Re: Rozposielaný vír cez skype
Napsal: 12 říj 2010 20:59
Log je v C:\ComboFix.txt
Stránka 2 z 3
Re: Rozposielaný vír cez skype
Napsal: 14 říj 2010 05:49
TAk ako ďalej? prosím Vás. Skúsiť to ešte raz ? alebo ?
Re: Rozposielaný vír cez skype
Napsal: 14 říj 2010 14:12
Napisal som "Log je v C:\ComboFix.txt"
Ak tam nie je, tak script znovu.
Ak tam nie je, tak script znovu.
Re: Rozposielaný vír cez skype
Napsal: 14 říj 2010 17:59
No presne tam nebol, bol v C:\Qoobox tak nwm či je dobrý našiel som dačo takéto :
ComboFix 10-10-11.01 - Golis family . 10. 2010 20:30:48.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1789.1386 [GMT 2:00]
Spuštěný z: c:\documents and settings\Golis family\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Golis family\Data aplikací\facemoods.com
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.crx
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.png
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodssafe.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\uninstall.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\0083D295.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.htmlx
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.css
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\fcmdDef.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\facemoods.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\fb.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\help_16.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\home.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\logo.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\moodsIcon.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\pref.jpg
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\privecy_16_hot.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\stripicons.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\tellafriend.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\Thumbs.db
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\instlgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Loader.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\mtrprt.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\newTabLgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.xul
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\prefman.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\utils.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\chrome.manifest
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\install.rdf
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\vssver.scc
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKin.dll
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00824C52
c:\program files\MyWebSearch\bar\Cache\00825FEA
c:\program files\MyWebSearch\bar\Cache\00826122.bin
c:\program files\MyWebSearch\bar\Cache\008261DE.bin
c:\program files\MyWebSearch\bar\Cache\0082622C.bin
c:\program files\MyWebSearch\bar\Cache\00826374.bin
c:\program files\MyWebSearch\bar\Cache\015855C7.bin
c:\program files\MyWebSearch\bar\Cache\01585A7A.bmp
c:\program files\MyWebSearch\bar\Cache\01585AB9.bin
c:\program files\MyWebSearch\bar\Cache\01585BF1.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\nvsvc32.exe
c:\windows\system32\vbzlib1.dll
c:\windows\system32\winrtsnr.txt
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Nakažená kopie c:\windows\system32\drivers\disk.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.
2010-10-10 19:38 . 2010-10-10 20:38 -------- d-----w- c:\program files\trend micro
2010-10-10 19:38 . 2010-10-10 19:38 -------- d-----w- C:\rsit
2010-10-10 18:51 . 2010-10-10 18:51 182272 ----a-w- c:\windows\Olufya.exe
2010-10-10 18:30 . 2010-10-11 12:00 -------- d-sh--r- c:\documents and settings\Golis family\Data aplikací\C-76947-8457-2745
2010-10-10 18:27 . 2010-10-10 18:33 225282 ----a-w- C:\tsa.exe
2010-10-10 16:53 . 2010-10-10 16:53 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\ESET
2010-09-28 20:43 . 2010-09-28 20:43 -------- d-----w- c:\program files\AccuWeather.com Stratus
2010-09-16 16:54 . 2010-09-16 16:54 -------- d-----w- c:\program files\Common Files\Java
2010-09-15 13:35 . 2010-09-15 13:35 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\Toolbar4
2010-09-15 13:28 . 2010-09-15 13:28 -------- d-----w- c:\program files\FaceSounds Toolbar
2010-09-13 18:22 . 2010-09-13 18:22 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-13 18:20 . 2010-09-13 18:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-13 16:23 . 2010-09-13 16:23 -------- d-----w- c:\documents and settings\Golis family\Local Settings\Data aplikací\2K Games
2010-09-11 20:17 . 2010-09-23 12:22 -------- d-----w- c:\documents and settings\Golis family\Local Settings\Data aplikací\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[-] 2004-08-17 . 3CA180B1D5BD5CC22374B2FB77491EE8 . 1881088 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 3CA180B1D5BD5CC22374B2FB77491EE8 . 1881088 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3873F029-A2F7-42D1-94C1-A35ED1C59096}]
2010-06-11 15:44 2604032 ------w- c:\program files\FaceSounds Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\Softonic-Eng7\tbSof0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\Brothersoft\tbBro1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
"{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}"= "c:\program files\FaceSounds Toolbar\tbcore3.dll" [2010-06-11 2604032]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CLASSES_ROOT\clsid\{8b52078d-b630-4b00-a0ab-54d51cedd9aa}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
"{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}"= "c:\program files\FaceSounds Toolbar\tbcore3.dll" [2010-06-11 2604032]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CLASSES_ROOT\clsid\{8b52078d-b630-4b00-a0ab-54d51cedd9aa}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-01-05 2199552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-08-07 353736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Golis family\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-09-11 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-29 74752]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-01-05 2199552]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Golis family\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AccuWeather.lnk - c:\program files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe [2010-9-28 95232]
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885]
Y'z ToolBar.lnk - c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-9-29 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bywifi\\bywifi.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\nainstalovanehry\\PROTOTYPE\\prototypef.exe"=
"d:\\nainstalovanehry\\BF2\\BF2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\nainstalovanehry\\WOTLK\\World of Warcraft\\Launcher.exe"=
"c:\\Documents and Settings\\Golis family\\Plocha\\P185623111.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [22. 3. 2009 12:25 174600]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [28. 6. 2010 11:36 28552]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 13:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12. 8. 2010 14:16 810144]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13. 4. 2010 23:33 246520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14. 4. 2010 13:44 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 09:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-10-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-14 15:58]
2010-10-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-27 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mystart.incredimail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.Facesounds.com
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://search.Facesounds.com/?q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}\components\Engine.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- NASTAVENÍ FIREFOXU ----
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.dll
BHO-{d0418393-40ee-8c3e-cc8a-9f94198b7ea0} - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll
HKCU-Run-NVIDIA driver monitor - c:\windows\nvsvc32.exe
HKCU-Run-WindowsDriverControl - c:\documents and settings\Golis family\Data aplikací\C-76947-8457-2745\wincdrsvn.exe
HKLM-Run-NVIDIA driver monitor - c:\windows\nvsvc32.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.3.62.1\uninstall.exe
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-343818398-823518204-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'explorer.exe'(2156)
c:\windows\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-10-11 20:39:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-11 18:39
Před spuštěním: Volných bajtů: 11 719 471 104
Po spuštění: Volných bajtů: 11 700 269 056
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 9DFE8D0824DBC80DC4B2CCBB6FA8A511
ComboFix 10-10-11.01 - Golis family . 10. 2010 20:30:48.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1789.1386 [GMT 2:00]
Spuštěný z: c:\documents and settings\Golis family\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Golis family\Data aplikací\facemoods.com
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.crx
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.png
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodssafe.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.3.62.1\uninstall.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\0083D295.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.htmlx
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.css
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\fcmdDef.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\facemoods.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\fb.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\help_16.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\home.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\logo.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\moodsIcon.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\pref.jpg
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\privecy_16_hot.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\stripicons.png
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\tellafriend.gif
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\Thumbs.db
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\instlgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Loader.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\mtrprt.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\newTabLgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.xul
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\prefman.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\utils.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\vssver.scc
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\chrome.manifest
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\install.rdf
c:\program files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\vssver.scc
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKin.dll
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00824C52
c:\program files\MyWebSearch\bar\Cache\00825FEA
c:\program files\MyWebSearch\bar\Cache\00826122.bin
c:\program files\MyWebSearch\bar\Cache\008261DE.bin
c:\program files\MyWebSearch\bar\Cache\0082622C.bin
c:\program files\MyWebSearch\bar\Cache\00826374.bin
c:\program files\MyWebSearch\bar\Cache\015855C7.bin
c:\program files\MyWebSearch\bar\Cache\01585A7A.bmp
c:\program files\MyWebSearch\bar\Cache\01585AB9.bin
c:\program files\MyWebSearch\bar\Cache\01585BF1.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\nvsvc32.exe
c:\windows\system32\vbzlib1.dll
c:\windows\system32\winrtsnr.txt
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Nakažená kopie c:\windows\system32\drivers\disk.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-11 do 2010-10-11 )))))))))))))))))))))))))))))))
.
2010-10-10 19:38 . 2010-10-10 20:38 -------- d-----w- c:\program files\trend micro
2010-10-10 19:38 . 2010-10-10 19:38 -------- d-----w- C:\rsit
2010-10-10 18:51 . 2010-10-10 18:51 182272 ----a-w- c:\windows\Olufya.exe
2010-10-10 18:30 . 2010-10-11 12:00 -------- d-sh--r- c:\documents and settings\Golis family\Data aplikací\C-76947-8457-2745
2010-10-10 18:27 . 2010-10-10 18:33 225282 ----a-w- C:\tsa.exe
2010-10-10 16:53 . 2010-10-10 16:53 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\ESET
2010-09-28 20:43 . 2010-09-28 20:43 -------- d-----w- c:\program files\AccuWeather.com Stratus
2010-09-16 16:54 . 2010-09-16 16:54 -------- d-----w- c:\program files\Common Files\Java
2010-09-15 13:35 . 2010-09-15 13:35 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\Toolbar4
2010-09-15 13:28 . 2010-09-15 13:28 -------- d-----w- c:\program files\FaceSounds Toolbar
2010-09-13 18:22 . 2010-09-13 18:22 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-13 18:20 . 2010-09-13 18:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-13 16:23 . 2010-09-13 16:23 -------- d-----w- c:\documents and settings\Golis family\Local Settings\Data aplikací\2K Games
2010-09-11 20:17 . 2010-09-23 12:22 -------- d-----w- c:\documents and settings\Golis family\Local Settings\Data aplikací\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[-] 2004-08-17 . 3CA180B1D5BD5CC22374B2FB77491EE8 . 1881088 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 3CA180B1D5BD5CC22374B2FB77491EE8 . 1881088 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3873F029-A2F7-42D1-94C1-A35ED1C59096}]
2010-06-11 15:44 2604032 ------w- c:\program files\FaceSounds Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\Softonic-Eng7\tbSof0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\Brothersoft\tbBro1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
"{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}"= "c:\program files\FaceSounds Toolbar\tbcore3.dll" [2010-06-11 2604032]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CLASSES_ROOT\clsid\{8b52078d-b630-4b00-a0ab-54d51cedd9aa}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
"{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}"= "c:\program files\FaceSounds Toolbar\tbcore3.dll" [2010-06-11 2604032]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CLASSES_ROOT\clsid\{8b52078d-b630-4b00-a0ab-54d51cedd9aa}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-01-05 2199552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-08-07 353736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Golis family\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-09-11 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-29 74752]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-01-05 2199552]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Golis family\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AccuWeather.lnk - c:\program files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe [2010-9-28 95232]
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885]
Y'z ToolBar.lnk - c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-9-29 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bywifi\\bywifi.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\nainstalovanehry\\PROTOTYPE\\prototypef.exe"=
"d:\\nainstalovanehry\\BF2\\BF2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\nainstalovanehry\\WOTLK\\World of Warcraft\\Launcher.exe"=
"c:\\Documents and Settings\\Golis family\\Plocha\\P185623111.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [22. 3. 2009 12:25 174600]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [28. 6. 2010 11:36 28552]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 13:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12. 8. 2010 14:16 810144]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13. 4. 2010 23:33 246520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14. 4. 2010 13:44 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 09:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-10-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-14 15:58]
2010-10-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-27 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://mystart.incredimail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.Facesounds.com
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://search.Facesounds.com/?q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}\components\Engine.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- NASTAVENÍ FIREFOXU ----
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.3.62.1\facemoods.dll
BHO-{d0418393-40ee-8c3e-cc8a-9f94198b7ea0} - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll
HKCU-Run-NVIDIA driver monitor - c:\windows\nvsvc32.exe
HKCU-Run-WindowsDriverControl - c:\documents and settings\Golis family\Data aplikací\C-76947-8457-2745\wincdrsvn.exe
HKLM-Run-NVIDIA driver monitor - c:\windows\nvsvc32.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.3.62.1\uninstall.exe
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-343818398-823518204-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'explorer.exe'(2156)
c:\windows\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-10-11 20:39:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-11 18:39
Před spuštěním: Volných bajtů: 11 719 471 104
Po spuštění: Volných bajtů: 11 700 269 056
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 9DFE8D0824DBC80DC4B2CCBB6FA8A511
Re: Rozposielaný vír cez skype
Napsal: 14 říj 2010 22:06
Script urob znova.
Re: Rozposielaný vír cez skype
Napsal: 20 říj 2010 19:49
Zdravíčko...tu je LOG ComboFix 10-10-19.04 - Golis family . 10. 2010 20:39:18.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1789.1405 [GMT 2:00]
Spuštěný z: c:\documents and settings\Golis family\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Golis family\Plocha\CFScript.txt.txt
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FILE ::
"C:\tsa.exe"
"c:\windows\nvsvc32.exe"
"c:\windows\Olufya.exe"
"c:\windows\system32\KB905474\wgasetup.exe"
"c:\windows\Tasks\WGASetup.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Golis family\Data aplikací\C-76947-8457-2745
.
---- Předchozí spuštění -------
.
C:\tsa.exe
c:\windows\Olufya.exe
c:\windows\system32\KB905474\wgasetup.exe
c:\windows\Tasks\WGASetup.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-20 do 2010-10-20 )))))))))))))))))))))))))))))))
.
2010-10-13 18:05 . 2010-10-13 18:05 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\Nseries
2010-10-13 18:04 . 2010-10-13 18:04 -------- d-----w- c:\documents and settings\Golis family\Local Settings\Data aplikací\Nokia
2010-10-12 19:58 . 2010-10-12 19:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2010-10-12 19:58 . 2010-10-12 19:58 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\PC Suite
2010-10-12 19:57 . 2004-08-03 21:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-10-12 19:57 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-10-12 19:57 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-12 19:35 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-10-12 19:35 . 2010-10-12 19:35 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-12 19:34 . 2010-02-26 12:21 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-10-12 19:34 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-10-12 19:06 . 2010-10-12 19:06 -------- d-----w- C:\314f0c01abf5b4d7ea6d
2010-10-12 19:06 . 2010-10-12 19:57 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-10-12 19:06 . 2010-10-12 19:06 -------- d-----w- c:\windows\system32\LogFiles
2010-10-12 18:41 . 2010-10-12 18:41 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\Nokia
2010-10-11 19:02 . 2007-07-21 11:53 495104 ----a-w- c:\windows\rejoice02.exe
2010-10-11 19:02 . 2010-10-11 19:02 -------- d-----w- c:\windows\rejoice02 Uninstaller
2010-10-11 19:02 . 2007-07-21 11:52 903168 ----a-w- c:\windows\rejoice02.scr
2010-10-10 19:38 . 2010-10-10 20:38 -------- d-----w- c:\program files\trend micro
2010-10-10 19:38 . 2010-10-10 19:38 -------- d-----w- C:\rsit
2010-10-10 16:53 . 2010-10-10 16:53 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\ESET
2010-09-28 20:43 . 2010-09-28 20:43 -------- d-----w- c:\program files\AccuWeather.com Stratus
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\KB905474 ----
2010-04-27 12:45 . 2009-03-10 20:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-27 12:45 . 2009-02-09 16:51 13502 ----a-w- c:\windows\system32\KB905474\wga_eula.txt
------- Sigcheck -------
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[-] 2004-08-17 . 3CA180B1D5BD5CC22374B2FB77491EE8 . 1881088 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 3CA180B1D5BD5CC22374B2FB77491EE8 . 1881088 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3873F029-A2F7-42D1-94C1-A35ED1C59096}]
2010-06-11 15:44 2604032 ------w- c:\program files\FaceSounds Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\Softonic-Eng7\tbSof0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\Brothersoft\tbBro1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
"{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}"= "c:\program files\FaceSounds Toolbar\tbcore3.dll" [2010-06-11 2604032]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CLASSES_ROOT\clsid\{8b52078d-b630-4b00-a0ab-54d51cedd9aa}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
"{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}"= "c:\program files\FaceSounds Toolbar\tbcore3.dll" [2010-06-11 2604032]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CLASSES_ROOT\clsid\{8b52078d-b630-4b00-a0ab-54d51cedd9aa}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-01-05 2199552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-08-07 353736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Golis family\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-09-11 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-29 74752]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-01-05 2199552]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Golis family\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AccuWeather.lnk - c:\program files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe [2010-9-28 95232]
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885]
Y'z ToolBar.lnk - c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-9-29 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bywifi\\bywifi.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\nainstalovanehry\\PROTOTYPE\\prototypef.exe"=
"d:\\nainstalovanehry\\BF2\\BF2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\nainstalovanehry\\WOTLK\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [22. 3. 2009 12:25 174600]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [28. 6. 2010 11:36 28552]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 13:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12. 8. 2010 14:16 810144]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13. 4. 2010 23:33 246520]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12. 10. 2010 21:34 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12. 10. 2010 21:34 8320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14. 4. 2010 13:44 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 09:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-10-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-14 15:58]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}\components\Engine.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- NASTAVENÍ FIREFOXU ----
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
- - - - - - - > 'explorer.exe'(844)
c:\windows\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-10-20 20:46:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-20 18:46
ComboFix2.txt 2010-10-11 18:39
Před spuštěním: Volných bajtů: 10 639 093 760
Po spuštění: Volných bajtů: 10 673 451 008
- - End Of File - - 41B25CF5562794A9611475B740038182
Nahr nˇ probŘhlo ŁspŘçnŘ
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1789.1405 [GMT 2:00]
Spuštěný z: c:\documents and settings\Golis family\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Golis family\Plocha\CFScript.txt.txt
AV: ESET Smart Security 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FILE ::
"C:\tsa.exe"
"c:\windows\nvsvc32.exe"
"c:\windows\Olufya.exe"
"c:\windows\system32\KB905474\wgasetup.exe"
"c:\windows\Tasks\WGASetup.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Golis family\Data aplikací\C-76947-8457-2745
.
---- Předchozí spuštění -------
.
C:\tsa.exe
c:\windows\Olufya.exe
c:\windows\system32\KB905474\wgasetup.exe
c:\windows\Tasks\WGASetup.job
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-20 do 2010-10-20 )))))))))))))))))))))))))))))))
.
2010-10-13 18:05 . 2010-10-13 18:05 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\Nseries
2010-10-13 18:04 . 2010-10-13 18:04 -------- d-----w- c:\documents and settings\Golis family\Local Settings\Data aplikací\Nokia
2010-10-12 19:58 . 2010-10-12 19:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Suite
2010-10-12 19:58 . 2010-10-12 19:58 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\PC Suite
2010-10-12 19:57 . 2004-08-03 21:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-10-12 19:57 . 2004-08-03 21:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-10-12 19:57 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-12 19:35 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-10-12 19:35 . 2010-10-12 19:35 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-12 19:34 . 2010-02-26 12:21 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2010-10-12 19:34 . 2010-02-26 12:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-10-12 19:06 . 2010-10-12 19:06 -------- d-----w- C:\314f0c01abf5b4d7ea6d
2010-10-12 19:06 . 2010-10-12 19:57 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-10-12 19:06 . 2010-10-12 19:06 -------- d-----w- c:\windows\system32\LogFiles
2010-10-12 18:41 . 2010-10-12 18:41 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\Nokia
2010-10-11 19:02 . 2007-07-21 11:53 495104 ----a-w- c:\windows\rejoice02.exe
2010-10-11 19:02 . 2010-10-11 19:02 -------- d-----w- c:\windows\rejoice02 Uninstaller
2010-10-11 19:02 . 2007-07-21 11:52 903168 ----a-w- c:\windows\rejoice02.scr
2010-10-10 19:38 . 2010-10-10 20:38 -------- d-----w- c:\program files\trend micro
2010-10-10 19:38 . 2010-10-10 19:38 -------- d-----w- C:\rsit
2010-10-10 16:53 . 2010-10-10 16:53 -------- d-----w- c:\documents and settings\Golis family\Data aplikací\ESET
2010-09-28 20:43 . 2010-09-28 20:43 -------- d-----w- c:\program files\AccuWeather.com Stratus
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\KB905474 ----
2010-04-27 12:45 . 2009-03-10 20:26 1435008 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-27 12:45 . 2009-02-09 16:51 13502 ----a-w- c:\windows\system32\KB905474\wga_eula.txt
------- Sigcheck -------
[-] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[-] 2004-08-17 . 3CA180B1D5BD5CC22374B2FB77491EE8 . 1881088 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-17 . 3CA180B1D5BD5CC22374B2FB77491EE8 . 1881088 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 15:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3873F029-A2F7-42D1-94C1-A35ED1C59096}]
2010-06-11 15:44 2604032 ------w- c:\program files\FaceSounds Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\Softonic-Eng7\tbSof0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\Brothersoft\tbBro1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-09-15 13:36 2735200 ----a-w- c:\program files\BS_Player\tbBS_0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{e8de9422-3b2c-4243-bf6f-235da84d8ef8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
"{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}"= "c:\program files\FaceSounds Toolbar\tbcore3.dll" [2010-06-11 2604032]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CLASSES_ROOT\clsid\{8b52078d-b630-4b00-a0ab-54d51cedd9aa}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof0.dll" [2010-09-15 2735200]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_0.dll" [2010-09-15 2735200]
"{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}"= "c:\program files\Brothersoft\tbBro1.dll" [2010-09-15 2735200]
"{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}"= "c:\program files\FaceSounds Toolbar\tbcore3.dll" [2010-06-11 2604032]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]
[HKEY_CLASSES_ROOT\clsid\{8b52078d-b630-4b00-a0ab-54d51cedd9aa}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\FMTLB0001.FMTLB0001]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-01-05 2199552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-03-19 2363392]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-08-07 353736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Google Update"="c:\documents and settings\Golis family\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-09-11 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-06-29 74752]
"bywifi"="c:\program files\Bywifi\bywifi.exe" [2010-01-05 2199552]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Golis family\Nabˇdka Start\Programy\Po spuçtŘnˇ\
AccuWeather.lnk - c:\program files\AccuWeather.com Stratus\AccuWeather.com Stratus.exe [2010-9-28 95232]
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-2-21 1826885]
Y'z ToolBar.lnk - c:\windows\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-9-29 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bywifi\\bywifi.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\nainstalovanehry\\PROTOTYPE\\prototypef.exe"=
"d:\\nainstalovanehry\\BF2\\BF2.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\nainstalovanehry\\WOTLK\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [22. 3. 2009 12:25 174600]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [28. 6. 2010 11:36 28552]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29. 7. 2010 13:31 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12. 8. 2010 14:16 810144]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [13. 4. 2010 23:33 246520]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [12. 10. 2010 21:34 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [12. 10. 2010 21:34 8320]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14. 4. 2010 13:44 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 09:15 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-10-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-04-14 15:58]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{09E90109-A9AA-4980-BCEF-76F8D924E902} - c:\program files\Bywifi\bywifici.exe
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{8B52078D-B630-4B00-A0AB-54D51CEDD9AA}\components\Engine.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Golis family\Data aplikací\Mozilla\Firefox\Profiles\dmrp1idn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
---- NASTAVENÍ FIREFOXU ----
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: network.proxy.type - 2
FF - user.js: network.proxy.autoconfig_url - hxxp://localhost:9000/proxy.pac
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
- - - - - - - > 'explorer.exe'(844)
c:\windows\BricoPacks\Vista Inspirat\ObjectDock\DockShellHook.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\IncrediMail\bin\IMApp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-10-20 20:46:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-20 18:46
ComboFix2.txt 2010-10-11 18:39
Před spuštěním: Volných bajtů: 10 639 093 760
Po spuštění: Volných bajtů: 10 673 451 008
- - End Of File - - 41B25CF5562794A9611475B740038182
Nahr nˇ probŘhlo ŁspŘçnŘ
Re: Rozposielaný vír cez skype
Napsal: 21 říj 2010 21:09
Toto poznate?
c:\windows\rejoice02.exe
c:\windows\rejoice02 Uninstaller
c:\windows\rejoice02.scr
Ak nie, hodte to na virustotal.com
c:\windows\rejoice02.exe
c:\windows\rejoice02 Uninstaller
c:\windows\rejoice02.scr
Ak nie, hodte to na virustotal.com
Re: Rozposielaný vír cez skype
Napsal: 22 říj 2010 06:33
No áno to by mal byť šetrič ...inak ok ?
Re: Rozposielaný vír cez skype
Napsal: 22 říj 2010 15:54
tuto zlozku : c:\windows\system32\KB905474
prosim ta, skopiruj do c:\quoobox
C:\quoobox potom zraruj winraruj a upni na leteckaposta.cz
Odkaz mi, prosim, posli.
Ked to urobis, zmaz : c:\windows\system32\KB905474
Odinstaluj Ask Toolbar
prosim ta, skopiruj do c:\quoobox
C:\quoobox potom zraruj winraruj a upni na leteckaposta.cz
Odkaz mi, prosim, posli.
Ked to urobis, zmaz : c:\windows\system32\KB905474
Odinstaluj Ask Toolbar
Re: Rozposielaný vír cez skype
Napsal: 22 říj 2010 16:57
Zdravíčko, tu je Link:---http://leteckaposta.cz/101737577---
+ nwm mám delete aj to Quoobox ?
+ že ask toolbar nemôžem najsť
+ celý PC mi uplne mrzne no viac menej iba Google chrome...je to na porazenie
nechel ani uploadnut na leteckupostu...
+ nwm mám delete aj to Quoobox ?
+ že ask toolbar nemôžem najsť
+ celý PC mi uplne mrzne no viac menej iba Google chrome...je to na porazenie
nechel ani uploadnut na leteckupostu...Re: Rozposielaný vír cez skype
Napsal: 22 říj 2010 18:39
Start >> napis Combofix /Uninstall >> enter
tym ho odinstaluj.
Zmaz :
c:\program files\AskBarDis - ak existuje
Vypni prehliadace a precisti pc s ccleanerom : http://www.viry.cz/forum/viewtopic.php?t=7478
tym ho odinstaluj.
Zmaz :
c:\program files\AskBarDis - ak existuje
Vypni prehliadace a precisti pc s ccleanerom : http://www.viry.cz/forum/viewtopic.php?t=7478
Re: Rozposielaný vír cez skype
Napsal: 23 říj 2010 16:08
Súbor existoval...ale už je po ňom 
+ Pc vyčistení a chcel som sa opýtať ja používam program GLARY UTILITIES...je dobrý na takéto veci?
+ budem vyzerať ako puk, ale naozaj nwm unnistalnuť...normál štart hladať napísal som a nič
+ Pc vyčistení a chcel som sa opýtať ja používam program GLARY UTILITIES...je dobrý na takéto veci?
+ budem vyzerať ako puk, ale naozaj nwm unnistalnuť...normál štart hladať napísal som a nič
Re: Rozposielaný vír cez skype
Napsal: 23 říj 2010 16:11
Keby ste mi s tym pomohli s tym pomocuu http://teamviewer.com/cs/index.aspx ?
Re: Rozposielaný vír cez skype
Napsal: 23 říj 2010 16:47
Pfuu uz to mam unistall..
neni treba pomoci...
neni treba pomoci...Re: Rozposielaný vír cez skype
Napsal: 24 říj 2010 10:07
Te program ja nepouzivam, takze neviem povedat, nikdy som ho neskusal.
Ako je na tom pocitac?
Ako je na tom pocitac?