VIRY.CZ

Ahoj,

už dvakrát jsem zkoušel přes Gmer tu druhou kontrolu (rozsáhlejší), ale nenajelo mi to nakonec, zdá se mi - nezmizelo OK a STORO (nezešedlo), jako poprvé, nebo se mi to zdálo?

Dlouho se to už stejně nehlo, tak jsem to uložil. Každopádně přikládám oba logy:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-25 23:51:22
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\zeezo\AppData\Local\Temp\fwlcypow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

-----------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-25 23:48:45
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\zeezo\AppData\Local\Temp\fwlcypow.sys

---- System - GMER 1.0.15 ----

SSDT 8F05CA9C ZwCreateThread
SSDT 8F05CA88 ZwOpenProcess
SSDT 8F05CA8D ZwOpenThread
SSDT 8F05CA97 ZwTerminateProcess

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829EACD0
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829EA0E8
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829EA3D8
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829D5D64
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829D601C
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829EA1C0
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829EAB40
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829EA6D4
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829EB100
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 829EB36C

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 826C6984 4 Bytes [9C, CA, 05, 8F] {PUSHF ; RETF 0x8f05}
.text ntkrnlpa.exe!KeSetEvent + 3F1 826C6B54 4 Bytes [88, CA, 05, 8F]
.text ntkrnlpa.exe!KeSetEvent + 40D 826C6B70 4 Bytes [8D, CA, 05, 8F]
.text ntkrnlpa.exe!KeSetEvent + 621 826C6D84 4 Bytes [97, CA, 05, 8F] {XCHG EDI, EAX; RETF 0x8f05}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90009000, 0x1E6984, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000041 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fc62cfa7f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x78 0x19 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x71 0x9B 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x71 0x5F 0x7B 0x96 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0xD2 0x07 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDD 0xF5 0xF0 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x63 0x46 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fc62cfa7f
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x78 0x19 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x71 0x9B 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x71 0x5F 0x7B 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0xD2 0x07 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDD 0xF5 0xF0 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x63 0x46 0x5E ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fc62cfa7f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8E 0x78 0x19 0x1E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x71 0x9B 0xA9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x71 0x5F 0x7B 0x96 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0xD2 0x07 0x4C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDD 0xF5 0xF0 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x63 0x46 0x5E ...

---- EOF - GMER 1.0.15 ----

Jak to vypadá s počítačem?
Spustte combofix

Jak vypadá počítač?..

Hned po startu jsem to poznal, zrychlilo se to a mozzila se neseká (zatím) :-O A nejlepší plus, který jsem si všiml, že už mi jede Google chrome (předtím jen bílá stránka a nic nechtělo najet).

Za chvíli se pustím do Combofix.

Log z combofix:

ComboFix 10-02-25.02 - zeezo 26.02.2010 11:03:46.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2016 [GMT 1:00]
Spuštěný z: c:\users\zeezo\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AVSredirect.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 10:11 . 2010-02-26 10:12 -------- d-----w- c:\users\zeezo\AppData\Local\temp
2010-02-26 10:11 . 2010-02-26 10:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-26 10:11 . 2010-02-26 10:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-26 09:14 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-02-26 09:14 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-02-26 09:14 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-02-26 09:14 . 2010-02-26 09:14 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-26 09:09 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-02-26 09:09 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-02-26 09:09 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-02-26 09:08 . 2010-02-26 09:08 -------- d-----w- c:\program files\eRightSoft
2010-02-25 16:15 . 2010-02-25 16:15 -------- d-----w- c:\users\zeezo\AppData\Roaming\Sony Creative Software
2010-02-24 18:40 . 2010-02-24 18:40 -------- d-----w- C:\rsit
2010-02-21 16:01 . 2010-02-21 16:01 -------- d-----w- c:\users\zeezo\AppData\Local\Opera
2010-02-21 15:53 . 2010-02-21 15:53 -------- d-----w- c:\program files\Opera
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\users\zeezo\AppData\Roaming\Malwarebytes
2010-02-18 13:13 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\programdata\Malwarebytes
2010-02-18 13:13 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 12:56 . 2010-02-18 12:56 2131336 ----a-w- c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-02-18 12:39 . 2010-02-18 12:39 -------- d-----w- C:\_OTM
2010-02-17 12:16 . 2010-02-17 12:16 -------- d-----w- c:\windows\MSSecurityNS
2010-02-17 12:16 . 2010-02-17 12:16 -------- d-----w- c:\windows\MSSecurityNi
2010-02-15 18:01 . 2010-02-15 18:01 -------- d-----w- c:\users\zeezo\.jenny
2010-02-12 10:18 . 2010-02-12 10:18 -------- d-----w- c:\users\zeezo\AppData\Roaming\Publish Providers
2010-02-12 10:10 . 2010-02-12 10:10 -------- d-----w- c:\programdata\Sony
2010-02-12 09:59 . 2010-02-24 19:10 -------- d-----w- c:\users\zeezo\AppData\Roaming\Sony
2010-02-12 09:59 . 2010-02-12 09:59 -------- d-----w- c:\users\zeezo\AppData\Local\Sony
2010-02-12 09:35 . 2010-02-12 10:10 -------- d-----w- c:\program files\Sony
2010-02-11 15:27 . 2010-02-11 15:27 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-02-08 11:59 . 2010-02-08 11:59 -------- d-----w- c:\program files\Sprinx Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 08:43 . 2009-10-05 09:46 -------- d-----w- c:\users\zeezo\AppData\Roaming\uTorrent
2010-02-25 23:04 . 2007-04-21 10:36 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-25 18:29 . 2008-04-04 09:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-02-25 10:21 . 2009-10-05 09:48 -------- d-----w- c:\program files\Ask.com
2010-02-24 22:25 . 2009-09-12 13:06 101592 ----a-w- c:\users\zeezo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 11:26 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 02:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-12 02:04 . 2008-04-04 06:18 -------- d-----w- c:\programdata\Microsoft Help
2010-02-07 11:47 . 2007-04-21 11:18 610786 ----a-w- c:\windows\system32\perfh005.dat
2010-02-07 11:47 . 2007-04-21 11:18 121156 ----a-w- c:\windows\system32\perfc005.dat
2010-01-30 22:24 . 2009-09-26 01:51 -------- d-----w- c:\program files\Google
2010-01-28 11:27 . 2009-09-13 16:02 -------- d-----w- c:\program files\Meric
2010-01-28 11:27 . 2009-09-13 16:02 249856 ------w- c:\windows\Setup1.exe
2010-01-28 11:27 . 2009-09-13 16:02 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-25 12:00 . 2010-02-24 12:21 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 12:21 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 12:21 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 12:21 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 12:21 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 12:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 12:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 12:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 12:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 12:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 15:26 . 2010-01-18 15:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2010-01-11 16:33 . 2009-12-05 11:47 -------- d-----w- c:\users\zeezo\AppData\Roaming\VSO
2010-01-09 10:47 . 2009-09-14 09:57 -------- d-----w- c:\program files\XTB-Trader
2010-01-06 22:06 . 2009-10-02 11:49 -------- d-----w- c:\program files\XMind
2010-01-06 15:51 . 2010-01-06 15:51 -------- d-----w- c:\users\zeezo\AppData\Roaming\DAEMON Tools
2010-01-06 15:39 . 2010-02-24 12:21 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 12:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 12:21 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 12:21 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 12:21 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 12:21 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 12:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-04 23:24 . 2008-04-04 06:25 -------- d-----w- c:\program files\Microsoft Works
2010-01-04 22:04 . 2010-01-04 22:04 -------- d-----w- c:\users\zeezo\AppData\Roaming\gtk-2.0
2009-12-30 10:08 . 2009-09-13 17:30 -------- d-----w- c:\users\zeezo\AppData\Roaming\ICQ
2009-12-28 18:51 . 2009-11-06 11:35 -------- d-----w- c:\program files\ICQ6.5
2009-12-11 11:43 . 2010-02-10 19:17 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 19:17 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 19:17 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 19:17 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 19:17 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 19:17 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-08 11:28 . 2009-09-12 17:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:30 . 2010-02-10 19:17 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 19:17 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 19:17 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 19:17 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 19:17 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 19:17 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 19:17 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 19:17 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 19:17 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 19:17 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 19:17 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-05-03 10:06 . 2010-02-26 09:09 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-02-26 09:09 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-02-26 09:09 216064 --sh--r- c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-13 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-12 289584]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-08-28 655360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-16 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Pandion.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Pandion.lnk
backup=c:\windows\pss\Pandion.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^zeezo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2554964A.lnk]
path=c:\users\zeezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2554964A.lnk
backup=c:\windows\pss\2554964A.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-04-04 09:03 37232 ----a-w- c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-04-04 09:04 33136 ----a-w- c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,8d,14,20,5b,40,ca,01

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [4.4.2008 9:37 15416]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.9.2009 18:38 108289]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [17.9.2009 10:18 188416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2009 2:51 133104]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29.7.2008 4:45 904192]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\System32\drivers\AVerFx2hbtv.sys [17.9.2009 10:19 220672]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [28.8.2009 18:42 17408]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [12.9.2009 16:40 218112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:51]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:51]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2516701040-127558009-1632579882-1000Core.job
- c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 15:52]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2516701040-127558009-1632579882-1000UA.job
- c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 15:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: {471CF5F2-849C-40C9-A596-525E49E23672} = 192.168.223.223
TCP: {55DEB3BA-311B-413C-AEFA-AD69A31A6600} = 192.168.225.225
FF - ProfilePath - c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\zeezo\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 11:12
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

c:\users\zeezo\AppData\Local\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2010-02-26 11:15:06
ComboFix-quarantined-files.txt 2010-02-26 10:14
ComboFix2.txt 2010-02-24 22:47

Před spuštěním: Volných bajtů: 11 271 843 840
Po spuštění: Volných bajtů: 11 239 342 080

- - End Of File - - A215E9F73EFEF283882AB5E8393D1519

Otestujte na www.virustotal.com
c:\windows\System32\drivers\netaapl.sys

Dobrý večer,

spustil jsem test, a neobjevilo to žádnou chybu (teda myslím si, napravo od názvů antivirů - sloupec "Výsledky" bylo všude jen "-").

tyto složky znáte?
c:\windows\MSSecurityNS
c:\windows\MSSecurityNi
c:\users\zeezo\.jenny

Otestujte na http://www.virustotal.com
c:\windows\system32\acovcnt.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Pandion.lnk
c:\users\zeezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2554964A.lnk

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
C:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com
c:\program files\Ask.com

Dirlook::
c:\windows\MSSecurityNS

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Dobrý večer, složky neznám.

Soubor 2554964A.lnk jsem nemohl najít, další dva jsou zkontrolovány a ok.

Zde log z combofixu:

ComboFix 10-02-26.01 - zeezo 26.02.2010 22:42:36.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2025 [GMT 1:00]
Spuštěný z: c:\users\zeezo\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\zeezo\Desktop\CFScript.txt.txt
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\datastore\cache.sqlite
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\defaults.js.bak
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome.manifest
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\about.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\about.xul
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\constants.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\db.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\events.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\json.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\lifecycle.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\listeners.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\logger.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\network.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\observer.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\options.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\options.xul
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\preferences.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\toolbar.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\utilities.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\widget-controller.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\widget-frame.xul
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\widget-popup.xul
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\content\widgets.js
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\abc.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\amazon_16x.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\as.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\bbc_news.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\beppe_grillo.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\bild.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\blogs.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\business.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\Close.gif
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\cnn_16x.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\corriere_della_sera.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\dictionary.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\el_mundo.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\email_16x.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\expansion.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\facebook_16x.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\folha.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\ft.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\ftd.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\g1.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\games_16x.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\gazzetta_dello_sport.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\gripper.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\highlight_16x.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\highlighter_off.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\highlighter_on.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\chevron.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\images.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\kicker.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\labels-de.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\labels-en.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\labels-es.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\labels-fr.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\labels-it.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\labels-nl.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\labels-pt.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\labels-ru.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\laposte.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\lemonde.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\lequipe.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\libero_it.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\links-BR.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\links-DE.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\links-ES.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\links-EU.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\links-FR.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\links-IT.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\links-NL.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\links-RU.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\links-UK.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\links-US.properties
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\magnify_search.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\magnify_search_grey_16x.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\maps.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\marmiton.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\mtv.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\news.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\oglobo.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\orkut.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\preferences.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_ask.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_de.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_es.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_fr.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_it.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_nl.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pl.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pt.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_ru.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_cobrand.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_current_site.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_de.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_es.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_fr.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_it.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_nl.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_pl.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_pt.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\search_ru.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\shopping.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\sports.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\stocks.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\terra.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\toolbar.css
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\toolbar.xul
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\tv.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\tv_movie_de.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\uol.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\weather.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\weather_16x.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\web.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\web_de.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\widget-popup.css
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\WindowTop.gif
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\wordoftheday_16x.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\youtube_16x.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\skin\zoomall.png
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-12-Dec-2009-11-33-10-GMT\ff-config.zip
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-25-Feb-2010-13-02-56-GMT\ff-config.zip
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-06-Oct-2009-12-43-17-GMT\ff-config.zip
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\install.rdf
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1266994304622.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267010700932.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267102976145.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267102979881.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267114779077.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267114931106.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267115527905.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267126253318.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267127508991.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267138130743.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267173796711.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267184228928.html
c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\extensions\toolbar@ask.com\logs\asktb-log-1267211628261.html
c:\windows\system32\AVSredirect.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 21:49 . 2010-02-26 21:49 -------- d-----w- c:\users\zeezo\AppData\Local\temp
2010-02-26 21:49 . 2010-02-26 21:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-26 21:49 . 2010-02-26 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-26 09:14 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-02-26 09:14 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-02-26 09:14 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-02-26 09:14 . 2010-02-26 09:14 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-26 09:09 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-02-26 09:09 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-02-26 09:09 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-02-26 09:08 . 2010-02-26 09:08 -------- d-----w- c:\program files\eRightSoft
2010-02-25 16:15 . 2010-02-25 16:15 -------- d-----w- c:\users\zeezo\AppData\Roaming\Sony Creative Software
2010-02-24 18:40 . 2010-02-24 18:40 -------- d-----w- C:\rsit
2010-02-21 16:01 . 2010-02-21 16:01 -------- d-----w- c:\users\zeezo\AppData\Local\Opera
2010-02-21 15:53 . 2010-02-21 15:53 -------- d-----w- c:\program files\Opera
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\users\zeezo\AppData\Roaming\Malwarebytes
2010-02-18 13:13 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\programdata\Malwarebytes
2010-02-18 13:13 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 12:39 . 2010-02-18 12:39 -------- d-----w- C:\_OTM
2010-02-17 12:16 . 2010-02-17 12:16 -------- d-----w- c:\windows\MSSecurityNS
2010-02-17 12:16 . 2010-02-17 12:16 -------- d-----w- c:\windows\MSSecurityNi
2010-02-12 10:18 . 2010-02-12 10:18 -------- d-----w- c:\users\zeezo\AppData\Roaming\Publish Providers
2010-02-12 10:10 . 2010-02-12 10:10 -------- d-----w- c:\programdata\Sony
2010-02-12 09:59 . 2010-02-24 19:10 -------- d-----w- c:\users\zeezo\AppData\Roaming\Sony
2010-02-12 09:59 . 2010-02-12 09:59 -------- d-----w- c:\users\zeezo\AppData\Local\Sony
2010-02-12 09:35 . 2010-02-12 10:10 -------- d-----w- c:\program files\Sony
2010-02-11 15:27 . 2010-02-11 15:27 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-02-08 11:59 . 2010-02-08 11:59 -------- d-----w- c:\program files\Sprinx Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 19:09 . 2009-10-05 09:46 -------- d-----w- c:\users\zeezo\AppData\Roaming\uTorrent
2010-02-26 12:38 . 2007-04-21 10:36 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-25 18:29 . 2008-04-04 09:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-02-24 22:25 . 2009-09-12 13:06 101592 ----a-w- c:\users\zeezo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 11:26 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 02:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-12 02:04 . 2008-04-04 06:18 -------- d-----w- c:\programdata\Microsoft Help
2010-02-07 11:47 . 2007-04-21 11:18 610786 ----a-w- c:\windows\system32\perfh005.dat
2010-02-07 11:47 . 2007-04-21 11:18 121156 ----a-w- c:\windows\system32\perfc005.dat
2010-01-30 22:24 . 2009-09-26 01:51 -------- d-----w- c:\program files\Google
2010-01-28 11:27 . 2009-09-13 16:02 -------- d-----w- c:\program files\Meric
2010-01-28 11:27 . 2009-09-13 16:02 249856 ------w- c:\windows\Setup1.exe
2010-01-28 11:27 . 2009-09-13 16:02 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-25 12:00 . 2010-02-24 12:21 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 12:21 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 12:21 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 12:21 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 12:21 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 12:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 12:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 12:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 12:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 12:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 15:26 . 2010-01-18 15:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2010-01-11 16:33 . 2009-12-05 11:47 -------- d-----w- c:\users\zeezo\AppData\Roaming\VSO
2010-01-09 10:47 . 2009-09-14 09:57 -------- d-----w- c:\program files\XTB-Trader
2010-01-06 22:06 . 2009-10-02 11:49 -------- d-----w- c:\program files\XMind
2010-01-06 15:51 . 2010-01-06 15:51 -------- d-----w- c:\users\zeezo\AppData\Roaming\DAEMON Tools
2010-01-06 15:39 . 2010-02-24 12:21 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 12:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 12:21 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 12:21 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 12:21 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 12:21 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 12:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-04 23:24 . 2008-04-04 06:25 -------- d-----w- c:\program files\Microsoft Works
2010-01-04 22:04 . 2010-01-04 22:04 -------- d-----w- c:\users\zeezo\AppData\Roaming\gtk-2.0
2009-12-30 10:08 . 2009-09-13 17:30 -------- d-----w- c:\users\zeezo\AppData\Roaming\ICQ
2009-12-11 11:43 . 2010-02-10 19:17 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 19:17 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 19:17 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 19:17 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 19:17 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 19:17 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-08 11:28 . 2009-09-12 17:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:30 . 2010-02-10 19:17 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 19:17 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 19:17 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 19:17 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 19:17 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 19:17 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 19:17 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 19:17 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 19:17 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 19:17 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 19:17 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-05-03 10:06 . 2010-02-26 09:09 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-02-26 09:09 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-02-26 09:09 216064 --sh--r- c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\MSSecurityNS ----

2010-02-17 12:16 . 2010-02-17 12:16 2004 ----a-w- c:\windows\MSSecurityNS\logs\setup_sec_c.dll

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-13 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-12 289584]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-08-28 655360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-16 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Pandion.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Pandion.lnk
backup=c:\windows\pss\Pandion.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^zeezo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2554964A.lnk]
path=c:\users\zeezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2554964A.lnk
backup=c:\windows\pss\2554964A.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-04-04 09:03 37232 ----a-w- c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-04-04 09:04 33136 ----a-w- c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,8d,14,20,5b,40,ca,01

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [4.4.2008 9:37 15416]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.9.2009 18:38 108289]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [17.9.2009 10:18 188416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2009 2:51 133104]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29.7.2008 4:45 904192]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\System32\drivers\AVerFx2hbtv.sys [17.9.2009 10:19 220672]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [28.8.2009 18:42 17408]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [12.9.2009 16:40 218112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:51]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:51]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2516701040-127558009-1632579882-1000Core.job
- c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 15:52]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2516701040-127558009-1632579882-1000UA.job
- c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 15:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: {471CF5F2-849C-40C9-A596-525E49E23672} = 192.168.223.223
TCP: {55DEB3BA-311B-413C-AEFA-AD69A31A6600} = 192.168.225.225
FF - ProfilePath - c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\zeezo\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 22:49
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2010-02-26 22:52:55
ComboFix-quarantined-files.txt 2010-02-26 21:52
ComboFix2.txt 2010-02-26 10:15
ComboFix3.txt 2010-02-24 22:47

Před spuštěním: Volných bajtů: 10 436 517 888
Po spuštění: Volných bajtů: 10 401 558 528

- - End Of File - - BA16E3C8EEBFF5FFA516FE399A6EEB36

Otestujte na www.virustotal.com
c:\windows\MSSecurityNS\logs\setup_sec_c.dll

-> Soubor je v pořádku.

Jak to ted vypadá s počítačem?

Můžete se prosím podívat co je v této složce?
c:\users\zeezo\.jenny

tyto dva soubory znáte? Neco se Vám spouští po startu
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Pandion.lnk
c:\users\zeezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2554964A.lnk

Dobrý den,

ve složce Jenny nic nebylo, tak jsem ji smazal.

Z těch dvou programů znám pouze Pandion (jabber klient).

Tak ten druhý smažeme.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
c:\users\zeezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2554964A.lnk
c:\windows\pss\2554964A.lnk.Startup
Registry::
[-HKLM\~\startupfolder\C:^Users^zeezo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2554964A.lnk]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Log z combofixu:

ComboFix 10-02-27.04 - zeezo 27.02.2010 20:04:33.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1703 [GMT 1:00]
Spuštěný z: c:\users\zeezo\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\zeezo\Desktop\CFScript.txt.txt
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\windows\pss\2554964A.lnk.Startup
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\pss\2554964A.lnk.Startup

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-27 do 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 19:10 . 2010-02-27 19:10 -------- d-----w- c:\users\zeezo\AppData\Local\temp
2010-02-27 19:10 . 2010-02-27 19:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-27 19:10 . 2010-02-27 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-26 22:06 . 2010-02-26 22:08 -------- d-----w- c:\program files\TO2SSM
2010-02-26 22:02 . 2010-02-26 22:15 -------- d-----w- c:\users\zeezo\AppData\Roaming\Motive
2010-02-26 22:02 . 2010-02-26 22:02 -------- d-----w- c:\program files\TO2SAM
2010-02-26 22:01 . 2010-02-26 22:07 -------- d-----w- c:\program files\Common Files\Motive
2010-02-26 22:01 . 2010-02-26 22:08 -------- d-----w- c:\programdata\Motive
2010-02-26 09:14 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-02-26 09:14 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-02-26 09:14 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-02-26 09:14 . 2010-02-26 09:14 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-26 09:09 . 2008-03-16 13:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-02-26 09:09 . 2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-02-26 09:09 . 2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-02-26 09:08 . 2010-02-26 09:08 -------- d-----w- c:\program files\eRightSoft
2010-02-25 16:15 . 2010-02-25 16:15 -------- d-----w- c:\users\zeezo\AppData\Roaming\Sony Creative Software
2010-02-24 18:40 . 2010-02-24 18:40 -------- d-----w- C:\rsit
2010-02-21 16:01 . 2010-02-21 16:01 -------- d-----w- c:\users\zeezo\AppData\Local\Opera
2010-02-21 15:53 . 2010-02-21 15:53 -------- d-----w- c:\program files\Opera
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\users\zeezo\AppData\Roaming\Malwarebytes
2010-02-18 13:13 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\programdata\Malwarebytes
2010-02-18 13:13 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 13:13 . 2010-02-18 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-18 12:39 . 2010-02-18 12:39 -------- d-----w- C:\_OTM
2010-02-17 12:16 . 2010-02-17 12:16 -------- d-----w- c:\windows\MSSecurityNS
2010-02-17 12:16 . 2010-02-17 12:16 -------- d-----w- c:\windows\MSSecurityNi
2010-02-12 10:18 . 2010-02-12 10:18 -------- d-----w- c:\users\zeezo\AppData\Roaming\Publish Providers
2010-02-12 10:10 . 2010-02-12 10:10 -------- d-----w- c:\programdata\Sony
2010-02-12 09:59 . 2010-02-24 19:10 -------- d-----w- c:\users\zeezo\AppData\Roaming\Sony
2010-02-12 09:59 . 2010-02-12 09:59 -------- d-----w- c:\users\zeezo\AppData\Local\Sony
2010-02-12 09:35 . 2010-02-12 10:10 -------- d-----w- c:\program files\Sony
2010-02-11 15:27 . 2010-02-11 15:27 -------- d-----w- c:\program files\Logitech Touch Mouse Server
2010-02-08 11:59 . 2010-02-08 11:59 -------- d-----w- c:\program files\Sprinx Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 17:12 . 2009-09-13 09:28 -------- d-----w- c:\users\zeezo\AppData\Roaming\Skype
2010-02-27 16:50 . 2009-09-13 09:29 -------- d-----w- c:\users\zeezo\AppData\Roaming\skypePM
2010-02-27 14:05 . 2009-10-05 09:46 -------- d-----w- c:\users\zeezo\AppData\Roaming\uTorrent
2010-02-26 23:44 . 2007-04-21 10:36 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-25 18:29 . 2008-04-04 09:08 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-02-24 22:25 . 2009-09-12 13:06 101592 ----a-w- c:\users\zeezo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 11:26 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 02:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-12 02:04 . 2008-04-04 06:18 -------- d-----w- c:\programdata\Microsoft Help
2010-02-07 11:47 . 2007-04-21 11:18 610786 ----a-w- c:\windows\system32\perfh005.dat
2010-02-07 11:47 . 2007-04-21 11:18 121156 ----a-w- c:\windows\system32\perfc005.dat
2010-01-30 22:24 . 2009-09-26 01:51 -------- d-----w- c:\program files\Google
2010-01-28 11:27 . 2009-09-13 16:02 -------- d-----w- c:\program files\Meric
2010-01-28 11:27 . 2009-09-13 16:02 249856 ------w- c:\windows\Setup1.exe
2010-01-28 11:27 . 2009-09-13 16:02 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-25 12:00 . 2010-02-24 12:21 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 12:21 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 12:21 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 12:21 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 12:21 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 12:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 12:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 12:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 12:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 12:21 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 15:26 . 2010-01-18 15:26 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2010-01-11 16:33 . 2009-12-05 11:47 -------- d-----w- c:\users\zeezo\AppData\Roaming\VSO
2010-01-09 10:47 . 2009-09-14 09:57 -------- d-----w- c:\program files\XTB-Trader
2010-01-06 22:06 . 2009-10-02 11:49 -------- d-----w- c:\program files\XMind
2010-01-06 15:51 . 2010-01-06 15:51 -------- d-----w- c:\users\zeezo\AppData\Roaming\DAEMON Tools
2010-01-06 15:39 . 2010-02-24 12:21 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 12:21 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 12:21 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 12:21 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 12:21 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 12:21 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 12:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-04 23:24 . 2008-04-04 06:25 -------- d-----w- c:\program files\Microsoft Works
2010-01-04 22:04 . 2010-01-04 22:04 -------- d-----w- c:\users\zeezo\AppData\Roaming\gtk-2.0
2009-12-30 10:08 . 2009-09-13 17:30 -------- d-----w- c:\users\zeezo\AppData\Roaming\ICQ
2009-12-11 11:43 . 2010-02-10 19:17 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 19:17 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 19:17 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 19:17 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 19:17 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 19:17 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-08 11:28 . 2009-09-12 17:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:30 . 2010-02-10 19:17 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 19:17 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 19:17 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 19:17 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 19:17 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 19:17 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 19:17 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 19:17 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 19:17 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 19:17 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 19:17 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-05-03 10:06 . 2010-02-26 09:09 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-02-26 09:09 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-02-26 09:09 216064 --sh--r- c:\windows\System32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-13 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-12 289584]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"PTimer"="c:\program files\Sprinx Systems\Sprinx PTimer\PTimer.exe" [2007-12-07 856936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-08-28 655360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-26 677408]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-16 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Pandion.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Pandion.lnk
backup=c:\windows\pss\Pandion.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-04-04 09:03 37232 ----a-w- c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-04-04 09:04 33136 ----a-w- c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-28 19:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-06-20 10:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-06 10:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,8d,14,20,5b,40,ca,01

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [4.4.2008 9:37 15416]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [23.1.2007 13:07 39080]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.9.2009 18:38 108289]
S2 CardBusService;CardBusService;c:\program files\Common Files\AVerMedia\Service\CardBusService.exe [17.9.2009 10:18 188416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26.9.2009 2:51 133104]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [29.7.2008 4:45 904192]
S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\System32\drivers\AVerFx2hbtv.sys [17.9.2009 10:19 220672]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [28.8.2009 18:42 17408]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [12.9.2009 16:40 218112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:51]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-26 01:51]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2516701040-127558009-1632579882-1000Core.job
- c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 15:52]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2516701040-127558009-1632579882-1000UA.job
- c:\users\zeezo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-13 15:52]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
TCP: {471CF5F2-849C-40C9-A596-525E49E23672} = 192.168.223.223
TCP: {55DEB3BA-311B-413C-AEFA-AD69A31A6600} = 192.168.225.225
FF - ProfilePath - c:\users\zeezo\AppData\Roaming\Mozilla\Firefox\Profiles\e9lt7pe1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\zeezo\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 20:11
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2010-02-27 20:13:43
ComboFix-quarantined-files.txt 2010-02-27 19:13
ComboFix2.txt 2010-02-26 21:52
ComboFix3.txt 2010-02-26 10:15
ComboFix4.txt 2010-02-24 22:47

Před spuštěním: Volných bajtů: 10 308 993 024
Po spuštění: Volných bajtů: 10 267 930 624

- - End Of File - - 7BCFE145E5FEFCD8FA8A12F234E9B991
Nahr nˇ probŘhlo ŁspŘçnŘ

Jak to vypadá s počítačem?

VIRY.CZ

Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.

Re: Po odstranění virů jede počítač stále pomalu.