Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
LOG z ComboFix - kontrola
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
LOG z ComboFix - kontrola
Mám tady log z ComboFix. Prosím poradit co dál
- Přílohy
-
- log.zip
- (6.96 KiB) Staženo 14 x
Re: LOG z ComboFix - kontrola
Zdravim a pekny den preji 
Byl CF aplikovan na doporuceni radce, znate podminky pouziti a umite s CF zachatet - prectete si vystrahy nize
Nebezpeci CFka
Vlozte log sem, pripadne jej rozdelte do vice prispevku
Byl CF aplikovan na doporuceni radce, znate podminky pouziti a umite s CF zachatet - prectete si vystrahy nize Nebezpeci CFka
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
Vlozte log sem, pripadne jej rozdelte do vice prispevku"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: LOG z ComboFix - kontrola
log je v předchozím příspěvku v příloze
Re: LOG z ComboFix - kontrola
Vlozte jej sem na forum - slouzi i kolegum ke studijnim ucelum...A poprosim o vyjadreni k prvnimu bodu co jsem psal...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: LOG z ComboFix - kontrola
O CF sem si přečetl zde na fóru, podmínky - vím o co jde....
log:
ComboFix 10-11-11.01 - culek 11.11.2010 21:18:05.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2603 [GMT 1:00]
Spuštěný z: c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\NetSoftware\IEHelper.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-11 do 2010-11-11 )))))))))))))))))))))))))))))))
.
2010-11-27 09:52 . 2010-11-04 14:43 -------- d-----w- c:\program files\Kalendar
2010-11-11 17:11 . 2010-11-11 17:11 -------- d-----w- c:\windows\LastGood
2010-11-08 16:27 . 2010-11-08 16:35 -------- d-----w- c:\program files\Tunatic
2010-11-05 20:51 . 2010-11-05 20:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\OrbNetworks
2010-11-05 20:51 . 2010-11-11 18:52 -------- d-----w- c:\program files\Winamp Remote
2010-11-04 15:09 . 2010-11-04 15:09 -------- d-----w- c:\program files\iWEB Studio
2010-11-04 15:09 . 2010-11-04 15:09 796672 ----a-w- c:\windows\GPInstall.exe
2010-11-01 13:40 . 2010-11-01 13:40 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\Finkit
2010-11-01 13:40 . 2010-11-01 13:40 -------- d-----w- c:\program files\ManicTime
2010-10-28 16:32 . 2010-11-05 19:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\TrackMania
2010-10-27 13:30 . 2010-10-27 13:34 -------- d-----w- c:\program files\AutoCAD 2008
2010-10-27 13:30 . 2010-10-27 13:30 180224 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 409600 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
2010-10-27 13:30 . 2010-10-27 13:30 32768 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 262144 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 172032 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 761856 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
2010-10-27 13:30 . 2010-10-27 13:30 540772 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
2010-10-25 19:14 . 2010-11-09 14:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NetSoftware
2010-10-25 19:14 . 2010-11-11 20:20 -------- d-----w- c:\program files\NetSoftware
2010-10-25 16:25 . 2010-10-25 16:25 1024 ----a-w- c:\windows\system32\grcauth2.dll
2010-10-25 16:25 . 2010-10-25 16:25 1024 ----a-w- c:\windows\system32\grcauth1.dll
2010-10-25 12:13 . 2010-10-25 12:48 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Desktop Sidebar
2010-10-24 19:32 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-10-24 19:31 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\system32\vorbis.acm
2010-10-24 19:31 . 2010-10-26 14:15 -------- d-----w- c:\program files\Image-Line
2010-10-24 19:31 . 2010-10-24 19:31 -------- d-----w- c:\program files\Outsim
2010-10-22 18:20 . 2010-10-22 18:20 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\Speedchecker
2010-10-22 18:19 . 2010-10-22 18:27 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\QuickStores
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\OpenCandy
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\OpenCandy
2010-10-22 14:50 . 2009-11-15 17:24 57808 ----a-w- c:\windows\system32\drivers\fortknoxfw.sys
2010-10-22 14:50 . 2009-09-17 06:57 23120 ----a-w- c:\windows\system32\drivers\fortknoxfw_ndisim.sys
2010-10-22 14:50 . 2010-10-22 14:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NETGATE
2010-10-22 14:50 . 2010-10-22 14:50 -------- d-----w- c:\program files\NETGATE
2010-10-21 12:35 . 2010-10-21 12:35 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\FUEL
2010-10-21 12:27 . 2010-10-21 12:27 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 19:53 . 2010-06-25 16:48 233960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-11 19:53 . 2010-06-25 16:48 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-11 19:06 . 2010-06-25 16:48 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 06:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 06:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-10-25 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:52 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:52 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:52 . 2008-04-14 06:37 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 05:45 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 06:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 06:52 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 22:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-25 11:12 . 2010-08-25 11:12 4284535 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\ffdshow.exe
2010-08-25 11:12 . 2010-08-25 11:11 5243208 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\AvsP.exe
2010-08-25 11:11 . 2010-08-25 11:11 642685 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\xvid.exe
2010-08-25 11:11 . 2010-08-25 11:11 2040451 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Imgburn.exe
2010-08-25 11:11 . 2010-08-25 11:10 4182178 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Avisynth.exe
2010-08-23 16:12 . 2008-04-14 06:51 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-18 16:52 . 2010-08-18 16:52 1409 ----a-w- c:\windows\system32\tmp5F052.FOT
2010-08-18 16:52 . 2010-08-18 16:52 1409 ----a-w- c:\windows\system32\tmp5E052.FOT
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-04 08:14 1168216 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\advcheck.dll
2009-01-26 13:31 5365592 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\BKIKCYCTLYC.scr
2009-01-26 13:31 2144088 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\BLBNCGBTZMITGKY.scr
2009-01-26 13:31 1740632 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 13:31 5365592 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\SpybotSD.exe
2009-03-05 14:07 2260480 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2009-03-05 14:07 2260480 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\VOLMJSOSHCRSTYT.scr
2009-01-26 13:31 1740632 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\YBDKFAESQJCSBHJ.scr
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632]
"ManicTime"="c:\program files\ManicTime\ManicTime.exe" [2010-10-12 582984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="d:\zaloha\SWiFT\Program Files\iTunesHelper.exe" [2010-03-25 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"PWRISOVM.EXE"="d:\zaloha\Programy\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2010-05-26 147456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"FortKnoxPersonalFirewall"="c:\program files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe" [2010-10-18 1788568]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-10-25 139264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2010-8-21 1183744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{045882A1-F260-11D6-A629-00A0B0980AA1}"= "c:\progra~1\CNSoft\CLIENT~1\HDOCExt.dll" [2008-06-26 427008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlob32]
2010-08-13 13:48 81920 ----a-w- c:\windows\system32\winlob32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\zaloha\\SWiFT\\Program Files\\iTunes.exe"=
"d:\\zaloha\\Programy\\hry\\cod4\\iw3mp.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\zaloha\\Programy\\hry\\FUEL\\FUEL.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 19:45 20616]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.4.2010 20:01 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 15:52 33800]
R1 fortknox_drv;fortknox_drv;c:\windows\system32\drivers\fortknoxfw.sys [22.10.2010 15:50 57808]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.1.2009 19:31 277544]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [13.3.2008 15:49 472320]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 16:09 1253376]
R2 fortknox;FortKnox Personal Firewall;c:\program files\NETGATE\FortKnox Personal Firewall\FortKnox.exe [22.10.2010 15:50 514712]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
R2 ServiceCONSC;C-ON Client Service Pro;c:\program files\CNSoft\Client_Bin\ACONSC.exe [27.8.2010 9:50 995840]
R3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\drivers\fortknoxfw_ndisim.sys [22.10.2010 15:50 23120]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [15.6.2010 17:45 7424]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.4.2010 15:00 1684736]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 10:10 3276800]
S3 GrooveInstallerService;Groove Installer Service;c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe --> c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-11 c:\windows\Tasks\mirror.job
- c:\windows\tools\mirror.bat [2010-04-18 14:56]
2010-11-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
LSP: c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
Name-Space Handler: http\HDOC - {045882A1-F260-11D6-A629-00A0B0980AA1} - c:\progra~1\CNSoft\CLIENT~1\HDOCExt.dll
FF - ProfilePath - c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Mozilla\Firefox\Profiles\rtfgo64k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: d:\zaloha\SWiFT\Program Files\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-La_View Mouse - c:\progra~1\HAMAS1~1\S1_2k.exe
MSConfigStartUp-WinampAgent - d:\zaloha\Programy\Winamp\winampa.exe
AddRemove-{52D1D62C-FEAB-4580-849E-1DB624BADBBD} - c:\program files\InstallShield Installation Information\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 21:20
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1078081533-842925246-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e1,dc,fe,25,ba,f2,bb,40,e5,cb,6f,93,4e,38,11,33,83,fc,a3,ec,38,57,96,
d0,9f,26,8b,8c,90,1f,37,2e,b1,22,50,a1,01,7f,7d,d8,79,ce,eb,f4,6b,79,d2,2c,\
"??"=hex:2a,94,f6,a1,17,83,46,94,d8,b3,9e,12,08,61,17,64
[HKEY_USERS\S-1-5-21-1078081533-842925246-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:8d,31,04,64,54,60,c6,a2,64,06,f8,9e,b9,49,04,3a,94,6e,17,fe,fe,
42,3f,31,0c,e7,42,bf,dc,49,e8,a7,b2,34,6f,84,40,33,1c,44,a5,4b,9f,81,13,cf,\
"rkeysecu"=hex:c3,ef,57,89,1f,88,bd,fe,09,2e,de,a0,55,f3,d6,2b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\winlob32.dll
- - - - - - - > 'lsass.exe'(1396)
c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
.
Celkový čas: 2010-11-11 21:21:53
ComboFix-quarantined-files.txt 2010-11-11 20:21
Před spuštěním: 6 610 407 424
Po spuštění: 6 599 532 544
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - D65A74656068B926246E32F4527D0BF3
log:
ComboFix 10-11-11.01 - culek 11.11.2010 21:18:05.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2603 [GMT 1:00]
Spuštěný z: c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\NetSoftware\IEHelper.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-11 do 2010-11-11 )))))))))))))))))))))))))))))))
.
2010-11-27 09:52 . 2010-11-04 14:43 -------- d-----w- c:\program files\Kalendar
2010-11-11 17:11 . 2010-11-11 17:11 -------- d-----w- c:\windows\LastGood
2010-11-08 16:27 . 2010-11-08 16:35 -------- d-----w- c:\program files\Tunatic
2010-11-05 20:51 . 2010-11-05 20:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\OrbNetworks
2010-11-05 20:51 . 2010-11-11 18:52 -------- d-----w- c:\program files\Winamp Remote
2010-11-04 15:09 . 2010-11-04 15:09 -------- d-----w- c:\program files\iWEB Studio
2010-11-04 15:09 . 2010-11-04 15:09 796672 ----a-w- c:\windows\GPInstall.exe
2010-11-01 13:40 . 2010-11-01 13:40 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\Finkit
2010-11-01 13:40 . 2010-11-01 13:40 -------- d-----w- c:\program files\ManicTime
2010-10-28 16:32 . 2010-11-05 19:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\TrackMania
2010-10-27 13:30 . 2010-10-27 13:34 -------- d-----w- c:\program files\AutoCAD 2008
2010-10-27 13:30 . 2010-10-27 13:30 180224 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 409600 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
2010-10-27 13:30 . 2010-10-27 13:30 32768 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 262144 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 172032 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 761856 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
2010-10-27 13:30 . 2010-10-27 13:30 540772 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
2010-10-25 19:14 . 2010-11-09 14:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NetSoftware
2010-10-25 19:14 . 2010-11-11 20:20 -------- d-----w- c:\program files\NetSoftware
2010-10-25 16:25 . 2010-10-25 16:25 1024 ----a-w- c:\windows\system32\grcauth2.dll
2010-10-25 16:25 . 2010-10-25 16:25 1024 ----a-w- c:\windows\system32\grcauth1.dll
2010-10-25 12:13 . 2010-10-25 12:48 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Desktop Sidebar
2010-10-24 19:32 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-10-24 19:31 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\system32\vorbis.acm
2010-10-24 19:31 . 2010-10-26 14:15 -------- d-----w- c:\program files\Image-Line
2010-10-24 19:31 . 2010-10-24 19:31 -------- d-----w- c:\program files\Outsim
2010-10-22 18:20 . 2010-10-22 18:20 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\Speedchecker
2010-10-22 18:19 . 2010-10-22 18:27 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\QuickStores
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\OpenCandy
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\OpenCandy
2010-10-22 14:50 . 2009-11-15 17:24 57808 ----a-w- c:\windows\system32\drivers\fortknoxfw.sys
2010-10-22 14:50 . 2009-09-17 06:57 23120 ----a-w- c:\windows\system32\drivers\fortknoxfw_ndisim.sys
2010-10-22 14:50 . 2010-10-22 14:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NETGATE
2010-10-22 14:50 . 2010-10-22 14:50 -------- d-----w- c:\program files\NETGATE
2010-10-21 12:35 . 2010-10-21 12:35 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\FUEL
2010-10-21 12:27 . 2010-10-21 12:27 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 19:53 . 2010-06-25 16:48 233960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-11 19:53 . 2010-06-25 16:48 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-11 19:06 . 2010-06-25 16:48 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 06:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 06:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-10-25 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:52 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:52 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:52 . 2008-04-14 06:37 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 05:45 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 06:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 06:52 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 22:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-25 11:12 . 2010-08-25 11:12 4284535 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\ffdshow.exe
2010-08-25 11:12 . 2010-08-25 11:11 5243208 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\AvsP.exe
2010-08-25 11:11 . 2010-08-25 11:11 642685 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\xvid.exe
2010-08-25 11:11 . 2010-08-25 11:11 2040451 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Imgburn.exe
2010-08-25 11:11 . 2010-08-25 11:10 4182178 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Avisynth.exe
2010-08-23 16:12 . 2008-04-14 06:51 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-18 16:52 . 2010-08-18 16:52 1409 ----a-w- c:\windows\system32\tmp5F052.FOT
2010-08-18 16:52 . 2010-08-18 16:52 1409 ----a-w- c:\windows\system32\tmp5E052.FOT
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-04 08:14 1168216 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\advcheck.dll
2009-01-26 13:31 5365592 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\BKIKCYCTLYC.scr
2009-01-26 13:31 2144088 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\BLBNCGBTZMITGKY.scr
2009-01-26 13:31 1740632 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 13:31 5365592 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\SpybotSD.exe
2009-03-05 14:07 2260480 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2009-03-05 14:07 2260480 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\VOLMJSOSHCRSTYT.scr
2009-01-26 13:31 1740632 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\YBDKFAESQJCSBHJ.scr
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- c:\program files\Stylish Profile\enlbrdr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-07-10 15:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632]
"ManicTime"="c:\program files\ManicTime\ManicTime.exe" [2010-10-12 582984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="d:\zaloha\SWiFT\Program Files\iTunesHelper.exe" [2010-03-25 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"PWRISOVM.EXE"="d:\zaloha\Programy\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2010-05-26 147456]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"FortKnoxPersonalFirewall"="c:\program files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe" [2010-10-18 1788568]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-10-25 139264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2010-8-21 1183744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{045882A1-F260-11D6-A629-00A0B0980AA1}"= "c:\progra~1\CNSoft\CLIENT~1\HDOCExt.dll" [2008-06-26 427008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlob32]
2010-08-13 13:48 81920 ----a-w- c:\windows\system32\winlob32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\zaloha\\SWiFT\\Program Files\\iTunes.exe"=
"d:\\zaloha\\Programy\\hry\\cod4\\iw3mp.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\zaloha\\Programy\\hry\\FUEL\\FUEL.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 19:45 20616]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.4.2010 20:01 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 15:52 33800]
R1 fortknox_drv;fortknox_drv;c:\windows\system32\drivers\fortknoxfw.sys [22.10.2010 15:50 57808]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.1.2009 19:31 277544]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [13.3.2008 15:49 472320]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 16:09 1253376]
R2 fortknox;FortKnox Personal Firewall;c:\program files\NETGATE\FortKnox Personal Firewall\FortKnox.exe [22.10.2010 15:50 514712]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
R2 ServiceCONSC;C-ON Client Service Pro;c:\program files\CNSoft\Client_Bin\ACONSC.exe [27.8.2010 9:50 995840]
R3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\drivers\fortknoxfw_ndisim.sys [22.10.2010 15:50 23120]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [15.6.2010 17:45 7424]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.4.2010 15:00 1684736]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 10:10 3276800]
S3 GrooveInstallerService;Groove Installer Service;c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe --> c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-11 c:\windows\Tasks\mirror.job
- c:\windows\tools\mirror.bat [2010-04-18 14:56]
2010-11-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-07-10 15:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search13.net/
uDefault_Search_URL = hxxp://search13.net/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
LSP: c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
Name-Space Handler: http\HDOC - {045882A1-F260-11D6-A629-00A0B0980AA1} - c:\progra~1\CNSoft\CLIENT~1\HDOCExt.dll
FF - ProfilePath - c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Mozilla\Firefox\Profiles\rtfgo64k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q=
FF - plugin: d:\zaloha\SWiFT\Program Files\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-La_View Mouse - c:\progra~1\HAMAS1~1\S1_2k.exe
MSConfigStartUp-WinampAgent - d:\zaloha\Programy\Winamp\winampa.exe
AddRemove-{52D1D62C-FEAB-4580-849E-1DB624BADBBD} - c:\program files\InstallShield Installation Information\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 21:20
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1078081533-842925246-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e1,dc,fe,25,ba,f2,bb,40,e5,cb,6f,93,4e,38,11,33,83,fc,a3,ec,38,57,96,
d0,9f,26,8b,8c,90,1f,37,2e,b1,22,50,a1,01,7f,7d,d8,79,ce,eb,f4,6b,79,d2,2c,\
"??"=hex:2a,94,f6,a1,17,83,46,94,d8,b3,9e,12,08,61,17,64
[HKEY_USERS\S-1-5-21-1078081533-842925246-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:8d,31,04,64,54,60,c6,a2,64,06,f8,9e,b9,49,04,3a,94,6e,17,fe,fe,
42,3f,31,0c,e7,42,bf,dc,49,e8,a7,b2,34,6f,84,40,33,1c,44,a5,4b,9f,81,13,cf,\
"rkeysecu"=hex:c3,ef,57,89,1f,88,bd,fe,09,2e,de,a0,55,f3,d6,2b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\winlob32.dll
- - - - - - - > 'lsass.exe'(1396)
c:\program files\IObit\Advanced SystemCare 3\SPICtrl.dll
.
Celkový čas: 2010-11-11 21:21:53
ComboFix-quarantined-files.txt 2010-11-11 20:21
Před spuštěním: 6 610 407 424
Po spuštění: 6 599 532 544
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - D65A74656068B926246E32F4527D0BF3
Re: LOG z ComboFix - kontrola
Odinstalujte Advanced SystemCare 3 a nasledne vse od IObit - jedna se o cinsky smejd, databazi haveti ukradli spolecnosti co dela MBAM a navic byva velmi casto oznacovan jako spyware Tohle c:\windows\tools\mirror.bat vite co je 
Pripadne mi soubor zabalte a uploadnete na LP http://leteckaposta.cz/ Ale CF se ma pouzivat jen na doporuceni radce, jeho svevolnym pouzitim ztracite narok na podporu Vite o co jde, ale aplikovat jej neumite
- Spuštěný z: c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\ComboFix.exe
- CF ma byt ulozeno na plose
Stahnete Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Folder:: c:\program files\Stylish Profile c:\program files\Ask.com Collect:: c:\windows\system32\winlob32.dll c:\windows\Tasks\Scheduled Update for Ask Toolbar.job Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- "RocketDock"=- "Advanced SystemCare 3"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PCSuiteTrayApplication"=- "QuickTime Task"=- "iTunesHelper"=- "HP Software Update"=- "PWRISOVM.EXE"=- "Adobe Reader Speed Launcher"=- "Adobe ARM"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlob32] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 DDS:: uStart Page = hxxp://search13.net/ uDefault_Search_URL = hxxp://search13.net/ uSearchAssistant = hxxp://search13.net/ uCustomizeSearch = hxxp://search13.net/ IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm Firefox:: FF - ProfilePath - c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Mozilla\Firefox\Profiles\rtfgo64k.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q= FF - prefs.js: keyword.URL - hxxp://search13.net/search.php?clid=486&q= RegLock:: [HKEY_USERS\S-1-5-21-1078081533-842925246-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] [HKEY_USERS\S-1-5-21-1078081533-842925246-725345543-1003\Software\SecuROM\License information*]- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: LOG z ComboFix - kontrola
c:\windows\tools\mirror.bat => http://leteckaposta.cz/308771921
LOG:
ComboFix 10-11-11.01 - culek 12.11.2010 14:16:24.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2450 [GMT 1:00]
Spuštěný z: c:\documents and settings\culek.184527-CUL3K420\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\culek.184527-CUL3K420\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
file zipped: c:\windows\system32\winlob32.dll
file zipped: c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winlob32.dll
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-12 do 2010-11-12 )))))))))))))))))))))))))))))))
.
2010-11-27 09:52 . 2010-11-04 14:43 -------- d-----w- c:\program files\Kalendar
2010-11-08 16:27 . 2010-11-08 16:35 -------- d-----w- c:\program files\Tunatic
2010-11-05 20:51 . 2010-11-05 20:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\OrbNetworks
2010-11-05 20:51 . 2010-11-11 18:52 -------- d-----w- c:\program files\Winamp Remote
2010-11-04 15:09 . 2010-11-04 15:09 -------- d-----w- c:\program files\iWEB Studio
2010-11-04 15:09 . 2010-11-04 15:09 796672 ----a-w- c:\windows\GPInstall.exe
2010-11-01 13:40 . 2010-11-01 13:40 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\Finkit
2010-11-01 13:40 . 2010-11-01 13:40 -------- d-----w- c:\program files\ManicTime
2010-10-28 16:32 . 2010-11-05 19:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\TrackMania
2010-10-27 13:30 . 2010-10-27 13:34 -------- d-----w- c:\program files\AutoCAD 2008
2010-10-27 13:30 . 2010-10-27 13:30 180224 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 409600 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
2010-10-27 13:30 . 2010-10-27 13:30 32768 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 262144 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 172032 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 761856 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
2010-10-27 13:30 . 2010-10-27 13:30 540772 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
2010-10-25 19:14 . 2010-11-09 14:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NetSoftware
2010-10-25 19:14 . 2010-11-12 13:22 -------- d-----w- c:\program files\NetSoftware
2010-10-25 16:25 . 2010-10-25 16:25 1024 ----a-w- c:\windows\system32\grcauth2.dll
2010-10-25 16:25 . 2010-10-25 16:25 1024 ----a-w- c:\windows\system32\grcauth1.dll
2010-10-25 12:13 . 2010-10-25 12:48 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Desktop Sidebar
2010-10-24 19:32 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-10-24 19:31 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\system32\vorbis.acm
2010-10-24 19:31 . 2010-10-26 14:15 -------- d-----w- c:\program files\Image-Line
2010-10-24 19:31 . 2010-10-24 19:31 -------- d-----w- c:\program files\Outsim
2010-10-22 18:20 . 2010-10-22 18:20 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\Speedchecker
2010-10-22 18:19 . 2010-10-22 18:27 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\QuickStores
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\OpenCandy
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\OpenCandy
2010-10-22 14:50 . 2009-11-15 17:24 57808 ----a-w- c:\windows\system32\drivers\fortknoxfw.sys
2010-10-22 14:50 . 2009-09-17 06:57 23120 ----a-w- c:\windows\system32\drivers\fortknoxfw_ndisim.sys
2010-10-22 14:50 . 2010-10-22 14:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NETGATE
2010-10-22 14:50 . 2010-10-22 14:50 -------- d-----w- c:\program files\NETGATE
2010-10-21 12:35 . 2010-10-21 12:35 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\FUEL
2010-10-21 12:27 . 2010-10-21 12:27 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 19:53 . 2010-06-25 16:48 233960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-11 19:53 . 2010-06-25 16:48 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-11 19:06 . 2010-06-25 16:48 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 06:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 06:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-10-25 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:52 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:52 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:52 . 2008-04-14 06:37 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 05:45 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 06:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 06:52 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 22:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-25 11:12 . 2010-08-25 11:12 4284535 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\ffdshow.exe
2010-08-25 11:12 . 2010-08-25 11:11 5243208 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\AvsP.exe
2010-08-25 11:11 . 2010-08-25 11:11 642685 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\xvid.exe
2010-08-25 11:11 . 2010-08-25 11:11 2040451 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Imgburn.exe
2010-08-25 11:11 . 2010-08-25 11:10 4182178 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Avisynth.exe
2010-08-23 16:12 . 2008-04-14 06:51 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-18 16:52 . 2010-08-18 16:52 1409 ----a-w- c:\windows\system32\tmp5F052.FOT
2010-08-18 16:52 . 2010-08-18 16:52 1409 ----a-w- c:\windows\system32\tmp5E052.FOT
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-04 08:14 1168216 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\advcheck.dll
2009-01-26 13:31 5365592 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\BKIKCYCTLYC.scr
2009-01-26 13:31 2144088 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\BLBNCGBTZMITGKY.scr
2009-01-26 13:31 1740632 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 13:31 5365592 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\SpybotSD.exe
2009-03-05 14:07 2260480 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2009-03-05 14:07 2260480 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\VOLMJSOSHCRSTYT.scr
2009-01-26 13:31 1740632 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\YBDKFAESQJCSBHJ.scr
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManicTime"="c:\program files\ManicTime\ManicTime.exe" [2010-10-12 582984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2010-05-26 147456]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"FortKnoxPersonalFirewall"="c:\program files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe" [2010-10-18 1788568]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-10-25 139264]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2010-8-21 1183744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{045882A1-F260-11D6-A629-00A0B0980AA1}"= "c:\progra~1\CNSoft\CLIENT~1\HDOCExt.dll" [2008-06-26 427008]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\zaloha\\SWiFT\\Program Files\\iTunes.exe"=
"d:\\zaloha\\Programy\\hry\\cod4\\iw3mp.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\zaloha\\Programy\\hry\\FUEL\\FUEL.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 19:45 20616]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.4.2010 20:01 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 15:52 33800]
R1 fortknox_drv;fortknox_drv;c:\windows\system32\drivers\fortknoxfw.sys [22.10.2010 15:50 57808]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.1.2009 19:31 277544]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [13.3.2008 15:49 472320]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 16:09 1253376]
R2 fortknox;FortKnox Personal Firewall;c:\program files\NETGATE\FortKnox Personal Firewall\FortKnox.exe [22.10.2010 15:50 514712]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
R2 ServiceCONSC;C-ON Client Service Pro;c:\program files\CNSoft\Client_Bin\ACONSC.exe [27.8.2010 9:50 995840]
R3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\drivers\fortknoxfw_ndisim.sys [22.10.2010 15:50 23120]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [15.6.2010 17:45 7424]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.4.2010 15:00 1684736]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 10:10 3276800]
S3 GrooveInstallerService;Groove Installer Service;c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe --> c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-11 c:\windows\Tasks\mirror.job
- c:\windows\tools\mirror.bat [2010-04-18 14:56]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
Name-Space Handler: http\HDOC - {045882A1-F260-11D6-A629-00A0B0980AA1} - c:\progra~1\CNSoft\CLIENT~1\HDOCExt.dll
FF - ProfilePath - c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Mozilla\Firefox\Profiles\rtfgo64k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 14:22
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1078081533-842925246-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e1,dc,fe,25,ba,f2,bb,40,e5,cb,6f,93,4e,38,11,33,83,fc,a3,ec,38,57,96,
d0,9f,26,8b,8c,90,1f,37,2e,b1,22,50,a1,01,7f,7d,d8,79,ce,eb,f4,6b,79,d2,2c,\
"??"=hex:2a,94,f6,a1,17,83,46,94,d8,b3,9e,12,08,61,17,64
[HKEY_USERS\S-1-5-21-1078081533-842925246-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:8d,31,04,64,54,60,c6,a2,64,06,f8,9e,b9,49,04,3a,94,6e,17,fe,fe,
42,3f,31,0c,e7,42,bf,dc,49,e8,a7,b2,34,6f,84,40,33,1c,44,a5,4b,9f,81,13,cf,\
"rkeysecu"=hex:c3,ef,57,89,1f,88,bd,fe,09,2e,de,a0,55,f3,d6,2b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(2140)
c:\program files\NETGATE\FortKnox Personal Firewall\protect.dll
c:\advanc~1\wh_hook.dll
c:\program files\CNSoft\Client_Bin\EyeHook.DLL
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\corel\Graphics8\programs\CMFFld80.dll
c:\progra~1\CNSoft\CLIENT~1\HDOCExt.dll
d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\PCSCM.dll
d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CNSoft\Client_Bin\ConClient.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Celkový čas: 2010-11-12 14:25:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-12 13:25
ComboFix2.txt 2010-11-11 20:21
Před spuštěním: 6 679 158 784
Po spuštění: 6 669 881 344
- - End Of File - - 095891116BC047C37B7F5544B9725EF2
Nahr nˇ probŘhlo ŁspŘçnŘ
LOG:
ComboFix 10-11-11.01 - culek 12.11.2010 14:16:24.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2450 [GMT 1:00]
Spuštěný z: c:\documents and settings\culek.184527-CUL3K420\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\culek.184527-CUL3K420\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
file zipped: c:\windows\system32\winlob32.dll
file zipped: c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winlob32.dll
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-12 do 2010-11-12 )))))))))))))))))))))))))))))))
.
2010-11-27 09:52 . 2010-11-04 14:43 -------- d-----w- c:\program files\Kalendar
2010-11-08 16:27 . 2010-11-08 16:35 -------- d-----w- c:\program files\Tunatic
2010-11-05 20:51 . 2010-11-05 20:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\OrbNetworks
2010-11-05 20:51 . 2010-11-11 18:52 -------- d-----w- c:\program files\Winamp Remote
2010-11-04 15:09 . 2010-11-04 15:09 -------- d-----w- c:\program files\iWEB Studio
2010-11-04 15:09 . 2010-11-04 15:09 796672 ----a-w- c:\windows\GPInstall.exe
2010-11-01 13:40 . 2010-11-01 13:40 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\Finkit
2010-11-01 13:40 . 2010-11-01 13:40 -------- d-----w- c:\program files\ManicTime
2010-10-28 16:32 . 2010-11-05 19:48 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\TrackMania
2010-10-27 13:30 . 2010-10-27 13:34 -------- d-----w- c:\program files\AutoCAD 2008
2010-10-27 13:30 . 2010-10-27 13:30 180224 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 409600 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
2010-10-27 13:30 . 2010-10-27 13:30 32768 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 262144 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 172032 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
2010-10-27 13:30 . 2010-10-27 13:30 761856 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
2010-10-27 13:30 . 2010-10-27 13:30 540772 ----a-w- c:\program files\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
2010-10-25 19:14 . 2010-11-09 14:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NetSoftware
2010-10-25 19:14 . 2010-11-12 13:22 -------- d-----w- c:\program files\NetSoftware
2010-10-25 16:25 . 2010-10-25 16:25 1024 ----a-w- c:\windows\system32\grcauth2.dll
2010-10-25 16:25 . 2010-10-25 16:25 1024 ----a-w- c:\windows\system32\grcauth1.dll
2010-10-25 12:13 . 2010-10-25 12:48 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Desktop Sidebar
2010-10-24 19:32 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-10-24 19:31 . 2002-07-07 22:14 1294336 ----a-w- c:\windows\system32\vorbis.acm
2010-10-24 19:31 . 2010-10-26 14:15 -------- d-----w- c:\program files\Image-Line
2010-10-24 19:31 . 2010-10-24 19:31 -------- d-----w- c:\program files\Outsim
2010-10-22 18:20 . 2010-10-22 18:20 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\Speedchecker
2010-10-22 18:19 . 2010-10-22 18:27 -------- d-----w- c:\program files\Zrychleni Pocitace
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\QuickStores
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Local Settings\Data aplikací\OpenCandy
2010-10-22 18:19 . 2010-10-22 18:19 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\OpenCandy
2010-10-22 14:50 . 2009-11-15 17:24 57808 ----a-w- c:\windows\system32\drivers\fortknoxfw.sys
2010-10-22 14:50 . 2009-09-17 06:57 23120 ----a-w- c:\windows\system32\drivers\fortknoxfw_ndisim.sys
2010-10-22 14:50 . 2010-10-22 14:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\NETGATE
2010-10-22 14:50 . 2010-10-22 14:50 -------- d-----w- c:\program files\NETGATE
2010-10-21 12:35 . 2010-10-21 12:35 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\FUEL
2010-10-21 12:27 . 2010-10-21 12:27 -------- d-----w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\InstallShield Installation Information
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-11 19:53 . 2010-06-25 16:48 233960 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-11 19:53 . 2010-06-25 16:48 233960 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-11 19:06 . 2010-06-25 16:48 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 06:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 06:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-10-25 11:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:52 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:52 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 11:52 . 2008-04-14 06:37 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 05:45 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 06:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 06:52 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 22:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-25 11:12 . 2010-08-25 11:12 4284535 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\ffdshow.exe
2010-08-25 11:12 . 2010-08-25 11:11 5243208 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\AvsP.exe
2010-08-25 11:11 . 2010-08-25 11:11 642685 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\xvid.exe
2010-08-25 11:11 . 2010-08-25 11:11 2040451 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Imgburn.exe
2010-08-25 11:11 . 2010-08-25 11:10 4182178 ----a-w- c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Avisynth.exe
2010-08-23 16:12 . 2008-04-14 06:51 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-18 16:52 . 2010-08-18 16:52 1409 ----a-w- c:\windows\system32\tmp5F052.FOT
2010-08-18 16:52 . 2010-08-18 16:52 1409 ----a-w- c:\windows\system32\tmp5E052.FOT
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-04 08:14 1168216 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\advcheck.dll
2009-01-26 13:31 5365592 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\BKIKCYCTLYC.scr
2009-01-26 13:31 2144088 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\BLBNCGBTZMITGKY.scr
2009-01-26 13:31 1740632 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 13:31 5365592 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\SpybotSD.exe
2009-03-05 14:07 2260480 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2009-03-05 14:07 2260480 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\VOLMJSOSHCRSTYT.scr
2009-01-26 13:31 1740632 --sha-r- c:\windows\sdb2\Program Files\Spybot - Search & Destroy\YBDKFAESQJCSBHJ.scr
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManicTime"="c:\program files\ManicTime\ManicTime.exe" [2010-10-12 582984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2010-05-26 147456]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"FortKnoxPersonalFirewall"="c:\program files\NETGATE\FortKnox Personal Firewall\FortKnoxGUI.exe" [2010-10-18 1788568]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2010-10-25 139264]
c:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2010-8-21 1183744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{045882A1-F260-11D6-A629-00A0B0980AA1}"= "c:\progra~1\CNSoft\CLIENT~1\HDOCExt.dll" [2008-06-26 427008]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\zaloha\\SWiFT\\Program Files\\iTunes.exe"=
"d:\\zaloha\\Programy\\hry\\cod4\\iw3mp.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\zaloha\\Programy\\hry\\FUEL\\FUEL.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31.7.2008 19:45 20616]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.4.2010 20:01 691696]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13.3.2008 15:52 33800]
R1 fortknox_drv;fortknox_drv;c:\windows\system32\drivers\fortknoxfw.sys [22.10.2010 15:50 57808]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [19.1.2009 19:31 277544]
R2 ekrn;Eset Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [13.3.2008 15:49 472320]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 16:09 1253376]
R2 fortknox;FortKnox Personal Firewall;c:\program files\NETGATE\FortKnox Personal Firewall\FortKnox.exe [22.10.2010 15:50 514712]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
R2 ServiceCONSC;C-ON Client Service Pro;c:\program files\CNSoft\Client_Bin\ACONSC.exe [27.8.2010 9:50 995840]
R3 Fkndisf;FortKnox Firewall NDIS Filter Service;c:\windows\system32\drivers\fortknoxfw_ndisim.sys [22.10.2010 15:50 23120]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [15.6.2010 17:45 7424]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17.4.2010 15:00 1684736]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 10:10 3276800]
S3 GrooveInstallerService;Groove Installer Service;c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe --> c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe [?]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2.7.2008 13:58 26248]
.
Obsah adresáře 'Naplánované úlohy'
2010-11-11 c:\windows\Tasks\mirror.job
- c:\windows\tools\mirror.bat [2010-04-18 14:56]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search13.net/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
Name-Space Handler: http\HDOC - {045882A1-F260-11D6-A629-00A0B0980AA1} - c:\progra~1\CNSoft\CLIENT~1\HDOCExt.dll
FF - ProfilePath - c:\documents and settings\culek.184527-CUL3K420\Data aplikací\Mozilla\Firefox\Profiles\rtfgo64k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 14:22
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1078081533-842925246-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e1,dc,fe,25,ba,f2,bb,40,e5,cb,6f,93,4e,38,11,33,83,fc,a3,ec,38,57,96,
d0,9f,26,8b,8c,90,1f,37,2e,b1,22,50,a1,01,7f,7d,d8,79,ce,eb,f4,6b,79,d2,2c,\
"??"=hex:2a,94,f6,a1,17,83,46,94,d8,b3,9e,12,08,61,17,64
[HKEY_USERS\S-1-5-21-1078081533-842925246-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:8d,31,04,64,54,60,c6,a2,64,06,f8,9e,b9,49,04,3a,94,6e,17,fe,fe,
42,3f,31,0c,e7,42,bf,dc,49,e8,a7,b2,34,6f,84,40,33,1c,44,a5,4b,9f,81,13,cf,\
"rkeysecu"=hex:c3,ef,57,89,1f,88,bd,fe,09,2e,de,a0,55,f3,d6,2b
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1340)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
- - - - - - - > 'explorer.exe'(2140)
c:\program files\NETGATE\FortKnox Personal Firewall\protect.dll
c:\advanc~1\wh_hook.dll
c:\program files\CNSoft\Client_Bin\EyeHook.DLL
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\corel\Graphics8\programs\CMFFld80.dll
c:\progra~1\CNSoft\CLIENT~1\HDOCExt.dll
d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\PCSCM.dll
d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_cze.nlr
d:\zaloha\SWiFT\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CNSoft\Client_Bin\ConClient.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\program files\NetSoftware\NetSoftware.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Celkový čas: 2010-11-12 14:25:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-12 13:25
ComboFix2.txt 2010-11-11 20:21
Před spuštěním: 6 679 158 784
Po spuštění: 6 669 881 344
- - End Of File - - 095891116BC047C37B7F5544B9725EF2
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: LOG z ComboFix - kontrola
Jak se chova PC
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: LOG z ComboFix - kontrola
Více méně normálně ale při vypínání mi to hodí chybu ohledně knihovny DLL (ConClient.exe)Re: LOG z ComboFix - kontrola
Dejte mi sem prosim screen te hlasky
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: LOG z ComboFix - kontrola
Jak mám udělat screen když se PC vypíná?
Re: LOG z ComboFix - kontrola
Zkuste tu fotku udelat alespon mobilem...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: LOG z ComboFix - kontrola
Tak tady je ten screen
- Přílohy
-
- S63001212.jpg (54.61 KiB) Zobrazeno 472 x
Re: LOG z ComboFix - kontrola
Mate v PC hru Call of Duty Modern Warfare 2 a je legalni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: LOG z ComboFix - kontrola
Mám a není
Přispějete na provoz fóra?