:25 . 2007-09-21 19:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 20:33 . 2007-09-21 19:11 -------- d-----w- c:\program files\TC PowerPack
2009-07-14 18:16 . 2007-09-21 18:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-14 18:16 . 2007-09-21 18:40 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-07-12 20:29 . 2007-09-21 19:19 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-07-03 16:59 . 2004-08-17 14:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-08-17 14:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 19:54 . 2009-01-20 16:54 -------- d-----w- c:\program files\rajce
2009-06-03 19:11 . 2004-08-17 14:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:33 . 2004-08-17 14:49 346624 ----a-w- c:\windows\system32\localspl.dll
2007-11-18 22:30 . 2007-11-18 22:30 260471 ----a-w- c:\program files\Mpeg2DSSetup.exe
2007-09-22 15:53 . 2007-09-22 15:53 5827472 ----a-w- c:\program files\Firefox Setup 2.0.0.7.exe
2006-04-23 14:49 . 2007-10-16 19:57 2897821 ----a-w- c:\program files\bsplayer137.826.exe
2009-07-15 21:16 . 2008-12-17 20:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-23_21.42.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-01 22:08 . 2006-12-01 22:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 20:56 . 2006-12-01 20:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-08-02 14:25 . 2009-08-02 14:25 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2009-08-02 14:10 . 2003-04-24 11:29 32768 c:\windows\system32\udaprop.dll
- 2001-10-25 13:00 . 2009-07-15 01:09 39992 c:\windows\system32\perfc009.dat
+ 2001-10-25 13:00 . 2009-08-02 14:14 39992 c:\windows\system32\perfc009.dat
- 2007-08-13 17:54 . 2009-03-08 02:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:54 . 2009-07-03 16:59 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-12-01 22:26 . 2006-12-01 22:26 57856 c:\windows\system32\mfcm80u.dll
+ 2006-12-01 22:25 . 2006-12-01 22:25 69632 c:\windows\system32\mfcm80.dll
+ 2008-05-23 08:09 . 2009-08-03 18:56 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2004-08-17 14:49 . 2009-04-30 21:16 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 25600 c:\windows\system32\jsproxy.dll
+ 2009-08-01 20:58 . 2009-07-13 11:36 38160 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2009-08-01 20:58 . 2009-07-13 11:36 19096 c:\windows\system32\drivers\mbam.sys
- 2009-07-13 13:18 . 2009-04-30 21:16 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-07-13 13:18 . 2009-07-03 16:59 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-04-29 04:47 . 2009-03-08 02:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-04-29 04:47 . 2009-07-03 16:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-17 14:49 . 2009-04-30 21:16 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-08-02 14:10 . 2003-02-18 16:26 28672 c:\windows\system32\cmirmdrv.dll
+ 2009-08-03 18:56 . 2009-08-03 18:56 24064 c:\windows\Installer\267016b.msi
+ 2009-07-29 12:34 . 2009-04-30 21:16 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-29 12:34 . 2009-03-08 02:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-29 12:34 . 2009-04-30 21:16 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-08-02 14:15 . 2001-10-24 10:25 5632 c:\windows\system32\ptpusb.dll
+ 2009-08-02 14:25 . 2009-08-02 14:25 8854 c:\windows\Installer\{E9757890-7EC5-46C8-99AB-B00F07B6525C}\New_Shortcut_E97578907EC546C899ABB00F07B6525C_1.exe
+ 2009-08-02 14:15 . 2008-04-14 03:21 159232 c:\windows\system32\ptpusd.dll
- 2001-10-25 13:00 . 2009-07-15 01:09 311604 c:\windows\system32\perfh009.dat
+ 2001-10-25 13:00 . 2009-08-02 14:14 311604 c:\windows\system32\perfh009.dat
+ 2004-08-17 14:49 . 2009-07-03 16:59 206848 c:\windows\system32\occache.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\system32\msvcr80.dll
+ 2003-03-19 10:03 . 2003-03-19 10:03 544768 c:\windows\system32\msvcr71d.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\system32\msvcp80.dll
+ 2003-03-19 10:04 . 2003-03-19 10:04 765952 c:\windows\system32\msvcp71d.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\system32\msvcm80.dll
+ 2007-08-13 17:54 . 2009-07-03 16:59 594432 c:\windows\system32\msfeeds.dll
- 2007-08-13 17:54 . 2009-03-08 02:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2004-08-17 14:49 . 2009-07-03 16:59 184320 c:\windows\system32\iepeers.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 386048 c:\windows\system32\iedkcs32.dll
- 2004-08-17 14:49 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-17 14:49 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2009-08-02 14:10 . 2003-10-17 09:52 754560 c:\windows\system32\drivers\cmuda.sys
- 2004-08-17 14:49 . 2009-05-13 05:05 915456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 915456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 206848 c:\windows\system32\dllcache\occache.dll
- 2009-04-29 04:47 . 2009-03-08 02:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-29 04:47 . 2009-07-03 16:59 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-07-13 13:18 . 2009-07-03 16:59 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-07-13 13:18 . 2009-04-30 21:16 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 386048 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-17 14:49 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-17 14:49 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-09-21 18:55 . 2001-11-23 10:08 712704 c:\windows\system32\dllcache\a3d.dll
+ 2009-08-02 14:10 . 2003-10-15 16:37 114688 c:\windows\system32\cmuda.dll
+ 2009-08-02 14:10 . 2003-08-20 16:46 233472 c:\windows\system32\cmirmdrv.exe
+ 2009-08-02 14:10 . 2001-11-23 10:08 712704 c:\windows\system32\Audio3D.dll
+ 2007-09-21 18:55 . 2001-11-23 10:08 712704 c:\windows\system32\a3d.dll
- 2007-09-21 18:55 . 2001-11-23 04:08 712704 c:\windows\system32\a3d.dll
+ 2009-08-02 14:10 . 2002-04-29 13:04 917504 c:\windows\system\cmids3d.dll
+ 2009-08-02 14:23 . 2009-08-02 14:23 331264 c:\windows\Installer\8f5c9.msi
+ 2009-08-02 14:25 . 2009-08-02 14:25 450560 c:\windows\Installer\{E9757890-7EC5-46C8-99AB-B00F07B6525C}\NewShortcut3_E97578907EC546C899ABB00F07B6525C.exe
+ 2009-08-02 14:25 . 2009-08-02 14:25 450560 c:\windows\Installer\{E9757890-7EC5-46C8-99AB-B00F07B6525C}\NewShortcut2_E97578907EC546C899ABB00F07B6525C.exe
+ 2009-07-29 12:34 . 2009-05-13 05:05 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-29 12:34 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-29 12:34 . 2009-05-26 11:40 233848 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-29 12:34 . 2009-03-08 02:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-29 12:34 . 2009-03-08 02:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-29 12:34 . 2009-04-30 21:16 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-29 12:34 . 2009-03-08 02:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-29 12:34 . 2009-04-30 21:16 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-29 12:34 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-08-02 14:10 . 2003-07-22 09:15 225280 c:\windows\CmiRmRedundDir.exe
+ 2009-08-02 14:25 . 2009-08-02 14:25 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-17 14:49 . 2009-07-19 13:16 5937152 c:\windows\system32\mshtml.dll
+ 2006-12-01 22:25 . 2006-12-01 22:25 1093120 c:\windows\system32\mfc80u.dll
+ 2006-12-01 22:25 . 2006-12-01 22:25 1101824 c:\windows\system32\mfc80.dll
+ 2003-03-19 11:28 . 2003-03-19 11:28 2179072 c:\windows\system32\mfc71d.dll
+ 2007-08-13 17:34 . 2009-07-03 16:59 1985536 c:\windows\system32\iertutil.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-17 14:49 . 2009-07-19 13:16 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-29 04:47 . 2009-07-03 16:59 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-02 14:10 . 2003-10-15 14:26 1454080 c:\windows\system\SmWizard.exe
+ 2009-08-02 14:27 . 2009-08-02 14:27 5830144 c:\windows\Installer\8f5ea.msi
+ 2009-08-02 14:23 . 2009-08-02 14:23 7974912 c:\windows\Installer\8f5c4.msi
+ 2009-07-29 12:34 . 2009-04-30 21:16 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-29 12:34 . 2009-05-13 05:05 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-29 12:34 . 2009-04-30 21:16 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-07-17 18:12 . 2009-07-17 18:12 1962160 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2007-08-13 17:54 . 2009-07-19 16:46 11067392 c:\windows\system32\ieframe.dll
+ 2009-04-29 04:47 . 2009-07-19 16:46 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-02 14:26 . 2009-08-02 14:26 10608640 c:\windows\Installer\8f5e0.msi
+ 2009-08-02 14:25 . 2009-08-02 14:25 12377600 c:\windows\Installer\8f5d6.msi
+ 2009-07-29 12:34 . 2009-04-30 21:16 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-09-21 917504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-12 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-03 536576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2007-9-28 233472]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ASUS\\WL-520GU Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.7.2008 14:03 222456]
R2 UsbService;ASUS Virtual MFP Service;c:\program files\ASUS\Printer Utilities\UsbService.exe [8.5.2009 16:05 217088]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [8.5.2009 16:05 66432]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - SISPORT
*Deregistered* - SiSPort
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = proxy.karneval.cz:3128
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\WEBIE.DLL
LSP: imon.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Antonovičová\Data aplikací\Mozilla\Firefox\Profiles\vg435rd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 14:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2332)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2009-08-04 14:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-04 12:46
ComboFix2.txt 2009-07-23 21:47
Před spuštěním: Volných bajtů: 47 050 567 680
Po spuštění: Volných bajtů: 47 037 165 568
448 --- E O F --- 2009-07-29 12:34
**************************
jak se vypina ten rezidentni stit? delam to zrejme blbe
cache jsem vymazala
dik.
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.657 [GMT 2:00]
Spuštěný z: c:\documents and settings\Antonovičová\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Antonovičová\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
FILE ::
"c:\windows\SB2D9A271.tmp"
"c:\windows\system32\drivers\amd64si.sys"
"c:\windows\system32\Drivers\SSPORT.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\SB2D9A271.tmp
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SSPORT
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-04 do 2009-08-04 )))))))))))))))))))))))))))))))
.
2009-08-03 18:55 . 2009-08-04 06:51 -------- d-----w- c:\program files\NOS
2009-08-03 09:55 . 2009-08-03 10:11 -------- d-----w- c:\documents and settings\FOTO\F PRACOVNÍ
2009-08-03 09:48 . 2009-08-03 09:49 -------- d-----w- c:\documents and settings\FOTO\F 2009
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\ABBA
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\Aeoliah
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\African Fire Lizzy Hammond
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\Bobby McFerinn
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\Bratri Ebenove - Chlebicky (2008)
2009-08-02 20:34 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\Buty - Kapradí
2009-08-02 20:33 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW\Buty - Votom
2009-08-02 20:33 . 2009-08-02 20:33 -------- d-----w- c:\documents and settings\Hudba NEW\Bárta Dan - Entropicture2003
2009-08-02 20:33 . 2009-08-02 20:33 -------- d-----w- c:\documents and settings\Hudba NEW\Celtic woman
2009-08-02 20:33 . 2009-08-02 20:33 -------- d-----w- c:\documents and settings\Hudba NEW\Chinaski - 07
2009-08-02 20:33 . 2009-08-02 20:33 -------- d-----w- c:\documents and settings\Hudba NEW\Dan Bárta - Animage
2009-08-02 20:32 . 2009-08-02 20:33 -------- d-----w- c:\documents and settings\Hudba NEW\Deva Prema Embrace
2009-08-02 20:32 . 2009-08-02 20:32 -------- d-----w- c:\documents and settings\Hudba NEW\Dylanovky
2009-08-02 20:32 . 2009-08-02 20:32 -------- d-----w- c:\documents and settings\Hudba NEW\Gipsy CZ
2009-08-02 20:32 . 2009-08-02 20:32 -------- d-----w- c:\documents and settings\Hudba NEW\Hair - Original soundtrack
2009-08-02 20:32 . 2009-08-02 20:32 -------- d-----w- c:\documents and settings\Hudba NEW\Hansard Glen & Markéta Irglová - The Swell Season
2009-08-02 20:32 . 2009-08-02 20:32 -------- d-----w- c:\documents and settings\Hudba NEW\Hapka + Horáček - Mohlo by tu být i líp
2009-08-02 20:31 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\Hegerová Hana
2009-08-02 20:31 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\Inner peace
2009-08-02 20:31 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\Jana Kirschner
2009-08-02 20:31 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\KM
2009-08-02 20:31 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\KM 3 new
2009-08-02 20:30 . 2009-08-02 20:31 -------- d-----w- c:\documents and settings\Hudba NEW\Karunesh
2009-08-02 20:30 . 2009-08-02 20:30 -------- d-----w- c:\documents and settings\Hudba NEW\Khoiba
2009-08-02 20:30 . 2009-08-02 20:30 -------- d-----w- c:\documents and settings\Hudba NEW\Loop Guru
2009-08-02 20:30 . 2009-08-02 20:30 -------- d-----w- c:\documents and settings\Hudba NEW\Medicine dance
2009-08-02 20:30 . 2009-08-02 20:30 -------- d-----w- c:\documents and settings\Hudba NEW\Mix CZ
2009-08-02 20:29 . 2009-08-02 20:30 -------- d-----w- c:\documents and settings\Hudba NEW\Native spirit
2009-08-02 20:29 . 2009-08-02 20:29 -------- d-----w- c:\documents and settings\Hudba NEW\Nina Simone
2009-08-02 20:29 . 2009-08-02 20:29 -------- d-----w- c:\documents and settings\Hudba NEW\Nohavica - Ikarus
2009-08-02 20:29 . 2009-08-02 20:29 -------- d-----w- c:\documents and settings\Hudba NEW\Pavlica Jura - Slunovrat
2009-08-02 20:29 . 2009-08-02 20:29 -------- d-----w- c:\documents and settings\Hudba NEW\Roland Sante
2009-08-02 20:28 . 2009-08-02 20:29 -------- d-----w- c:\documents and settings\Hudba NEW\Sto zvířat
2009-08-02 20:28 . 2009-08-02 20:28 -------- d-----w- c:\documents and settings\Hudba NEW\The Healing- A Trip To Infinity Disc 1
2009-08-02 20:27 . 2009-08-02 20:28 -------- d-----w- c:\documents and settings\Hudba NEW\cafe around the world
2009-08-02 20:27 . 2009-08-02 20:27 -------- d-----w- c:\documents and settings\Hudba NEW\gipsy kings
2009-08-02 20:27 . 2009-08-02 20:27 -------- d-----w- c:\documents and settings\Hudba NEW\magic light touch
2009-08-02 20:26 . 2009-08-02 20:27 -------- d-----w- c:\documents and settings\Hudba NEW\meditační
2009-08-02 20:24 . 2009-08-02 20:26 -------- d-----w- c:\documents and settings\Hudba NEW\milarepa atd
2009-08-02 20:24 . 2009-08-02 20:34 -------- d-----w- c:\documents and settings\Hudba NEW
2009-08-02 20:24 . 2009-08-02 20:24 -------- d-----w- c:\documents and settings\Hudba NEW\šum svistu Tančírna
2009-08-02 20:21 . 2009-08-02 20:23 -------- d-----w- c:\documents and settings\hudba\LAA
2009-08-02 20:14 . 2009-08-02 20:15 -------- d-----w- c:\documents and settings\hudba\ZZ TEXTY C, D
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\Zuzana Navarova
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\XX na MP3
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\Xavier Baumaxa
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\X jednotlive
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\WAn vjeci
2009-08-02 20:14 . 2009-08-02 20:14 -------- d-----w- c:\documents and settings\hudba\vyber ESP PV
2009-08-02 20:13 . 2009-08-02 20:13 -------- d-----w- c:\documents and settings\hudba\Vlasta Redl
2009-08-02 20:13 . 2009-08-02 20:13 -------- d-----w- c:\documents and settings\hudba\videoklipy
2009-08-02 20:13 . 2009-08-02 20:13 -------- d-----w- c:\documents and settings\hudba\Tracy Chapman
2009-08-02 20:13 . 2009-08-02 20:13 -------- d-----w- c:\documents and settings\hudba\Traband 11
2009-08-02 20:12 . 2009-08-02 20:13 -------- d-----w- c:\documents and settings\hudba\traband
2009-08-02 20:12 . 2009-08-02 20:12 -------- d-----w- c:\documents and settings\hudba\Toward the Within
2009-08-02 20:12 . 2009-08-02 20:12 -------- d-----w- c:\documents and settings\hudba\The Beatles
2009-08-02 20:11 . 2009-08-02 20:12 -------- d-----w- c:\documents and settings\hudba\TEXTY
2009-08-02 20:11 . 2009-08-02 20:11 -------- d-----w- c:\documents and settings\hudba\šakalí léta
2009-08-02 20:11 . 2009-08-02 20:11 -------- d-----w- c:\documents and settings\hudba\Sting
2009-08-02 20:11 . 2009-08-02 20:11 -------- d-----w- c:\documents and settings\hudba\Spaleny Jan a ASPM
2009-08-02 20:11 . 2009-08-02 20:11 -------- d-----w- c:\documents and settings\hudba\RZBlues
2009-08-02 20:10 . 2009-08-02 20:10 -------- d-----w- c:\documents and settings\hudba\Ry Cooder & Manuel Galbán
2009-08-02 20:10 . 2009-08-02 20:10 -------- d-----w- c:\documents and settings\hudba\Rubén González
2009-08-02 20:10 . 2009-08-02 20:10 -------- d-----w- c:\documents and settings\hudba\Robert Křesťan
2009-08-02 20:05 . 2009-08-02 20:05 -------- d-----w- c:\documents and settings\hudba\RICHAR~2
2009-08-02 20:05 . 2009-08-02 20:05 -------- d-----w- c:\documents and settings\hudba\Redl-Janoušek-Lenk
2009-08-02 20:05 . 2009-08-02 20:05 -------- d-----w- c:\documents and settings\hudba\Redl Vlasta - Dopisy z květin
2009-08-02 20:05 . 2009-08-02 20:05 -------- d-----w- c:\documents and settings\hudba\Radůza
2009-08-02 20:04 . 2009-08-02 20:05 -------- d-----w- c:\documents and settings\hudba\Raduza
2009-08-02 20:04 . 2009-08-02 20:04 -------- d-----w- c:\documents and settings\hudba\Pink Floyd
2009-08-02 20:04 . 2009-08-02 20:04 -------- d-----w- c:\documents and settings\hudba\PETR VIT
2009-08-02 20:04 . 2009-08-02 20:04 -------- d-----w- c:\documents and settings\hudba\Peha
2009-08-02 20:03 . 2009-08-02 20:04 -------- d-----w- c:\documents and settings\hudba\Patricia Kaas
2009-08-02 20:03 . 2009-08-02 20:03 -------- d-----w- c:\documents and settings\hudba\Norah Jones
2009-08-02 20:03 . 2009-08-02 20:03 -------- d-----w- c:\documents and settings\hudba\nohavica
2009-08-02 20:03 . 2009-08-02 20:03 -------- d-----w- c:\documents and settings\hudba\Natalika
2009-08-02 20:03 . 2009-08-02 20:03 -------- d-----w- c:\documents and settings\hudba\Mylene Farmer
2009-08-02 20:02 . 2009-08-02 20:03 -------- d-----w- c:\documents and settings\hudba\Mike Oldfield
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Marsyas
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Mari Boine
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Maita Vende Ca
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Led Zeppelin
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Kryštof -
2009-08-02 20:02 . 2009-08-02 20:02 -------- d-----w- c:\documents and settings\hudba\Koa
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\Kings of Convenience
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\Karel Plihal
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\Jiří Schmitzer
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\Jean Michel Jarre
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\Jana Kirchner
2009-08-02 20:01 . 2009-08-02 20:01 -------- d-----w- c:\documents and settings\hudba\JAHOBO
2009-08-02 20:00 . 2009-08-02 20:00 -------- d-----w- c:\documents and settings\hudba\Jablkon
2009-08-02 20:00 . 2009-08-02 20:00 -------- d-----w- c:\documents and settings\hudba\Ivan Kral
2009-08-02 20:00 . 2009-08-02 20:00 -------- d-----w- c:\documents and settings\hudba\Ivan Gurierez
2009-08-02 20:00 . 2009-08-02 20:00 -------- d-----w- c:\documents and settings\hudba\Iva Frühling
2009-08-02 20:00 . 2009-08-02 20:00 -------- d-----w- c:\documents and settings\hudba\Ibrahim Ferrer
2009-08-02 19:59 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\Chinaski
2009-08-02 19:59 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\hapka-Horáček
2009-08-02 19:59 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\Grease
2009-08-02 19:59 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\Ester Kočičková
2009-08-02 19:59 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\Enya
2009-08-02 19:58 . 2009-08-02 19:59 -------- d-----w- c:\documents and settings\hudba\Druhá tráva
2009-08-02 19:58 . 2009-08-02 19:58 -------- d-----w- c:\documents and settings\hudba\Dama dama
2009-08-02 19:58 . 2009-08-02 20:07 -------- d-----w- c:\documents and settings\hudba\Cp 8
2009-08-02 19:58 . 2009-08-02 20:07 -------- d-----w- c:\documents and settings\hudba\Corrs
2009-08-02 19:57 . 2009-08-02 19:58 -------- d-----w- c:\documents and settings\hudba\Cohen_Leonard-Greatest_Hits
2009-08-02 19:57 . 2009-08-02 19:57 -------- d-----w- c:\documents and settings\hudba\Buena Vista Social Club
2009-08-02 19:57 . 2009-08-02 19:57 -------- d-----w- c:\documents and settings\hudba\Bratři Ebenové
2009-08-02 19:57 . 2009-08-02 19:57 -------- d-----w- c:\documents and settings\hudba\Bob Dylan
2009-08-02 19:56 . 2009-08-02 19:56 -------- d-----w- c:\documents and settings\hudba\Björk
2009-08-02 19:56 . 2009-08-02 19:56 -------- d-----w- c:\documents and settings\hudba\Bassem Yazbeck
2009-08-02 19:55 . 2009-08-02 19:56 -------- d-----w- c:\documents and settings\hudba\Bára Basiková
2009-08-02 19:55 . 2009-08-02 19:55 -------- d-----w- c:\documents and settings\hudba\Baez
2009-08-02 19:55 . 2009-08-02 19:55 -------- d-----w- c:\documents and settings\hudba\Avril Lavigne
2009-08-02 19:55 . 2009-08-02 19:55 -------- d-----w- c:\documents and settings\hudba\Amelie
2009-08-02 19:55 . 2009-08-03 13:52 -------- d-----w- c:\documents and settings\hudba
2009-08-02 19:50 . 2009-08-02 19:50 -------- d-----w- c:\documents and settings\ODBORNE\zdrail tp 1.4
2009-08-02 19:50 . 2009-08-02 19:50 -------- d-----w- c:\documents and settings\ODBORNE\výrobky
2009-08-02 19:50 . 2009-08-02 19:50 -------- d-----w- c:\documents and settings\ODBORNE\vyjádření - prvky
2009-08-02 19:50 . 2009-08-02 19:50 -------- d-----w- c:\documents and settings\ODBORNE\vyber legislativa BUS
2009-08-02 19:50 . 2009-08-02 19:50 -------- d-----w- c:\documents and settings\ODBORNE\umyv-detaily
2009-08-02 19:47 . 2009-08-02 19:47 -------- d-----w- c:\documents and settings\ODBORNE\design for AE
2009-08-02 19:44 . 2009-08-02 19:45 -------- d-----w- c:\documents and settings\FOTO\AFoto 7-09 neww
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 12:14 . 2007-09-21 19:11 -------- d-----w- c:\program files\ESET
2009-08-03 18:56 . 2007-12-26 11:40 -------- d-----w- c:\program files\Google
2009-08-02 14:44 . 2007-09-28 13:29 -------- d-----w- c:\program files\Common Files\Nikon
2009-08-02 14:25 . 2007-09-28 13:31 -------- d-----w- c:\program files\Nikon
2009-08-02 14:24 . 2003-03-19 10:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2009-08-02 14:24 . 2007-09-21 19:39 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-02 14:14 . 2001-10-25 13:00 46016 ----a-w- c:\windows\system32\perfc005.dat
2009-08-02 14:14 . 2001-10-25 13:00 309716 ----a-w- c:\windows\system32\perfh005.dat
2009-08-02 11:25 . 2007-09-21 19:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 20:33 . 2007-09-21 19:11 -------- d-----w- c:\program files\TC PowerPack
2009-07-14 18:16 . 2007-09-21 18:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-14 18:16 . 2007-09-21 18:40 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-07-12 20:29 . 2007-09-21 19:19 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-07-03 16:59 . 2004-08-17 14:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-08-17 14:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 19:54 . 2009-01-20 16:54 -------- d-----w- c:\program files\rajce
2009-06-03 19:11 . 2004-08-17 14:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:33 . 2004-08-17 14:49 346624 ----a-w- c:\windows\system32\localspl.dll
2007-11-18 22:30 . 2007-11-18 22:30 260471 ----a-w- c:\program files\Mpeg2DSSetup.exe
2007-09-22 15:53 . 2007-09-22 15:53 5827472 ----a-w- c:\program files\Firefox Setup 2.0.0.7.exe
2006-04-23 14:49 . 2007-10-16 19:57 2897821 ----a-w- c:\program files\bsplayer137.826.exe
2009-07-15 21:16 . 2008-12-17 20:56 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-23_21.42.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-01 22:08 . 2006-12-01 22:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08 . 2006-12-01 22:08 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 20:56 . 2006-12-01 20:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-08-02 14:25 . 2009-08-02 14:25 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2009-08-02 14:10 . 2003-04-24 11:29 32768 c:\windows\system32\udaprop.dll
- 2001-10-25 13:00 . 2009-07-15 01:09 39992 c:\windows\system32\perfc009.dat
+ 2001-10-25 13:00 . 2009-08-02 14:14 39992 c:\windows\system32\perfc009.dat
- 2007-08-13 17:54 . 2009-03-08 02:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 17:54 . 2009-07-03 16:59 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-12-01 22:26 . 2006-12-01 22:26 57856 c:\windows\system32\mfcm80u.dll
+ 2006-12-01 22:25 . 2006-12-01 22:25 69632 c:\windows\system32\mfcm80.dll
+ 2008-05-23 08:09 . 2009-08-03 18:56 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2004-08-17 14:49 . 2009-04-30 21:16 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 25600 c:\windows\system32\jsproxy.dll
+ 2009-08-01 20:58 . 2009-07-13 11:36 38160 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2009-08-01 20:58 . 2009-07-13 11:36 19096 c:\windows\system32\drivers\mbam.sys
- 2009-07-13 13:18 . 2009-04-30 21:16 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-07-13 13:18 . 2009-07-03 16:59 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-04-29 04:47 . 2009-03-08 02:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-04-29 04:47 . 2009-07-03 16:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-17 14:49 . 2009-04-30 21:16 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-08-02 14:10 . 2003-02-18 16:26 28672 c:\windows\system32\cmirmdrv.dll
+ 2009-08-03 18:56 . 2009-08-03 18:56 24064 c:\windows\Installer\267016b.msi
+ 2009-07-29 12:34 . 2009-04-30 21:16 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-29 12:34 . 2009-03-08 02:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-29 12:34 . 2009-04-30 21:16 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-08-02 14:15 . 2001-10-24 10:25 5632 c:\windows\system32\ptpusb.dll
+ 2009-08-02 14:25 . 2009-08-02 14:25 8854 c:\windows\Installer\{E9757890-7EC5-46C8-99AB-B00F07B6525C}\New_Shortcut_E97578907EC546C899ABB00F07B6525C_1.exe
+ 2009-08-02 14:15 . 2008-04-14 03:21 159232 c:\windows\system32\ptpusd.dll
- 2001-10-25 13:00 . 2009-07-15 01:09 311604 c:\windows\system32\perfh009.dat
+ 2001-10-25 13:00 . 2009-08-02 14:14 311604 c:\windows\system32\perfh009.dat
+ 2004-08-17 14:49 . 2009-07-03 16:59 206848 c:\windows\system32\occache.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 626688 c:\windows\system32\msvcr80.dll
+ 2003-03-19 10:03 . 2003-03-19 10:03 544768 c:\windows\system32\msvcr71d.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 548864 c:\windows\system32\msvcp80.dll
+ 2003-03-19 10:04 . 2003-03-19 10:04 765952 c:\windows\system32\msvcp71d.dll
+ 2006-12-01 20:54 . 2006-12-01 20:54 479232 c:\windows\system32\msvcm80.dll
+ 2007-08-13 17:54 . 2009-07-03 16:59 594432 c:\windows\system32\msfeeds.dll
- 2007-08-13 17:54 . 2009-03-08 02:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-07-18 03:12 . 2009-07-18 03:12 257440 c:\windows\system32\Macromed\Flash\FlashUtil10c.exe
+ 2004-08-17 14:49 . 2009-07-03 16:59 184320 c:\windows\system32\iepeers.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 386048 c:\windows\system32\iedkcs32.dll
- 2004-08-17 14:49 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-17 14:49 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2009-08-02 14:10 . 2003-10-17 09:52 754560 c:\windows\system32\drivers\cmuda.sys
- 2004-08-17 14:49 . 2009-05-13 05:05 915456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 915456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 206848 c:\windows\system32\dllcache\occache.dll
- 2009-04-29 04:47 . 2009-03-08 02:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-29 04:47 . 2009-07-03 16:59 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-07-13 13:18 . 2009-07-03 16:59 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-07-13 13:18 . 2009-04-30 21:16 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 386048 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-17 14:49 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-17 14:49 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-09-21 18:55 . 2001-11-23 10:08 712704 c:\windows\system32\dllcache\a3d.dll
+ 2009-08-02 14:10 . 2003-10-15 16:37 114688 c:\windows\system32\cmuda.dll
+ 2009-08-02 14:10 . 2003-08-20 16:46 233472 c:\windows\system32\cmirmdrv.exe
+ 2009-08-02 14:10 . 2001-11-23 10:08 712704 c:\windows\system32\Audio3D.dll
+ 2007-09-21 18:55 . 2001-11-23 10:08 712704 c:\windows\system32\a3d.dll
- 2007-09-21 18:55 . 2001-11-23 04:08 712704 c:\windows\system32\a3d.dll
+ 2009-08-02 14:10 . 2002-04-29 13:04 917504 c:\windows\system\cmids3d.dll
+ 2009-08-02 14:23 . 2009-08-02 14:23 331264 c:\windows\Installer\8f5c9.msi
+ 2009-08-02 14:25 . 2009-08-02 14:25 450560 c:\windows\Installer\{E9757890-7EC5-46C8-99AB-B00F07B6525C}\NewShortcut3_E97578907EC546C899ABB00F07B6525C.exe
+ 2009-08-02 14:25 . 2009-08-02 14:25 450560 c:\windows\Installer\{E9757890-7EC5-46C8-99AB-B00F07B6525C}\NewShortcut2_E97578907EC546C899ABB00F07B6525C.exe
+ 2009-07-29 12:34 . 2009-05-13 05:05 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-29 12:34 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-29 12:34 . 2009-05-26 11:40 233848 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-29 12:34 . 2009-03-08 02:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-29 12:34 . 2009-03-08 02:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-29 12:34 . 2009-04-30 21:16 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-29 12:34 . 2009-03-08 02:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-29 12:34 . 2009-04-30 21:16 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-29 12:34 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-08-02 14:10 . 2003-07-22 09:15 225280 c:\windows\CmiRmRedundDir.exe
+ 2009-08-02 14:25 . 2009-08-02 14:25 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-17 14:49 . 2009-07-19 13:16 5937152 c:\windows\system32\mshtml.dll
+ 2006-12-01 22:25 . 2006-12-01 22:25 1093120 c:\windows\system32\mfc80u.dll
+ 2006-12-01 22:25 . 2006-12-01 22:25 1101824 c:\windows\system32\mfc80.dll
+ 2003-03-19 11:28 . 2003-03-19 11:28 2179072 c:\windows\system32\mfc71d.dll
+ 2007-08-13 17:34 . 2009-07-03 16:59 1985536 c:\windows\system32\iertutil.dll
+ 2004-08-17 14:49 . 2009-07-03 16:59 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-17 14:49 . 2009-07-19 13:16 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-04-29 04:47 . 2009-07-03 16:59 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-08-02 14:10 . 2003-10-15 14:26 1454080 c:\windows\system\SmWizard.exe
+ 2009-08-02 14:27 . 2009-08-02 14:27 5830144 c:\windows\Installer\8f5ea.msi
+ 2009-08-02 14:23 . 2009-08-02 14:23 7974912 c:\windows\Installer\8f5c4.msi
+ 2009-07-29 12:34 . 2009-04-30 21:16 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-29 12:34 . 2009-05-13 05:05 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-29 12:34 . 2009-04-30 21:16 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-07-17 18:12 . 2009-07-17 18:12 1962160 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2007-08-13 17:54 . 2009-07-19 16:46 11067392 c:\windows\system32\ieframe.dll
+ 2009-04-29 04:47 . 2009-07-19 16:46 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-02 14:26 . 2009-08-02 14:26 10608640 c:\windows\Installer\8f5e0.msi
+ 2009-08-02 14:25 . 2009-08-02 14:25 12377600 c:\windows\Installer\8f5d6.msi
+ 2009-07-29 12:34 . 2009-04-30 21:16 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-09-21 917504]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 188416]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-12 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-03 536576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2007-9-28 233472]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ASUS\\WL-520GU Wireless Router Utilities\\Discovery.exe"=
"c:\\Program Files\\ASUS\\Printer Utilities\\UsbService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6.7.2008 14:03 222456]
R2 UsbService;ASUS Virtual MFP Service;c:\program files\ASUS\Printer Utilities\UsbService.exe [8.5.2009 16:05 217088]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [8.5.2009 16:05 66432]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - SISPORT
*Deregistered* - SiSPort
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = proxy.karneval.cz:3128
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~1\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~1\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~1\WEBIE.DLL
LSP: imon.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Antonovičová\Data aplikací\Mozilla\Firefox\Profiles\vg435rd3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 14:41
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2332)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2009-08-04 14:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-04 12:46
ComboFix2.txt 2009-07-23 21:47
Před spuštěním: Volných bajtů: 47 050 567 680
Po spuštění: Volných bajtů: 47 037 165 568
448 --- E O F --- 2009-07-29 12:34
**************************
jak se vypina ten rezidentni stit? delam to zrejme blbe
cache jsem vymazala
dik.
Re: kryptik ZJ, ZY - prosim o pomoc
Omlouvám se za zpoždění 
Jak to vypadá s pc?
Poprosím o log ze Rsitu
Jak to vypadá s pc?
Poprosím o log ze Rsitu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Přispějete na provoz fóra?