Dobrý den.Potřeboval bych poradit. Na ploše u mého počítače mam tři soubory, které mi nejdou smazat. Menují se-Zpoved zraleho muze.doc, Zpoved zraleho muze(2).doc, Zpoved zraleho muze(3).doc
Když kliknu na odstranit, tak mi to napíše, že tuto položku nebylo možné vyhledat.
Mam operační systém Windows7. Chtěl sem zkusit Unlocker, ale nešel mi zpustit. Soubory mají velikost 0 bajtů.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Ivana at 2010-10-20 18:50:07
Microsoft Windows 7 Home Premium
System drive C: has 411 GB (90%) free of 459 GB
Total RAM: 2972 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:50:25, on 20.10.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Nuance\PDF Professional 6\PdfPro6Hook.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Ivana\Desktop\RSIT.exe
C:\Program Files\trend micro\Ivana.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe
O4 - HKLM\..\Run: [PDF6 Registry Controller] C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Open with Nuance PDF Converter 6.0 - res://C:\Program Files\Nuance\PDF Professional 6\cnvres_eng.dll /100
O8 - Extra context menu item: Open with PDF Professional 6 - res://C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Unknown owner - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe
--
End of file - 10824 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}]
PlusIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll [2009-02-06 249856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9}]
ZeonIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll [2009-03-26 475136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-18 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E3286BF1-E654-42FF-B4A6-5E111731DF6B} - Nuance PDF - C:\Program Files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll [2009-03-26 475136]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QLBController"=C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-01-28 256056]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-01-08 186904]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2010-01-12 563736]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-01-22 1684776]
"WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-09-01 499768]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-03-12 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-03-12 175640]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-03-12 166936]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2010-01-29 495708]
"PDFHook"=C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe [2009-11-13 1277952]
"PDF6 Registry Controller"=C:\Program Files\Nuance\PDF Professional 6\RegistryController.exe [2009-11-03 110880]
"Nuance PDF Reader-reminder"=C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe [2008-11-03 328992]
"avast5"=C:\Program Files\Avast5\avastUI.exe [2010-09-07 2838912]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"BDRegion"=C:\Program Files\Cyberlink\Shared files\brs.exe [2010-03-13 75048]
"RemoteControl10"=C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2010-01-22 2363392]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisorDock]
C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2009-05-05 222496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
C:\Program Files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe UNATTENDED []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-01-25 225792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-10-20 18:50:07 ----D---- C:\rsit
2010-10-20 18:50:07 ----D---- C:\Program Files\trend micro
2010-10-20 15:54:16 ----D---- C:\Users\Ivana\AppData\Roaming\Roxio Log Files
2010-10-20 15:21:11 ----D---- C:\Program Files\Common Files\CyberLink
2010-10-19 17:32:58 ----D---- C:\ProgramData\Temp
2010-10-19 17:31:22 ----D---- C:\Users\Ivana\AppData\Roaming\CyberLink
2010-10-19 17:30:49 ----D---- C:\ProgramData\CyberLink
2010-10-19 17:29:33 ----D---- C:\Program Files\CyberLink
2010-10-19 17:29:19 ----N---- C:\windows\system32\msxml3a.dll
2010-10-19 17:18:57 ----A---- C:\windows\DXT8AC2.tmp
2010-10-19 04:41:50 ----D---- C:\Users\Ivana\AppData\Roaming\Tank Combat
2010-10-18 23:04:47 ----D---- C:\Users\Ivana\AppData\Roaming\Ankh
2010-10-18 23:01:40 ----D---- C:\Program Files\ABC
2010-10-18 19:44:37 ----D---- C:\GAMES
2010-10-18 19:43:21 ----RASH---- C:\MSDOS.SYS
2010-10-18 19:43:21 ----RASH---- C:\IO.SYS
2010-10-18 19:02:59 ----N---- C:\windows\system32\regsvr32.exe.log
2010-10-18 18:46:47 ----D---- C:\ProgramData\LightScribe
2010-10-18 18:46:36 ----D---- C:\Users\Ivana\AppData\Roaming\Nero
2010-10-18 18:43:10 ----N---- C:\windows\system32\MsiExec.exe.log
2010-10-18 18:40:46 ----D---- C:\ProgramData\Nero
2010-10-18 18:40:46 ----D---- C:\Program Files\Common Files\Nero
2010-10-18 18:25:58 ----D---- C:\Users\Ivana\AppData\Roaming\WinRAR
2010-10-18 18:19:51 ----D---- C:\Program Files\WinRAR
2010-10-18 17:44:05 ----D---- C:\Users\Ivana\AppData\Roaming\Media Player Classic
2010-10-18 17:40:59 ----N---- C:\windows\system32\unrar.dll
2010-10-18 17:40:58 ----A---- C:\windows\avisplitter.ini
2010-10-18 17:40:54 ----N---- C:\windows\system32\yv12vfw.dll
2010-10-18 17:40:54 ----N---- C:\windows\system32\xvidvfw.dll
2010-10-18 17:40:54 ----N---- C:\windows\system32\xvidcore.dll
2010-10-18 17:40:54 ----N---- C:\windows\system32\ff_vfw.dll.manifest
2010-10-18 17:40:54 ----N---- C:\windows\system32\ff_vfw.dll
2010-10-18 17:40:52 ----D---- C:\Program Files\K-Lite Codec Pack
2010-10-18 17:22:32 ----D---- C:\Program Files\Verdict Free
2010-10-18 17:19:16 ----D---- C:\Users\Ivana\AppData\Roaming\OpenOffice.org
2010-10-18 17:18:08 ----D---- C:\Program Files\OpenOffice.org 3
2010-10-18 17:17:31 ----D---- C:\Program Files\Open Office 3.2
2010-10-18 16:58:30 ----D---- C:\Program Files\Microsoft Office
2010-10-18 16:58:12 ----D---- C:\Program Files\MSECache
2010-10-18 16:49:54 ----D---- C:\ProgramData\Sun
2010-10-18 16:49:54 ----D---- C:\Program Files\Common Files\Java
2010-10-18 16:49:33 ----N---- C:\windows\system32\javaws.exe
2010-10-18 16:49:33 ----N---- C:\windows\system32\javaw.exe
2010-10-18 16:49:33 ----N---- C:\windows\system32\java.exe
2010-10-18 16:49:33 ----N---- C:\windows\system32\deployJava1.dll
2010-10-18 16:49:22 ----D---- C:\Program Files\Java
2010-10-18 16:37:31 ----D---- C:\ProgramData\Adobe
2010-10-18 16:37:22 ----D---- C:\Program Files\Common Files\Adobe
2010-10-18 16:37:22 ----D---- C:\Program Files\Adobe
2010-10-18 16:16:08 ----N---- C:\windows\system32\drivers\aswSP.sys
2010-10-18 16:16:08 ----N---- C:\windows\system32\drivers\aswRdr.sys
2010-10-18 16:16:08 ----N---- C:\windows\system32\drivers\aswFsBlk.sys
2010-10-18 16:16:07 ----N---- C:\windows\system32\drivers\aswTdi.sys
2010-10-18 16:16:07 ----N---- C:\windows\system32\drivers\aswMonFlt.sys
2010-10-18 16:15:44 ----N---- C:\windows\system32\aswBoot.exe
2010-10-18 16:15:42 ----D---- C:\ProgramData\Alwil Software
2010-10-18 16:15:42 ----D---- C:\Program Files\Avast5
2010-10-18 15:32:23 ----D---- C:\Users\Ivana\AppData\Roaming\Mozilla
2010-10-18 15:32:16 ----D---- C:\Program Files\Mozilla Firefox
2010-10-18 15:03:11 ----A---- C:\windows\system32\PresentationHostProxy.dll
2010-10-18 15:03:11 ----A---- C:\windows\system32\PresentationHost.exe
2010-10-18 15:03:11 ----A---- C:\windows\system32\netfxperf.dll
2010-10-18 15:03:11 ----A---- C:\windows\system32\mscoree.dll
2010-10-18 15:03:11 ----A---- C:\windows\system32\dfshim.dll
2010-10-18 15:00:51 ----A---- C:\windows\system32\browserchoice.exe
2010-10-18 14:58:43 ----N---- C:\windows\system32\MRT.exe
2010-10-18 14:58:28 ----D---- C:\Program Files\MSXML 4.0
2010-10-18 14:57:43 ----A---- C:\windows\system32\rtutils.dll
2010-10-18 14:57:42 ----A---- C:\windows\system32\mfc40u.dll
2010-10-18 14:57:42 ----A---- C:\windows\system32\mfc40.dll
2010-10-18 14:57:35 ----A---- C:\windows\system32\lsasrv.dll
2010-10-18 14:57:35 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2010-10-18 14:57:34 ----A---- C:\windows\system32\shell32.dll
2010-10-18 14:57:32 ----A---- C:\windows\system32\mshtml.dll
2010-10-18 14:57:32 ----A---- C:\windows\system32\ieframe.dll
2010-10-18 14:57:31 ----A---- C:\windows\system32\urlmon.dll
2010-10-18 14:57:31 ----A---- C:\windows\system32\mstime.dll
2010-10-18 14:57:31 ----A---- C:\windows\system32\msfeeds.dll
2010-10-18 14:57:31 ----A---- C:\windows\system32\iertutil.dll
2010-10-18 14:57:30 ----A---- C:\windows\system32\wininet.dll
2010-10-18 14:57:30 ----A---- C:\windows\system32\mshtmled.dll
2010-10-18 14:57:30 ----A---- C:\windows\system32\msfeedsbs.dll
2010-10-18 14:57:30 ----A---- C:\windows\system32\licmgr10.dll
2010-10-18 14:57:30 ----A---- C:\windows\system32\ieui.dll
2010-10-18 14:57:30 ----A---- C:\windows\system32\iepeers.dll
2010-10-18 14:57:30 ----A---- C:\windows\system32\iedkcs32.dll
2010-10-18 14:57:29 ----A---- C:\windows\system32\t2embed.dll
2010-10-18 14:57:29 ----A---- C:\windows\system32\msfeedssync.exe
2010-10-18 14:57:29 ----A---- C:\windows\system32\jsproxy.dll
2010-10-18 14:57:28 ----A---- C:\windows\system32\schannel.dll
2010-10-18 14:57:27 ----A---- C:\windows\system32\tzres.dll
2010-10-18 14:57:25 ----A---- C:\windows\system32\wmpmde.dll
2010-10-18 14:57:25 ----A---- C:\windows\explorer.exe
2010-10-18 14:57:24 ----A---- C:\windows\system32\winlogon.exe
2010-10-18 14:57:24 ----A---- C:\windows\system32\ntoskrnl.exe
2010-10-18 14:57:24 ----A---- C:\windows\system32\ntkrnlpa.exe
2010-10-18 14:57:22 ----A---- C:\windows\system32\quartz.dll
2010-10-18 14:57:22 ----A---- C:\windows\system32\ole32.dll
2010-10-18 14:57:22 ----A---- C:\windows\system32\msvidc32.dll
2010-10-18 14:57:22 ----A---- C:\windows\system32\mciavi32.dll
2010-10-18 14:57:22 ----A---- C:\windows\system32\iyuv_32.dll
2010-10-18 14:57:22 ----A---- C:\windows\system32\avifil32.dll
2010-10-18 14:57:21 ----A---- C:\windows\system32\tsbyuv.dll
2010-10-18 14:57:21 ----A---- C:\windows\system32\msyuv.dll
2010-10-18 14:57:21 ----A---- C:\windows\system32\msrle32.dll
2010-10-18 14:57:20 ----A---- C:\windows\system32\wmp.dll
2010-10-18 14:57:18 ----A---- C:\windows\system32\wmploc.DLL
2010-10-18 14:57:18 ----A---- C:\windows\system32\inetcomm.dll
2010-10-18 14:57:17 ----A---- C:\windows\system32\kernel32.dll
2010-10-18 14:57:17 ----A---- C:\windows\system32\jscript.dll
2010-10-18 14:57:16 ----A---- C:\windows\system32\vbscript.dll
2010-10-18 14:57:16 ----A---- C:\windows\system32\apphelp.dll
2010-10-18 14:57:15 ----A---- C:\windows\system32\comctl32.dll
2010-10-18 14:57:14 ----A---- C:\windows\system32\msxml3.dll
2010-10-18 14:57:14 ----A---- C:\windows\system32\drivers\tcpip.sys
2010-10-18 14:57:13 ----A---- C:\windows\system32\srvsvc.dll
2010-10-18 14:57:13 ----A---- C:\windows\system32\spoolsv.exe
2010-10-18 14:57:13 ----A---- C:\windows\system32\drivers\srvnet.sys
2010-10-18 14:57:13 ----A---- C:\windows\system32\drivers\srv2.sys
2010-10-18 14:57:13 ----A---- C:\windows\system32\drivers\srv.sys
2010-10-18 14:57:12 ----A---- C:\windows\system32\ir32_32.dll
2010-10-18 14:57:12 ----A---- C:\windows\system32\iccvid.dll
2010-10-18 14:57:11 ----A---- C:\windows\system32\win32k.sys
2010-10-18 14:57:11 ----A---- C:\windows\system32\StructuredQuery.dll
2010-10-18 14:57:01 ----A---- C:\windows\system32\asycfilt.dll
2010-10-18 14:55:59 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2010-10-18 14:55:59 ----A---- C:\windows\system32\drivers\mrxsmb.sys
2010-10-18 14:55:58 ----A---- C:\windows\system32\drivers\mrxsmb20.sys
2010-10-18 14:55:19 ----A---- C:\windows\system32\fontsub.dll
2010-10-18 14:55:19 ----A---- C:\windows\system32\atmlib.dll
2010-10-18 14:55:19 ----A---- C:\windows\system32\atmfd.dll
2010-10-14 17:38:44 ----D---- C:\Users\Ivana\AppData\Roaming\SPORE Creature Creator
2010-10-08 15:17:20 ----D---- C:\Program Files\Drahokamovy mic - Davne legendy
2010-10-08 15:09:35 ----D---- C:\Program Files\Electronic Arts
2010-10-08 14:59:14 ----D---- C:\Program Files\FlatOut2
2010-10-05 13:21:27 ----D---- C:\Users\Ivana\AppData\Roaming\dvdcss
2010-10-01 13:13:45 ----D---- C:\ProgramData\Úžasná tajemství mistra Leonarda
2010-10-01 13:13:18 ----D---- C:\Program Files\Úžasná tajemství Mistra Leonarda
2010-09-24 13:41:41 ----D---- C:\Program Files\Brana svetu - cesta za horizont
2010-09-24 13:37:26 ----D---- C:\Program Files\Katčin Rybí krámek
2010-09-24 13:36:04 ----D---- C:\Users\Ivana\AppData\Roaming\V-Games
2010-09-24 13:35:50 ----D---- C:\Program Files\Alenka 2 - Kouzelná země
2010-09-24 13:34:38 ----D---- C:\Users\Ivana\AppData\Roaming\BeachPartyCraze
2010-09-24 13:34:04 ----D---- C:\Program Files\Bláznivé prázdniny na pláži
2010-09-24 13:32:25 ----D---- C:\Users\Ivana\AppData\Roaming\Friday's games
2010-09-24 13:32:13 ----D---- C:\Program Files\Montezumova pomsta
2010-09-24 13:30:09 ----D---- C:\Users\Ivana\AppData\Roaming\Boolat Games
2010-09-24 13:30:00 ----D---- C:\Program Files\Restaurace U Amálky
2010-09-24 13:27:07 ----D---- C:\ProgramData\Aliasworlds
2010-09-24 13:26:49 ----D---- C:\Program Files\Medvěd Míša - Zakletý hrad
2010-09-24 13:25:47 ----D---- C:\Users\Ivana\AppData\Roaming\FashionCrazeChech
2010-09-24 13:25:15 ----D---- C:\Program Files\Módní salón
2010-09-24 13:22:29 ----D---- C:\Users\Ivana\AppData\Roaming\Alawar
2010-09-24 13:21:33 ----D---- C:\Program Files\Ovečky
2010-09-24 13:19:36 ----D---- C:\Program Files\Moje farma
======List of files/folders modified in the last 1 months======
2010-10-20 18:50:13 ----D---- C:\windows\Temp
2010-10-20 18:50:07 ----RD---- C:\Program Files
2010-10-20 18:26:25 ----D---- C:\Users\Ivana\AppData\Roaming\Skype
2010-10-20 18:21:23 ----D---- C:\windows\System32
2010-10-20 18:21:23 ----D---- C:\windows\inf
2010-10-20 18:21:23 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-10-20 18:18:15 ----D---- C:\Users\Ivana\AppData\Roaming\skypePM
2010-10-20 18:17:12 ----HD---- C:\ProgramData
2010-10-20 16:28:43 ----D---- C:\Windows
2010-10-20 16:16:16 ----D---- C:\windows\debug
2010-10-20 16:11:01 ----D---- C:\windows\system32\Tasks
2010-10-20 16:00:19 ----D---- C:\ProgramData\Uninstall
2010-10-20 15:57:23 ----SHD---- C:\windows\Installer
2010-10-20 15:57:22 ----D---- C:\Program Files\Common Files\Roxio Shared
2010-10-20 15:57:19 ----D---- C:\Program Files\Common Files
2010-10-20 15:56:58 ----D---- C:\windows\system32\catroot
2010-10-20 15:56:48 ----D---- C:\windows\system32\drivers
2010-10-20 15:56:43 ----RSD---- C:\windows\Fonts
2010-10-20 15:56:10 ----D---- C:\ProgramData\Roxio
2010-10-20 15:55:58 ----SHD---- C:\System Volume Information
2010-10-20 15:21:11 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-20 15:19:47 ----N---- C:\windows\system32\msvcp71.dll
2010-10-19 18:35:00 ----N---- C:\windows\system32\msvcr71.dll
2010-10-19 17:14:49 ----D---- C:\Program Files\Common Files\InstallShield
2010-10-19 17:12:06 ----D---- C:\windows\system32\config
2010-10-19 16:47:15 ----D---- C:\windows\rescache
2010-10-19 16:29:55 ----D---- C:\windows\Microsoft.NET
2010-10-19 16:29:46 ----RSD---- C:\windows\assembly
2010-10-19 11:34:36 ----D---- C:\Program Files\Cesta za dobrodružstvím - Kouzelné obrazy
2010-10-19 03:40:28 ----D---- C:\windows\system32\NDF
2010-10-18 18:40:44 ----D---- C:\windows\Cursors
2010-10-18 18:31:41 ----D---- C:\ProgramData\WinZip
2010-10-18 18:29:19 ----SD---- C:\Users\Ivana\AppData\Roaming\Microsoft
2010-10-18 17:18:48 ----D---- C:\windows\winsxs
2010-10-18 16:58:31 ----D---- C:\Program Files\Common Files\microsoft shared
2010-10-18 16:42:14 ----D---- C:\Users\Ivana\AppData\Roaming\Adobe
2010-10-18 16:02:19 ----SD---- C:\ProgramData\Microsoft
2010-10-18 15:30:40 ----D---- C:\windows\Prefetch
2010-10-18 15:07:35 ----D---- C:\windows\system32\migration
2010-10-18 15:07:35 ----D---- C:\windows\system32\cs-CZ
2010-10-18 15:07:35 ----D---- C:\Program Files\Internet Explorer
2010-10-18 15:07:34 ----D---- C:\Program Files\Windows Media Player
2010-10-18 15:07:34 ----D---- C:\Program Files\Windows Mail
2010-10-18 15:03:15 ----D---- C:\windows\system32\catroot2
2010-10-08 15:17:40 ----D---- C:\Users\Ivana\AppData\Roaming\URSE Games
2010-09-29 20:28:05 ----D---- C:\Program Files\Kouzelná farma
2010-09-25 10:52:00 ----D---- C:\Program Files\OTTD
2010-09-24 17:27:31 ----D---- C:\Users\Ivana\AppData\Roaming\Artogon
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-01-08 331288]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr.sys [2010-09-07 23376]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/20 15:21:19]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 87536]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2009-11-02 1163328]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2009-07-16 15872]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-01-25 6282240]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-13 257568]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 996896]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2010-01-19 1763968]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt.sys [2010-01-29 423424]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-01-22 234800]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-01-07 86056]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2010-01-07 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-01-07 18472]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [2009-03-03 81920]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-11-02 14336]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-29 595232]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-28 265272]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2010-01-08 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2010-01-12 635416]
R2 PDFProFiltSrv;PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-11-03 134944]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe [2010-01-29 229458]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-12-18 230968]
S2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe []
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Mám podezření na vir?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Mám podezření na vir?
Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 tímto skriptem:
Files to delete:
C:\Users\Ivana\Desktop\Zpoved zraleho muze.doc
C:\Users\Ivana\Desktop\Zpoved zraleho muze(2).doc
C:\Users\Ivana\Desktop\Zpoved zraleho muze(3).doc
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
vaclavka83
- Návštěvník
- Příspěvky: 238
- Registrován: 14 čer 2010 13:52
Re: Mám podezření na vir?
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\Users\Ivana\Desktop\Zpoved zraleho muze.doc" not found!
Deletion of file "C:\Users\Ivana\Desktop\Zpoved zraleho muze.doc" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Users\Ivana\Desktop\Zpoved zraleho muze(2).doc" not found!
Deletion of file "C:\Users\Ivana\Desktop\Zpoved zraleho muze(2).doc" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Users\Ivana\Desktop\Zpoved zraleho muze(3).doc" not found!
Deletion of file "C:\Users\Ivana\Desktop\Zpoved zraleho muze(3).doc" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "C:\Users\Ivana\Desktop\Zpoved zraleho muze.doc" not found!
Deletion of file "C:\Users\Ivana\Desktop\Zpoved zraleho muze.doc" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Users\Ivana\Desktop\Zpoved zraleho muze(2).doc" not found!
Deletion of file "C:\Users\Ivana\Desktop\Zpoved zraleho muze(2).doc" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Users\Ivana\Desktop\Zpoved zraleho muze(3).doc" not found!
Deletion of file "C:\Users\Ivana\Desktop\Zpoved zraleho muze(3).doc" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Mám podezření na vir?
Avenger tvrdí, že souibory neexistují. Udělejte checkdisk s opravou chyb a zkuste to ještě jednou.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
vaclavka83
- Návštěvník
- Příspěvky: 238
- Registrován: 14 čer 2010 13:52
Re: Mám podezření na vir?
Děkuji za radu.Program checkdisk sem stáhnul a otevřel, ale jelikož je v angličtině, tak si nejsem jistý co zaškrtnout?Correct Errors je asi ta oprava chyb. Co je Verbose? Mam to nechat zaškrtnuté? A jaký tip testu?Standard, Thorough nebo Check if dirty.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Mám podezření na vir?
??? Proč? Checkdisk je systémový nástroj. Otevřte tento počítač, pak pravým myšítkem na ikonu disku>vlastnosti>nástroje>kontrola chyb (zaškrtnout aut. opravovat chyby).Program checkdisk sem stáhnul.....
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
vaclavka83
- Návštěvník
- Příspěvky: 238
- Registrován: 14 čer 2010 13:52
Re: Mám podezření na vir?
To už jsem zkoušel. Dával jsem kontrolu discu s opravou chyb, Ale nepomohlo to. Proto jsem to chtěl zkusit přez program checkdisk, který sem stáhnul z intertnetu.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Mám podezření na vir?
Stáhněte ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe a uložte ho na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu. Při startu neinstalujte konzolu pro zotavení a vypněte rezident antiviru, příp. dalšího bezp. sw.Files::
C:\Users\Ivana\Desktop\Zpoved zraleho muze.doc
C:\Users\Ivana\Desktop\Zpoved zraleho muze(2).doc
C:\Users\Ivana\Desktop\Zpoved zraleho muze(3).doc
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
vaclavka83
- Návštěvník
- Příspěvky: 238
- Registrován: 14 čer 2010 13:52
Re: Mám podezření na vir?
Tak jsem snad vše udělal správně. Soubory na ploše zůstali. Přikládám log. Na konzolu zotavení se mě ani neptali.
ComboFix 10-10-23.01 - Ivana 24.10.2010 13:48:05.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2972.1884 [GMT 2:00]
Spuštěný z: c:\users\Ivana\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ivana\Desktop\CFScript.txt.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-24 do 2010-10-24 )))))))))))))))))))))))))))))))
.
2010-10-24 11:37 . 2010-10-18 07:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{666A3C82-E3CC-4112-8A2C-28B45FA883A0}\mpengine.dll
2010-10-24 11:37 . 2010-10-24 11:37 -------- d-----w- c:\windows\system32\Wat
2010-10-24 10:42 . 2010-10-24 10:42 -------- d-----w- c:\users\Ivana\AppData\Roaming\PlayFirst
2010-10-24 10:42 . 2010-10-24 10:42 -------- d-----w- c:\programdata\PlayFirst
2010-10-24 10:09 . 2010-10-24 10:10 -------- d-----w- c:\users\Ivana\AppData\Roaming\PetShowCraze
2010-10-24 09:59 . 2010-10-24 10:00 -------- d-----w- c:\users\Ivana\AppData\Roaming\Gold Casual Games
2010-10-24 09:49 . 2010-10-24 09:49 -------- d-----w- c:\users\Ivana\AppData\Local\Turtix
2010-10-24 09:36 . 2010-10-24 09:36 -------- d-----w- c:\users\Ivana\AppData\Local\EleFun Games
2010-10-24 09:34 . 2010-10-24 09:34 -------- d-----w- c:\programdata\Product
2010-10-24 07:24 . 2010-10-24 09:20 -------- d-----w- c:\programdata\Alawar Stargaze
2010-10-24 07:09 . 2010-10-24 07:09 -------- d-----w- c:\users\Ivana\AppData\Roaming\Gaijin Ent
2010-10-24 06:41 . 2010-10-24 06:41 -------- d-----w- c:\users\Ivana\AppData\Roaming\SprillBermudeChech
2010-10-24 06:34 . 2010-10-24 06:35 -------- d-----w- c:\users\Ivana\AppData\Roaming\MagicBall3
2010-10-23 20:45 . 2010-10-23 20:45 -------- d-----w- c:\users\Ivana\AppData\Roaming\Zak&Jack
2010-10-23 20:31 . 2010-10-23 20:31 -------- d-----w- c:\programdata\VirtualFarm
2010-10-23 19:31 . 2010-10-23 19:31 -------- d-----w- c:\users\Ivana\AppData\Local\STARGAZE_IMAGE_CACHE
2010-10-23 17:50 . 2010-10-23 17:50 -------- d-----w- c:\programdata\Friday's games
2010-10-23 16:44 . 2010-10-23 16:44 -------- d-----w- c:\program files\Mesto zabavy
2010-10-23 15:38 . 2010-10-24 10:29 -------- d-----w- c:\users\Ivana\AppData\Roaming\EleFun Games
2010-10-23 12:55 . 2010-10-24 09:57 -------- d-----w- c:\users\Ivana\AppData\Roaming\Shape games
2010-10-23 12:47 . 2010-10-23 12:47 -------- d-----w- c:\programdata\Alex Gordon
2010-10-22 10:46 . 2010-10-22 10:45 286720 ----a-w- c:\windows\iun506.exe
2010-10-21 16:11 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-21 16:11 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-21 16:11 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-21 16:10 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-21 16:10 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-21 16:10 . 2010-05-09 09:13 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-21 16:10 . 2010-05-09 09:13 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-21 16:10 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-21 16:10 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-10-21 16:10 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-10-21 15:49 . 2010-10-21 15:49 -------- d-----w- c:\users\Ivana\AppData\Roaming\Ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\users\Ivana\AppData\Local\ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\programdata\ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\program files\Ashampoo
2010-10-21 14:28 . 2010-10-21 14:28 -------- d-----r- c:\program files\Skype
2010-10-21 14:15 . 2010-10-21 14:15 -------- d-----w- c:\users\Ivana\AppData\Local\Apps
2010-10-20 16:50 . 2010-10-20 16:50 -------- d-----w- C:\rsit
2010-10-20 16:50 . 2010-10-20 16:50 -------- d-----w- c:\program files\trend micro
2010-10-20 13:54 . 2010-10-20 13:54 -------- d-----w- c:\users\Ivana\AppData\Roaming\Roxio Log Files
2010-10-20 13:53 . 2010-10-20 13:53 -------- d-----w- c:\users\Ivana\AppData\Local\MicroVision Applications
2010-10-20 13:31 . 2010-10-20 13:37 -------- d-----w- c:\users\Ivana\AppData\Local\Cyberlink
2010-10-20 13:21 . 2010-10-20 13:21 -------- d-----w- c:\program files\Common Files\CyberLink
2010-10-19 16:36 . 2010-10-19 16:36 -------- d-----w- c:\users\Public\CyberLink
2010-10-19 15:31 . 2010-10-20 13:38 -------- d-----w- c:\users\Ivana\AppData\Roaming\CyberLink
2010-10-19 15:30 . 2010-10-20 13:31 -------- d-----w- c:\programdata\CyberLink
2010-10-19 15:29 . 2010-10-20 13:20 -------- d-----w- c:\program files\CyberLink
2010-10-19 15:29 . 2010-10-20 13:19 29480 ------w- c:\windows\system32\msxml3a.dll
2010-10-19 15:18 . 2010-10-19 15:18 0 ----a-w- c:\windows\DXT8AC2.tmp
2010-10-19 02:41 . 2010-10-19 02:41 -------- d-----w- c:\users\Ivana\AppData\Roaming\Tank Combat
2010-10-18 17:44 . 2010-10-24 10:44 -------- d-----w- C:\GAMES
2010-10-18 16:46 . 2010-10-18 16:46 -------- d-----w- c:\programdata\LightScribe
2010-10-18 16:40 . 2010-10-21 15:44 -------- d-----w- c:\programdata\Nero
2010-10-18 15:44 . 2010-10-20 14:16 -------- d-----w- c:\users\Ivana\AppData\Roaming\Media Player Classic
2010-10-18 15:40 . 2010-03-15 09:31 165376 ------w- c:\windows\system32\unrar.dll
2010-10-18 15:40 . 2010-01-17 15:18 151552 ------w- c:\windows\system32\ac3acm.acm
2010-10-18 15:40 . 2008-09-24 18:41 839680 ------w- c:\windows\system32\lameACM.acm
2010-10-18 15:40 . 2010-09-14 08:00 108032 ------w- c:\windows\system32\ff_vfw.dll
2010-10-18 15:40 . 2010-06-08 16:10 790528 ------w- c:\windows\system32\xvidcore.dll
2010-10-18 15:40 . 2010-06-08 16:10 134144 ------w- c:\windows\system32\xvidvfw.dll
2010-10-18 15:40 . 2004-01-25 16:18 217088 ------w- c:\windows\system32\yv12vfw.dll
2010-10-18 15:40 . 2010-10-18 15:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-10-18 15:22 . 2010-10-18 15:22 -------- d-----w- c:\program files\Verdict Free
2010-10-18 15:19 . 2010-10-18 15:19 -------- d-----w- c:\users\Ivana\AppData\Roaming\OpenOffice.org
2010-10-18 15:18 . 2010-10-18 15:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-18 15:17 . 2010-10-18 15:17 -------- d-----w- c:\program files\Open Office 3.2
2010-10-18 15:10 . 2010-10-18 15:10 -------- d-----w- c:\users\Ivana\AppData\Local\ElevatedDiagnostics
2010-10-18 14:58 . 2010-10-18 14:58 -------- d-----w- c:\program files\MSECache
2010-10-18 14:49 . 2010-10-18 14:49 -------- d-----w- c:\program files\Common Files\Java
2010-10-18 14:49 . 2010-10-18 14:49 472808 ------w- c:\windows\system32\deployJava1.dll
2010-10-18 14:49 . 2010-10-18 14:49 -------- d-----w- c:\program files\Java
2010-10-18 14:42 . 2010-10-18 14:42 -------- d-----w- c:\users\Ivana\AppData\Local\Adobe
2010-10-18 14:37 . 2010-10-18 14:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-18 14:16 . 2010-09-07 14:52 165584 ------w- c:\windows\system32\drivers\aswSP.sys
2010-10-18 14:16 . 2010-09-07 14:47 23376 ------w- c:\windows\system32\drivers\aswRdr.sys
2010-10-18 14:16 . 2010-09-07 14:47 17744 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-18 14:16 . 2010-09-07 14:52 46672 ------w- c:\windows\system32\drivers\aswTdi.sys
2010-10-18 14:16 . 2010-09-07 14:47 50768 ------w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-18 14:15 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-18 14:15 . 2010-09-07 15:11 167592 ------w- c:\windows\system32\aswBoot.exe
2010-10-18 14:15 . 2010-10-18 14:24 -------- d-----w- c:\program files\Avast5
2010-10-18 14:15 . 2010-10-18 14:15 -------- d-----w- c:\programdata\Alwil Software
2010-10-18 13:13 . 2010-10-18 13:13 -------- d-----w- c:\users\Ivana\AppData\Local\Mozilla
2010-10-18 13:03 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-18 13:03 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-18 13:03 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-18 13:03 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-18 13:03 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-18 13:00 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-18 12:58 . 2010-10-18 12:58 -------- d-----w- c:\program files\MSXML 4.0
2010-10-18 12:55 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-18 12:55 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-18 12:55 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-18 12:55 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-18 12:55 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-18 12:55 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-14 15:38 . 2010-10-18 17:24 -------- d-----w- c:\users\Ivana\AppData\Roaming\SPORE Creature Creator
2010-10-08 13:09 . 2010-10-08 13:09 -------- d-----w- c:\program files\Electronic Arts
2010-10-05 11:21 . 2010-10-05 11:21 -------- d-----w- c:\users\Ivana\AppData\Roaming\dvdcss
2010-10-01 11:13 . 2010-10-01 11:13 -------- d-----w- c:\programdata\Úžasná tajemství mistra Leonarda
2010-09-30 10:54 . 2010-10-18 13:35 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-09-30 10:39 . 2010-10-18 13:25 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 13:19 . 2003-03-19 04:14 505128 ------w- c:\windows\system32\msvcp71.dll
2010-10-19 16:35 . 2003-02-21 12:42 353576 ------w- c:\windows\system32\msvcr71.dll
2010-10-19 09:41 . 2010-08-19 11:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 13:58 . 2010-09-14 13:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-10-13 13:57 . 2010-09-14 13:19 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-21 05:36 . 2010-10-18 12:57 224256 ----a-w- c:\windows\system32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-28 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 166936]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-29 495708]
"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-11-13 1277952]
"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-11-03 110880]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"avast5"="c:\program files\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2009-05-05 14:06 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-24 1343400]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/20 15:21];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-28 265272]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-11-03 134944]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-29 997408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://www.bing.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\vqqnwr0a.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Nuance\PDF Professional 6\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\bin\nppdf.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-HPAdvisorDock - c:\program files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSConfigStartUp-NortonOnlineBackupReminder - c:\program files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4276)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe
c:\program files\Avast5\AvastSvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\taskhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-10-24 13:56:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-24 11:56
Před spuštěním: Volných bajtů: 436 657 852 416
Po spuštění: Volných bajtů: 436 408 901 632
- - End Of File - - C4C94687F79512C8754BA90C0D50A2FC
ComboFix 10-10-23.01 - Ivana 24.10.2010 13:48:05.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2972.1884 [GMT 2:00]
Spuštěný z: c:\users\Ivana\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ivana\Desktop\CFScript.txt.txt
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-24 do 2010-10-24 )))))))))))))))))))))))))))))))
.
2010-10-24 11:37 . 2010-10-18 07:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{666A3C82-E3CC-4112-8A2C-28B45FA883A0}\mpengine.dll
2010-10-24 11:37 . 2010-10-24 11:37 -------- d-----w- c:\windows\system32\Wat
2010-10-24 10:42 . 2010-10-24 10:42 -------- d-----w- c:\users\Ivana\AppData\Roaming\PlayFirst
2010-10-24 10:42 . 2010-10-24 10:42 -------- d-----w- c:\programdata\PlayFirst
2010-10-24 10:09 . 2010-10-24 10:10 -------- d-----w- c:\users\Ivana\AppData\Roaming\PetShowCraze
2010-10-24 09:59 . 2010-10-24 10:00 -------- d-----w- c:\users\Ivana\AppData\Roaming\Gold Casual Games
2010-10-24 09:49 . 2010-10-24 09:49 -------- d-----w- c:\users\Ivana\AppData\Local\Turtix
2010-10-24 09:36 . 2010-10-24 09:36 -------- d-----w- c:\users\Ivana\AppData\Local\EleFun Games
2010-10-24 09:34 . 2010-10-24 09:34 -------- d-----w- c:\programdata\Product
2010-10-24 07:24 . 2010-10-24 09:20 -------- d-----w- c:\programdata\Alawar Stargaze
2010-10-24 07:09 . 2010-10-24 07:09 -------- d-----w- c:\users\Ivana\AppData\Roaming\Gaijin Ent
2010-10-24 06:41 . 2010-10-24 06:41 -------- d-----w- c:\users\Ivana\AppData\Roaming\SprillBermudeChech
2010-10-24 06:34 . 2010-10-24 06:35 -------- d-----w- c:\users\Ivana\AppData\Roaming\MagicBall3
2010-10-23 20:45 . 2010-10-23 20:45 -------- d-----w- c:\users\Ivana\AppData\Roaming\Zak&Jack
2010-10-23 20:31 . 2010-10-23 20:31 -------- d-----w- c:\programdata\VirtualFarm
2010-10-23 19:31 . 2010-10-23 19:31 -------- d-----w- c:\users\Ivana\AppData\Local\STARGAZE_IMAGE_CACHE
2010-10-23 17:50 . 2010-10-23 17:50 -------- d-----w- c:\programdata\Friday's games
2010-10-23 16:44 . 2010-10-23 16:44 -------- d-----w- c:\program files\Mesto zabavy
2010-10-23 15:38 . 2010-10-24 10:29 -------- d-----w- c:\users\Ivana\AppData\Roaming\EleFun Games
2010-10-23 12:55 . 2010-10-24 09:57 -------- d-----w- c:\users\Ivana\AppData\Roaming\Shape games
2010-10-23 12:47 . 2010-10-23 12:47 -------- d-----w- c:\programdata\Alex Gordon
2010-10-22 10:46 . 2010-10-22 10:45 286720 ----a-w- c:\windows\iun506.exe
2010-10-21 16:11 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-21 16:11 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-21 16:11 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-21 16:10 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-21 16:10 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-21 16:10 . 2010-05-09 09:13 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-21 16:10 . 2010-05-09 09:13 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-21 16:10 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-21 16:10 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-10-21 16:10 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-10-21 15:49 . 2010-10-21 15:49 -------- d-----w- c:\users\Ivana\AppData\Roaming\Ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\users\Ivana\AppData\Local\ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\programdata\ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\program files\Ashampoo
2010-10-21 14:28 . 2010-10-21 14:28 -------- d-----r- c:\program files\Skype
2010-10-21 14:15 . 2010-10-21 14:15 -------- d-----w- c:\users\Ivana\AppData\Local\Apps
2010-10-20 16:50 . 2010-10-20 16:50 -------- d-----w- C:\rsit
2010-10-20 16:50 . 2010-10-20 16:50 -------- d-----w- c:\program files\trend micro
2010-10-20 13:54 . 2010-10-20 13:54 -------- d-----w- c:\users\Ivana\AppData\Roaming\Roxio Log Files
2010-10-20 13:53 . 2010-10-20 13:53 -------- d-----w- c:\users\Ivana\AppData\Local\MicroVision Applications
2010-10-20 13:31 . 2010-10-20 13:37 -------- d-----w- c:\users\Ivana\AppData\Local\Cyberlink
2010-10-20 13:21 . 2010-10-20 13:21 -------- d-----w- c:\program files\Common Files\CyberLink
2010-10-19 16:36 . 2010-10-19 16:36 -------- d-----w- c:\users\Public\CyberLink
2010-10-19 15:31 . 2010-10-20 13:38 -------- d-----w- c:\users\Ivana\AppData\Roaming\CyberLink
2010-10-19 15:30 . 2010-10-20 13:31 -------- d-----w- c:\programdata\CyberLink
2010-10-19 15:29 . 2010-10-20 13:20 -------- d-----w- c:\program files\CyberLink
2010-10-19 15:29 . 2010-10-20 13:19 29480 ------w- c:\windows\system32\msxml3a.dll
2010-10-19 15:18 . 2010-10-19 15:18 0 ----a-w- c:\windows\DXT8AC2.tmp
2010-10-19 02:41 . 2010-10-19 02:41 -------- d-----w- c:\users\Ivana\AppData\Roaming\Tank Combat
2010-10-18 17:44 . 2010-10-24 10:44 -------- d-----w- C:\GAMES
2010-10-18 16:46 . 2010-10-18 16:46 -------- d-----w- c:\programdata\LightScribe
2010-10-18 16:40 . 2010-10-21 15:44 -------- d-----w- c:\programdata\Nero
2010-10-18 15:44 . 2010-10-20 14:16 -------- d-----w- c:\users\Ivana\AppData\Roaming\Media Player Classic
2010-10-18 15:40 . 2010-03-15 09:31 165376 ------w- c:\windows\system32\unrar.dll
2010-10-18 15:40 . 2010-01-17 15:18 151552 ------w- c:\windows\system32\ac3acm.acm
2010-10-18 15:40 . 2008-09-24 18:41 839680 ------w- c:\windows\system32\lameACM.acm
2010-10-18 15:40 . 2010-09-14 08:00 108032 ------w- c:\windows\system32\ff_vfw.dll
2010-10-18 15:40 . 2010-06-08 16:10 790528 ------w- c:\windows\system32\xvidcore.dll
2010-10-18 15:40 . 2010-06-08 16:10 134144 ------w- c:\windows\system32\xvidvfw.dll
2010-10-18 15:40 . 2004-01-25 16:18 217088 ------w- c:\windows\system32\yv12vfw.dll
2010-10-18 15:40 . 2010-10-18 15:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-10-18 15:22 . 2010-10-18 15:22 -------- d-----w- c:\program files\Verdict Free
2010-10-18 15:19 . 2010-10-18 15:19 -------- d-----w- c:\users\Ivana\AppData\Roaming\OpenOffice.org
2010-10-18 15:18 . 2010-10-18 15:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-18 15:17 . 2010-10-18 15:17 -------- d-----w- c:\program files\Open Office 3.2
2010-10-18 15:10 . 2010-10-18 15:10 -------- d-----w- c:\users\Ivana\AppData\Local\ElevatedDiagnostics
2010-10-18 14:58 . 2010-10-18 14:58 -------- d-----w- c:\program files\MSECache
2010-10-18 14:49 . 2010-10-18 14:49 -------- d-----w- c:\program files\Common Files\Java
2010-10-18 14:49 . 2010-10-18 14:49 472808 ------w- c:\windows\system32\deployJava1.dll
2010-10-18 14:49 . 2010-10-18 14:49 -------- d-----w- c:\program files\Java
2010-10-18 14:42 . 2010-10-18 14:42 -------- d-----w- c:\users\Ivana\AppData\Local\Adobe
2010-10-18 14:37 . 2010-10-18 14:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-18 14:16 . 2010-09-07 14:52 165584 ------w- c:\windows\system32\drivers\aswSP.sys
2010-10-18 14:16 . 2010-09-07 14:47 23376 ------w- c:\windows\system32\drivers\aswRdr.sys
2010-10-18 14:16 . 2010-09-07 14:47 17744 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-18 14:16 . 2010-09-07 14:52 46672 ------w- c:\windows\system32\drivers\aswTdi.sys
2010-10-18 14:16 . 2010-09-07 14:47 50768 ------w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-18 14:15 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-18 14:15 . 2010-09-07 15:11 167592 ------w- c:\windows\system32\aswBoot.exe
2010-10-18 14:15 . 2010-10-18 14:24 -------- d-----w- c:\program files\Avast5
2010-10-18 14:15 . 2010-10-18 14:15 -------- d-----w- c:\programdata\Alwil Software
2010-10-18 13:13 . 2010-10-18 13:13 -------- d-----w- c:\users\Ivana\AppData\Local\Mozilla
2010-10-18 13:03 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-18 13:03 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-18 13:03 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-18 13:03 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-18 13:03 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-18 13:00 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-18 12:58 . 2010-10-18 12:58 -------- d-----w- c:\program files\MSXML 4.0
2010-10-18 12:55 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-18 12:55 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-18 12:55 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-18 12:55 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-18 12:55 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-18 12:55 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-14 15:38 . 2010-10-18 17:24 -------- d-----w- c:\users\Ivana\AppData\Roaming\SPORE Creature Creator
2010-10-08 13:09 . 2010-10-08 13:09 -------- d-----w- c:\program files\Electronic Arts
2010-10-05 11:21 . 2010-10-05 11:21 -------- d-----w- c:\users\Ivana\AppData\Roaming\dvdcss
2010-10-01 11:13 . 2010-10-01 11:13 -------- d-----w- c:\programdata\Úžasná tajemství mistra Leonarda
2010-09-30 10:54 . 2010-10-18 13:35 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-09-30 10:39 . 2010-10-18 13:25 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 13:19 . 2003-03-19 04:14 505128 ------w- c:\windows\system32\msvcp71.dll
2010-10-19 16:35 . 2003-02-21 12:42 353576 ------w- c:\windows\system32\msvcr71.dll
2010-10-19 09:41 . 2010-08-19 11:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 13:58 . 2010-09-14 13:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-10-13 13:57 . 2010-09-14 13:19 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-21 05:36 . 2010-10-18 12:57 224256 ----a-w- c:\windows\system32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-28 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 166936]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-29 495708]
"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-11-13 1277952]
"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-11-03 110880]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"avast5"="c:\program files\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2009-05-05 14:06 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-24 1343400]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/20 15:21];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-28 265272]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-11-03 134944]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-29 997408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://www.bing.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\vqqnwr0a.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Nuance\PDF Professional 6\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\bin\nppdf.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-HPAdvisorDock - c:\program files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
MSConfigStartUp-NortonOnlineBackupReminder - c:\program files\Symantec\Norton Online Backup\Activation\NOBuActivation.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(4276)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe
c:\program files\Avast5\AvastSvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\taskhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-10-24 13:56:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-24 11:56
Před spuštěním: Volných bajtů: 436 657 852 416
Po spuštění: Volných bajtů: 436 408 901 632
- - End Of File - - C4C94687F79512C8754BA90C0D50A2FC
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Mám podezření na vir?
Skript byl chybně uložen jako CFScript.txt.txt . Správně má být CFScript.txt. Uložte správně a zkuste ještě jednou.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
vaclavka83
- Návštěvník
- Příspěvky: 238
- Registrován: 14 čer 2010 13:52
Re: Mám podezření na vir?
ComboFix 10-10-23.02 - Ivana 24.10.2010 19:15:29.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2972.2094 [GMT 2:00]
Spuštěný z: c:\users\Ivana\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ivana\Desktop\CFScript.txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-24 do 2010-10-24 )))))))))))))))))))))))))))))))
.
2010-10-24 17:20 . 2010-10-24 17:21 -------- d-----w- c:\users\Ivana\AppData\Local\temp
2010-10-24 17:20 . 2010-10-24 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-24 11:37 . 2010-10-18 07:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{666A3C82-E3CC-4112-8A2C-28B45FA883A0}\mpengine.dll
2010-10-24 11:37 . 2010-10-24 11:37 -------- d-----w- c:\windows\system32\Wat
2010-10-24 10:42 . 2010-10-24 10:42 -------- d-----w- c:\users\Ivana\AppData\Roaming\PlayFirst
2010-10-24 10:42 . 2010-10-24 10:42 -------- d-----w- c:\programdata\PlayFirst
2010-10-24 10:09 . 2010-10-24 10:10 -------- d-----w- c:\users\Ivana\AppData\Roaming\PetShowCraze
2010-10-24 09:59 . 2010-10-24 10:00 -------- d-----w- c:\users\Ivana\AppData\Roaming\Gold Casual Games
2010-10-24 09:49 . 2010-10-24 09:49 -------- d-----w- c:\users\Ivana\AppData\Local\Turtix
2010-10-24 09:36 . 2010-10-24 09:36 -------- d-----w- c:\users\Ivana\AppData\Local\EleFun Games
2010-10-24 09:34 . 2010-10-24 09:34 -------- d-----w- c:\programdata\Product
2010-10-24 07:24 . 2010-10-24 09:20 -------- d-----w- c:\programdata\Alawar Stargaze
2010-10-24 07:09 . 2010-10-24 07:09 -------- d-----w- c:\users\Ivana\AppData\Roaming\Gaijin Ent
2010-10-24 06:41 . 2010-10-24 06:41 -------- d-----w- c:\users\Ivana\AppData\Roaming\SprillBermudeChech
2010-10-24 06:34 . 2010-10-24 06:35 -------- d-----w- c:\users\Ivana\AppData\Roaming\MagicBall3
2010-10-23 20:45 . 2010-10-23 20:45 -------- d-----w- c:\users\Ivana\AppData\Roaming\Zak&Jack
2010-10-23 20:31 . 2010-10-23 20:31 -------- d-----w- c:\programdata\VirtualFarm
2010-10-23 19:31 . 2010-10-23 19:31 -------- d-----w- c:\users\Ivana\AppData\Local\STARGAZE_IMAGE_CACHE
2010-10-23 17:50 . 2010-10-23 17:50 -------- d-----w- c:\programdata\Friday's games
2010-10-23 16:44 . 2010-10-23 16:44 -------- d-----w- c:\program files\Mesto zabavy
2010-10-23 15:38 . 2010-10-24 10:29 -------- d-----w- c:\users\Ivana\AppData\Roaming\EleFun Games
2010-10-23 12:55 . 2010-10-24 09:57 -------- d-----w- c:\users\Ivana\AppData\Roaming\Shape games
2010-10-23 12:47 . 2010-10-23 12:47 -------- d-----w- c:\programdata\Alex Gordon
2010-10-22 10:46 . 2010-10-22 10:45 286720 ----a-w- c:\windows\iun506.exe
2010-10-21 16:11 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-21 16:11 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-21 16:11 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-21 16:10 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-21 16:10 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-21 16:10 . 2010-05-09 09:13 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-21 16:10 . 2010-05-09 09:13 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-21 16:10 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-21 16:10 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-10-21 16:10 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-10-21 15:49 . 2010-10-21 15:49 -------- d-----w- c:\users\Ivana\AppData\Roaming\Ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\users\Ivana\AppData\Local\ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\programdata\ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\program files\Ashampoo
2010-10-21 14:28 . 2010-10-21 14:28 -------- d-----r- c:\program files\Skype
2010-10-21 14:15 . 2010-10-21 14:15 -------- d-----w- c:\users\Ivana\AppData\Local\Apps
2010-10-20 16:50 . 2010-10-20 16:50 -------- d-----w- C:\rsit
2010-10-20 16:50 . 2010-10-20 16:50 -------- d-----w- c:\program files\trend micro
2010-10-20 13:54 . 2010-10-20 13:54 -------- d-----w- c:\users\Ivana\AppData\Roaming\Roxio Log Files
2010-10-20 13:53 . 2010-10-20 13:53 -------- d-----w- c:\users\Ivana\AppData\Local\MicroVision Applications
2010-10-20 13:31 . 2010-10-20 13:37 -------- d-----w- c:\users\Ivana\AppData\Local\Cyberlink
2010-10-20 13:21 . 2010-10-20 13:21 -------- d-----w- c:\program files\Common Files\CyberLink
2010-10-19 16:36 . 2010-10-19 16:36 -------- d-----w- c:\users\Public\CyberLink
2010-10-19 15:31 . 2010-10-20 13:38 -------- d-----w- c:\users\Ivana\AppData\Roaming\CyberLink
2010-10-19 15:30 . 2010-10-20 13:31 -------- d-----w- c:\programdata\CyberLink
2010-10-19 15:29 . 2010-10-20 13:20 -------- d-----w- c:\program files\CyberLink
2010-10-19 15:29 . 2010-10-20 13:19 29480 ------w- c:\windows\system32\msxml3a.dll
2010-10-19 15:18 . 2010-10-19 15:18 0 ----a-w- c:\windows\DXT8AC2.tmp
2010-10-19 02:41 . 2010-10-19 02:41 -------- d-----w- c:\users\Ivana\AppData\Roaming\Tank Combat
2010-10-18 17:44 . 2010-10-24 10:44 -------- d-----w- C:\GAMES
2010-10-18 16:46 . 2010-10-18 16:46 -------- d-----w- c:\programdata\LightScribe
2010-10-18 16:40 . 2010-10-21 15:44 -------- d-----w- c:\programdata\Nero
2010-10-18 15:44 . 2010-10-20 14:16 -------- d-----w- c:\users\Ivana\AppData\Roaming\Media Player Classic
2010-10-18 15:40 . 2010-03-15 09:31 165376 ------w- c:\windows\system32\unrar.dll
2010-10-18 15:40 . 2010-01-17 15:18 151552 ------w- c:\windows\system32\ac3acm.acm
2010-10-18 15:40 . 2008-09-24 18:41 839680 ------w- c:\windows\system32\lameACM.acm
2010-10-18 15:40 . 2010-09-14 08:00 108032 ------w- c:\windows\system32\ff_vfw.dll
2010-10-18 15:40 . 2010-06-08 16:10 790528 ------w- c:\windows\system32\xvidcore.dll
2010-10-18 15:40 . 2010-06-08 16:10 134144 ------w- c:\windows\system32\xvidvfw.dll
2010-10-18 15:40 . 2004-01-25 16:18 217088 ------w- c:\windows\system32\yv12vfw.dll
2010-10-18 15:40 . 2010-10-18 15:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-10-18 15:22 . 2010-10-18 15:22 -------- d-----w- c:\program files\Verdict Free
2010-10-18 15:19 . 2010-10-18 15:19 -------- d-----w- c:\users\Ivana\AppData\Roaming\OpenOffice.org
2010-10-18 15:18 . 2010-10-18 15:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-18 15:17 . 2010-10-18 15:17 -------- d-----w- c:\program files\Open Office 3.2
2010-10-18 15:10 . 2010-10-18 15:10 -------- d-----w- c:\users\Ivana\AppData\Local\ElevatedDiagnostics
2010-10-18 14:58 . 2010-10-18 14:58 -------- d-----w- c:\program files\MSECache
2010-10-18 14:49 . 2010-10-18 14:49 -------- d-----w- c:\program files\Common Files\Java
2010-10-18 14:49 . 2010-10-18 14:49 472808 ------w- c:\windows\system32\deployJava1.dll
2010-10-18 14:49 . 2010-10-18 14:49 -------- d-----w- c:\program files\Java
2010-10-18 14:42 . 2010-10-18 14:42 -------- d-----w- c:\users\Ivana\AppData\Local\Adobe
2010-10-18 14:37 . 2010-10-18 14:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-18 14:16 . 2010-09-07 14:52 165584 ------w- c:\windows\system32\drivers\aswSP.sys
2010-10-18 14:16 . 2010-09-07 14:47 23376 ------w- c:\windows\system32\drivers\aswRdr.sys
2010-10-18 14:16 . 2010-09-07 14:47 17744 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-18 14:16 . 2010-09-07 14:52 46672 ------w- c:\windows\system32\drivers\aswTdi.sys
2010-10-18 14:16 . 2010-09-07 14:47 50768 ------w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-18 14:15 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-18 14:15 . 2010-09-07 15:11 167592 ------w- c:\windows\system32\aswBoot.exe
2010-10-18 14:15 . 2010-10-18 14:24 -------- d-----w- c:\program files\Avast5
2010-10-18 14:15 . 2010-10-18 14:15 -------- d-----w- c:\programdata\Alwil Software
2010-10-18 13:13 . 2010-10-18 13:13 -------- d-----w- c:\users\Ivana\AppData\Local\Mozilla
2010-10-18 13:03 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-18 13:03 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-18 13:03 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-18 13:03 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-18 13:03 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-18 13:00 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-18 12:58 . 2010-10-18 12:58 -------- d-----w- c:\program files\MSXML 4.0
2010-10-18 12:55 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-18 12:55 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-18 12:55 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-18 12:55 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-18 12:55 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-18 12:55 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-14 15:38 . 2010-10-18 17:24 -------- d-----w- c:\users\Ivana\AppData\Roaming\SPORE Creature Creator
2010-10-08 13:09 . 2010-10-08 13:09 -------- d-----w- c:\program files\Electronic Arts
2010-10-05 11:21 . 2010-10-05 11:21 -------- d-----w- c:\users\Ivana\AppData\Roaming\dvdcss
2010-10-01 11:13 . 2010-10-01 11:13 -------- d-----w- c:\programdata\Úžasná tajemství mistra Leonarda
2010-09-30 10:54 . 2010-10-18 13:35 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-09-30 10:39 . 2010-10-18 13:25 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 13:19 . 2003-03-19 04:14 505128 ------w- c:\windows\system32\msvcp71.dll
2010-10-19 16:35 . 2003-02-21 12:42 353576 ------w- c:\windows\system32\msvcr71.dll
2010-10-19 09:41 . 2010-08-19 11:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 13:58 . 2010-09-14 13:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-10-13 13:57 . 2010-09-14 13:19 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-21 05:36 . 2010-10-18 12:57 224256 ----a-w- c:\windows\system32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-28 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 166936]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-29 495708]
"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-11-13 1277952]
"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-11-03 110880]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"avast5"="c:\program files\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2009-05-05 14:06 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-24 1343400]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/20 15:21];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-28 265272]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-11-03 134944]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-29 997408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://www.bing.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\vqqnwr0a.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Nuance\PDF Professional 6\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\bin\nppdf.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5020)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe
c:\program files\Avast5\AvastSvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-10-24 19:23:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-24 17:23
ComboFix2.txt 2010-10-24 11:56
Před spuštěním: Volných bajtů: 436 244 574 208
Po spuštění: Volných bajtů: 436 144 484 352
- - End Of File - - 147FF747FD769DC6DCEC22B0CB532E51
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2972.2094 [GMT 2:00]
Spuštěný z: c:\users\Ivana\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ivana\Desktop\CFScript.txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-24 do 2010-10-24 )))))))))))))))))))))))))))))))
.
2010-10-24 17:20 . 2010-10-24 17:21 -------- d-----w- c:\users\Ivana\AppData\Local\temp
2010-10-24 17:20 . 2010-10-24 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-24 11:37 . 2010-10-18 07:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{666A3C82-E3CC-4112-8A2C-28B45FA883A0}\mpengine.dll
2010-10-24 11:37 . 2010-10-24 11:37 -------- d-----w- c:\windows\system32\Wat
2010-10-24 10:42 . 2010-10-24 10:42 -------- d-----w- c:\users\Ivana\AppData\Roaming\PlayFirst
2010-10-24 10:42 . 2010-10-24 10:42 -------- d-----w- c:\programdata\PlayFirst
2010-10-24 10:09 . 2010-10-24 10:10 -------- d-----w- c:\users\Ivana\AppData\Roaming\PetShowCraze
2010-10-24 09:59 . 2010-10-24 10:00 -------- d-----w- c:\users\Ivana\AppData\Roaming\Gold Casual Games
2010-10-24 09:49 . 2010-10-24 09:49 -------- d-----w- c:\users\Ivana\AppData\Local\Turtix
2010-10-24 09:36 . 2010-10-24 09:36 -------- d-----w- c:\users\Ivana\AppData\Local\EleFun Games
2010-10-24 09:34 . 2010-10-24 09:34 -------- d-----w- c:\programdata\Product
2010-10-24 07:24 . 2010-10-24 09:20 -------- d-----w- c:\programdata\Alawar Stargaze
2010-10-24 07:09 . 2010-10-24 07:09 -------- d-----w- c:\users\Ivana\AppData\Roaming\Gaijin Ent
2010-10-24 06:41 . 2010-10-24 06:41 -------- d-----w- c:\users\Ivana\AppData\Roaming\SprillBermudeChech
2010-10-24 06:34 . 2010-10-24 06:35 -------- d-----w- c:\users\Ivana\AppData\Roaming\MagicBall3
2010-10-23 20:45 . 2010-10-23 20:45 -------- d-----w- c:\users\Ivana\AppData\Roaming\Zak&Jack
2010-10-23 20:31 . 2010-10-23 20:31 -------- d-----w- c:\programdata\VirtualFarm
2010-10-23 19:31 . 2010-10-23 19:31 -------- d-----w- c:\users\Ivana\AppData\Local\STARGAZE_IMAGE_CACHE
2010-10-23 17:50 . 2010-10-23 17:50 -------- d-----w- c:\programdata\Friday's games
2010-10-23 16:44 . 2010-10-23 16:44 -------- d-----w- c:\program files\Mesto zabavy
2010-10-23 15:38 . 2010-10-24 10:29 -------- d-----w- c:\users\Ivana\AppData\Roaming\EleFun Games
2010-10-23 12:55 . 2010-10-24 09:57 -------- d-----w- c:\users\Ivana\AppData\Roaming\Shape games
2010-10-23 12:47 . 2010-10-23 12:47 -------- d-----w- c:\programdata\Alex Gordon
2010-10-22 10:46 . 2010-10-22 10:45 286720 ----a-w- c:\windows\iun506.exe
2010-10-21 16:11 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-21 16:11 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-21 16:11 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-21 16:10 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-21 16:10 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-21 16:10 . 2010-05-09 09:13 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-21 16:10 . 2010-05-09 09:13 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-21 16:10 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-21 16:10 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-10-21 16:10 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-10-21 15:49 . 2010-10-21 15:49 -------- d-----w- c:\users\Ivana\AppData\Roaming\Ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\users\Ivana\AppData\Local\ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\programdata\ashampoo
2010-10-21 15:48 . 2010-10-21 15:48 -------- d-----w- c:\program files\Ashampoo
2010-10-21 14:28 . 2010-10-21 14:28 -------- d-----r- c:\program files\Skype
2010-10-21 14:15 . 2010-10-21 14:15 -------- d-----w- c:\users\Ivana\AppData\Local\Apps
2010-10-20 16:50 . 2010-10-20 16:50 -------- d-----w- C:\rsit
2010-10-20 16:50 . 2010-10-20 16:50 -------- d-----w- c:\program files\trend micro
2010-10-20 13:54 . 2010-10-20 13:54 -------- d-----w- c:\users\Ivana\AppData\Roaming\Roxio Log Files
2010-10-20 13:53 . 2010-10-20 13:53 -------- d-----w- c:\users\Ivana\AppData\Local\MicroVision Applications
2010-10-20 13:31 . 2010-10-20 13:37 -------- d-----w- c:\users\Ivana\AppData\Local\Cyberlink
2010-10-20 13:21 . 2010-10-20 13:21 -------- d-----w- c:\program files\Common Files\CyberLink
2010-10-19 16:36 . 2010-10-19 16:36 -------- d-----w- c:\users\Public\CyberLink
2010-10-19 15:31 . 2010-10-20 13:38 -------- d-----w- c:\users\Ivana\AppData\Roaming\CyberLink
2010-10-19 15:30 . 2010-10-20 13:31 -------- d-----w- c:\programdata\CyberLink
2010-10-19 15:29 . 2010-10-20 13:20 -------- d-----w- c:\program files\CyberLink
2010-10-19 15:29 . 2010-10-20 13:19 29480 ------w- c:\windows\system32\msxml3a.dll
2010-10-19 15:18 . 2010-10-19 15:18 0 ----a-w- c:\windows\DXT8AC2.tmp
2010-10-19 02:41 . 2010-10-19 02:41 -------- d-----w- c:\users\Ivana\AppData\Roaming\Tank Combat
2010-10-18 17:44 . 2010-10-24 10:44 -------- d-----w- C:\GAMES
2010-10-18 16:46 . 2010-10-18 16:46 -------- d-----w- c:\programdata\LightScribe
2010-10-18 16:40 . 2010-10-21 15:44 -------- d-----w- c:\programdata\Nero
2010-10-18 15:44 . 2010-10-20 14:16 -------- d-----w- c:\users\Ivana\AppData\Roaming\Media Player Classic
2010-10-18 15:40 . 2010-03-15 09:31 165376 ------w- c:\windows\system32\unrar.dll
2010-10-18 15:40 . 2010-01-17 15:18 151552 ------w- c:\windows\system32\ac3acm.acm
2010-10-18 15:40 . 2008-09-24 18:41 839680 ------w- c:\windows\system32\lameACM.acm
2010-10-18 15:40 . 2010-09-14 08:00 108032 ------w- c:\windows\system32\ff_vfw.dll
2010-10-18 15:40 . 2010-06-08 16:10 790528 ------w- c:\windows\system32\xvidcore.dll
2010-10-18 15:40 . 2010-06-08 16:10 134144 ------w- c:\windows\system32\xvidvfw.dll
2010-10-18 15:40 . 2004-01-25 16:18 217088 ------w- c:\windows\system32\yv12vfw.dll
2010-10-18 15:40 . 2010-10-18 15:41 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-10-18 15:22 . 2010-10-18 15:22 -------- d-----w- c:\program files\Verdict Free
2010-10-18 15:19 . 2010-10-18 15:19 -------- d-----w- c:\users\Ivana\AppData\Roaming\OpenOffice.org
2010-10-18 15:18 . 2010-10-18 15:18 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-18 15:17 . 2010-10-18 15:17 -------- d-----w- c:\program files\Open Office 3.2
2010-10-18 15:10 . 2010-10-18 15:10 -------- d-----w- c:\users\Ivana\AppData\Local\ElevatedDiagnostics
2010-10-18 14:58 . 2010-10-18 14:58 -------- d-----w- c:\program files\MSECache
2010-10-18 14:49 . 2010-10-18 14:49 -------- d-----w- c:\program files\Common Files\Java
2010-10-18 14:49 . 2010-10-18 14:49 472808 ------w- c:\windows\system32\deployJava1.dll
2010-10-18 14:49 . 2010-10-18 14:49 -------- d-----w- c:\program files\Java
2010-10-18 14:42 . 2010-10-18 14:42 -------- d-----w- c:\users\Ivana\AppData\Local\Adobe
2010-10-18 14:37 . 2010-10-18 14:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-18 14:16 . 2010-09-07 14:52 165584 ------w- c:\windows\system32\drivers\aswSP.sys
2010-10-18 14:16 . 2010-09-07 14:47 23376 ------w- c:\windows\system32\drivers\aswRdr.sys
2010-10-18 14:16 . 2010-09-07 14:47 17744 ------w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-18 14:16 . 2010-09-07 14:52 46672 ------w- c:\windows\system32\drivers\aswTdi.sys
2010-10-18 14:16 . 2010-09-07 14:47 50768 ------w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-18 14:15 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-18 14:15 . 2010-09-07 15:11 167592 ------w- c:\windows\system32\aswBoot.exe
2010-10-18 14:15 . 2010-10-18 14:24 -------- d-----w- c:\program files\Avast5
2010-10-18 14:15 . 2010-10-18 14:15 -------- d-----w- c:\programdata\Alwil Software
2010-10-18 13:13 . 2010-10-18 13:13 -------- d-----w- c:\users\Ivana\AppData\Local\Mozilla
2010-10-18 13:03 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-18 13:03 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-18 13:03 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-18 13:03 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-18 13:03 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-18 13:00 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-18 12:58 . 2010-10-18 12:58 -------- d-----w- c:\program files\MSXML 4.0
2010-10-18 12:55 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-18 12:55 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-18 12:55 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-18 12:55 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-18 12:55 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-18 12:55 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-14 15:38 . 2010-10-18 17:24 -------- d-----w- c:\users\Ivana\AppData\Roaming\SPORE Creature Creator
2010-10-08 13:09 . 2010-10-08 13:09 -------- d-----w- c:\program files\Electronic Arts
2010-10-05 11:21 . 2010-10-05 11:21 -------- d-----w- c:\users\Ivana\AppData\Roaming\dvdcss
2010-10-01 11:13 . 2010-10-01 11:13 -------- d-----w- c:\programdata\Úžasná tajemství mistra Leonarda
2010-09-30 10:54 . 2010-10-18 13:35 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-09-30 10:39 . 2010-10-18 13:25 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 13:19 . 2003-03-19 04:14 505128 ------w- c:\windows\system32\msvcp71.dll
2010-10-19 16:35 . 2003-02-21 12:42 353576 ------w- c:\windows\system32\msvcr71.dll
2010-10-19 09:41 . 2010-08-19 11:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 13:58 . 2010-09-14 13:19 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-10-13 13:57 . 2010-09-14 13:19 484160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-21 05:36 . 2010-10-18 12:57 224256 ----a-w- c:\windows\system32\schannel.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-28 256056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 166936]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-29 495708]
"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-11-13 1277952]
"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-11-03 110880]
"Nuance PDF Reader-reminder"="c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"avast5"="c:\program files\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-03-13 75048]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 795936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2009-05-05 14:06 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-24 1343400]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/20 15:21];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-28 265272]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-11-03 134944]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-29 997408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://www.bing.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\vqqnwr0a.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Nuance\PDF Professional 6\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Reader\bin\nppdf.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'Explorer.exe'(5020)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe
c:\program files\Avast5\AvastSvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Celkový čas: 2010-10-24 19:23:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-24 17:23
ComboFix2.txt 2010-10-24 11:56
Před spuštěním: Volných bajtů: 436 244 574 208
Po spuštění: Volných bajtů: 436 144 484 352
- - End Of File - - 147FF747FD769DC6DCEC22B0CB532E51
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Mám podezření na vir?
Zmizely ty soubory,
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
vaclavka83
- Návštěvník
- Příspěvky: 238
- Registrován: 14 čer 2010 13:52
Re: Mám podezření na vir?
Pořád tam jsou.
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Mám podezření na vir?
Poslední možnost. Vyzkoušejte Killbox: http://www.viry.cz/forum/viewtopic.php?f=15&t=43207 . Vložte cestu k souboru do okénka, zaškrtněte "Delete on reboot" a klikněte na bílý křížek v kruhu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
vaclavka83
- Návštěvník
- Příspěvky: 238
- Registrován: 14 čer 2010 13:52
Re: Mám podezření na vir?
Tak jsem zkusil ten killbox. Napsalo mi to: File will be removed on reboot, do you want to reboot now? Potvrdil jsem YES. A pak na mě vyskočilo další okno: Pending File Rename Operations Registry Data has been Removed by External Process! Soubory tam stále mám.
Přispějete na provoz fóra?