VIRY.CZ

Mam problem se zvukem po nejake dobe se mi vypne a tvari se to jako by v pc nebyl nainstalovan ovladac ale je a ve spravcovi se vse tvari normalne pomuze vzdy jen restart a to je otravne, chtel bych kontrolu logu ale nejde mi stahnout ten program stoho odkazu co tam mate dekuji

Zkuste ho stáhnout odtud: http://www.edisk.cz/stahni/09882/RSIT.rar_299.43KB.html .

jo diky slo to z toho odkazu tady je log. Prosim o kontrolu, dneska uz tady nebudu mam nocni tak necekejte kdyztak na odpovede dekuji moc.

info.txt logfile of random's system information tool 1.06 2010-05-04 21:22:43

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware SE Personal-->MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A93000000001}
Advanced WindowsCare Personal-->"C:\anti\IObit\Advanced WindowsCare V2\unins000.exe"
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x5
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
Bluesoleil2.6.0.8 Release 070517-->MsiExec.exe /X{438BB9B4-65FE-4626-91D9-A8F57B18001D}
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
BS_Player Toolbar-->C:\PROGRA~1\BS_PLA~1\UNWISE.EXE /U C:\PROGRA~1\BS_PLA~1\INSTALL.LOG
Catalyst Control Center - Branding-->MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA}
CCleaner (remove only)-->"C:\anti\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Corel VideoStudio 12-->C:\Program Files\InstallShield Installation Information\{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}\setup.exe -runfromtemp -l0x0409
CyberLink PowerDVD 9.0.2227 - Český překlad-->C:\Program Files\CyberLink\PowerDVD9\odinstalovat_cz.exe
CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
Emergency 3-->"C:\Program Files\Emergency 3\unins000.exe"
EVEREST Ultimate Edition v5.30-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
HijackThis 2.0.2-->"C:\anti\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Mafia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\Cenega Czech\Mafia\Uninstall\setup.exe" -l0x5
Malwarebytes' Anti-Malware-->"C:\anti\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover-->"C:\anti\RogueRemover FREE\unins000.exe"
Microsoft .NET Framework 1.1 Czech Language Pack-->MsiExec.exe /X{5E65E94D-69F2-4850-9E93-6459C53A0F50}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - CSY-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - CSY\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 Czech Language Pack-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 Czech Language Pack\setup.exe
Microsoft .NET Framework 3.0 Czech Language Pack-->MsiExec.exe /X{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mount&Blade Warband-->C:\Program Files\Mount&Blade Warband\uninstall.exe
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 7 Ultra Edition-->MsiExec.exe /I{4F2CE68F-EDBB-4592-BF07-5AC930A51029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc_heroes.exe -u
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RemoveIT Pro v4 - SE-->C:\anti\renove\INCODE~1\REMOVE~1\UNWISE.EXE C:\anti\renove\INCODE~1\REMOVE~1\INSTALL.LOG
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Smart PC Recorder - by freebird-->C:\Program Files\freebird\SmartRecorder\Uninstall.exe
Softarová utilita ATI - Odinstalovat-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Spybot - Search & Destroy-->"C:\anti\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
UltraISO Premium V9.36-->"C:\Program Files\UltraISO\unins000.exe"
Visual C++ 8.0 Runtime Setup Package-->MsiExec.exe /I{EB5F211D-85D5-44C4-BB15-1207C77EF430}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (CSY)-->MsiExec.exe /X{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation CS Language Pack-->MsiExec.exe /I{6EF72FC6-842E-4FE6-BF88-BFBF03C9DA74}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: avast! Antivirus

======System event log======

Computer Name: HOMEMADE-1E0AE2
Event Code: 7036
Message: Stav služby Hostitel zařízení UPnP byl změněn na: Spuštěno

Record Number: 846
Source Name: Service Control Manager
Time Written: 20100401222521.000000+120
Event Type: Informace
User:

Computer Name: HOMEMADE-1E0AE2
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Hostitel zařízení UPnP úspěšně odeslán.

Record Number: 845
Source Name: Service Control Manager
Time Written: 20100401222521.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: HOMEMADE-1E0AE2
Event Code: 4226
Message: Došlo k překročení limitu možného počtu souběžných připojení protokolem TCP.

Record Number: 844
Source Name: Tcpip
Time Written: 20100401111309.000000+120
Event Type: Upozornění
User:

Computer Name: HOMEMADE-1E0AE2
Event Code: 36
Message: Služba Systémový čas nemohla synchronizovat systémový čas
o 49152 sekund, protože žádný ze zprostředkovatelů časových údajů neposkytnul použitelné časové razítko. Systémové hodiny nejsou synchronizovány.

Record Number: 843
Source Name: W32Time
Time Written: 20100401065519.000000+120
Event Type: Upozornění
User:

Computer Name: HOMEMADE-1E0AE2
Event Code: 7036
Message: Stav služby Windows Installer byl změněn na: Zastaveno

Record Number: 842
Source Name: Service Control Manager
Time Written: 20100331172709.000000+120
Event Type: Informace
User:

=====Application event log=====

Computer Name: HOMEMADE-1E0AE2
Event Code: 101
Message: wuauclt (3396) Databázový stroj byl zastaven.

Record Number: 1057
Source Name: ESENT
Time Written: 20100419201005.000000+120
Event Type: Informace
User:

Computer Name: HOMEMADE-1E0AE2
Event Code: 103
Message: wuaueng.dll (3396) SUS20ClientDataStore: Databázový stroj zastavil instanci (0).

Record Number: 1056
Source Name: ESENT
Time Written: 20100419201005.000000+120
Event Type: Informace
User:

Computer Name: HOMEMADE-1E0AE2
Event Code: 102
Message: wuaueng.dll (3396) SUS20ClientDataStore: Databázový stroj spustil novou instanci (0).

Record Number: 1055
Source Name: ESENT
Time Written: 20100419200504.000000+120
Event Type: Informace
User:

Computer Name: HOMEMADE-1E0AE2
Event Code: 100
Message: wuauclt (3396) Databázový stroj 5.01.2600.5512 byl spuštěn.

Record Number: 1054
Source Name: ESENT
Time Written: 20100419200504.000000+120
Event Type: Informace
User:

Computer Name: HOMEMADE-1E0AE2
Event Code: 101
Message: wuauclt (1352) Databázový stroj byl zastaven.

Record Number: 1053
Source Name: ESENT
Time Written: 20100419200451.000000+120
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Ulead Systems\MPEG
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Něco tam bude, vidím minimálně AdWare. Dejte log z HijackThis.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

tak tady je ten log, budu tady odpoledne ted jdu spat po nocni, zatim moc dekuji

ComboFix 10-05-04.04 - Michal Havlík 05.05.2010 6:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.437 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michal Havlík.HOMEMADE-1E0AE2\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-05 do 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-04 19:22 . 2010-05-04 19:22 -------- d-----w- C:\rsit
2010-05-04 19:13 . 2010-05-04 20:42 23072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-04 19:13 . 2010-05-04 20:42 218656 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-04 19:07 . 2010-05-04 19:22 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-05-04 15:37 . 2006-03-02 12:00 57392 -c--a-w- c:\windows\system32\dllcache\wshcs.dll
2010-05-04 15:37 . 2006-03-02 12:00 57392 ----a-w- c:\windows\system32\wshcs.dll
2010-05-04 15:37 . 2006-03-02 12:00 52224 -c--a-w- c:\windows\system32\dllcache\wmerrcsy.dll
2010-05-04 15:37 . 2006-03-02 12:00 52224 ----a-w- c:\windows\system32\wmerrcsy.dll
2010-05-04 15:37 . 2006-03-02 12:00 24626 -c--a-w- c:\windows\system32\dllcache\scrrncs.dll
2010-05-04 15:37 . 2006-03-02 12:00 24626 ----a-w- c:\windows\system32\scrrncs.dll
2010-05-04 15:37 . 2006-03-02 12:00 20528 -c--a-w- c:\windows\system32\dllcache\scocs.dll
2010-05-04 15:37 . 2006-03-02 12:00 20528 ----a-w- c:\windows\system32\scocs.dll
2010-05-04 14:19 . 2010-05-04 14:19 -------- d-----w- C:\VundoFix Backups
2010-05-04 14:16 . 2008-07-30 18:07 38472 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 14:16 . 2008-07-30 18:07 17144 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 14:15 . 2010-05-04 14:15 -------- d-----w- c:\program files\Yahoo!
2010-05-04 14:13 . 2010-05-04 14:19 -------- d-----w- C:\anti
2010-05-04 14:12 . 2010-05-04 14:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-02 21:31 . 2010-05-02 21:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-02 21:31 . 2010-05-02 21:31 -------- d-----w- c:\program files\Lavalys
2010-05-02 20:58 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-02 20:58 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-02 20:58 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-02 20:58 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-02 20:58 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-02 20:58 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-02 20:58 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 20:58 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-02 20:58 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-02 20:58 . 2010-05-02 20:58 -------- d-----w- c:\program files\Alwil Software
2010-05-02 20:54 . 2010-05-02 21:00 -------- d-----w- c:\program files\RegCleaner
2010-05-01 08:57 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-01 08:57 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-01 08:57 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-05-01 08:56 . 2010-05-01 11:01 -------- d-----w- c:\program files\Mount&Blade Warband
2010-04-21 14:24 . 2010-04-21 14:24 -------- d-----w- c:\program files\Cenega Czech
2010-04-19 02:04 . 2010-04-19 02:04 -------- d-----w- c:\program files\PowerISO
2010-04-14 17:06 . 2010-04-14 20:20 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-14 17:06 . 2010-04-14 20:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-14 17:06 . 2010-04-14 17:06 -------- d-----w- c:\program files\OpenAL
2010-04-14 16:16 . 2010-04-18 09:53 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-14 16:16 . 2010-04-18 09:52 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-14 16:16 . 2010-04-14 16:16 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-14 16:09 . 2010-04-14 16:09 -------- d-----w- c:\program files\EA Games
2010-04-11 12:52 . 2010-04-11 12:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-11 12:51 . 2010-04-11 12:51 -------- d-----w- c:\program files\Common Files\Skype
2010-04-11 12:51 . 2010-04-11 12:51 -------- d-----r- c:\program files\Skype
2010-04-05 12:22 . 2008-04-01 19:40 209040 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-04-05 12:22 . 2008-04-01 19:40 196752 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-04-05 12:22 . 2008-04-01 19:40 192656 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-04-05 12:22 . 2008-04-01 19:40 196752 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-04-05 12:22 . 2008-04-01 19:40 204944 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-04-05 12:22 . 2008-04-01 19:40 24720 ----a-w- c:\windows\system32\IVIresize.dll
2010-04-05 12:22 . 2010-04-05 12:22 -------- d-----w- c:\documents and settings\MICHAL~1~HOM\LOCALS~1
2010-04-05 12:22 . 2010-04-05 12:22 -------- d-----w- c:\documents and settings\MICHAL~1~HOM
2010-04-05 12:22 . 2010-04-05 12:22 -------- d-----w- c:\program files\Windows Media Components
2010-04-05 12:21 . 2010-04-05 12:22 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-04-05 12:19 . 2010-04-05 12:21 -------- d-----w- c:\program files\Corel
2010-04-05 12:08 . 2010-04-05 12:12 -------- d-----w- c:\program files\WME DevKit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 20:42 . 2010-05-04 19:13 4004 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-04 20:42 . 2010-05-04 19:13 3236 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-02 21:25 . 2010-03-13 17:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-02 13:26 . 2006-03-02 12:00 82296 ----a-w- c:\windows\system32\perfc005.dat
2010-05-02 13:26 . 2006-03-02 12:00 435648 ----a-w- c:\windows\system32\perfh005.dat
2010-04-26 12:01 . 2010-03-13 17:10 -------- d-----w- c:\program files\Ask.com
2010-04-19 03:18 . 2010-03-13 17:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-05 12:22 . 2010-03-13 16:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 14:44 . 2010-03-13 16:36 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-31 14:44 . 2010-03-13 16:36 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-30 08:38 . 2010-03-20 21:04 -------- d-----w- c:\program files\Emergency 3
2010-03-28 15:52 . 2010-03-28 15:52 -------- d-----w- c:\program files\Microsoft Works
2010-03-28 15:52 . 2010-03-13 17:54 -------- d-----w- c:\program files\MSBuild
2010-03-28 15:51 . 2010-03-28 15:51 -------- d-----w- c:\program files\Microsoft.NET
2010-03-28 15:49 . 2010-03-28 15:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-28 10:37 . 2010-03-28 10:37 -------- d-----w- c:\program files\Conduit
2010-03-28 10:37 . 2010-03-28 10:37 -------- d-----w- c:\program files\BS_Player
2010-03-28 10:37 . 2010-03-28 10:37 -------- d-----w- c:\program files\Webteh
2010-03-17 13:25 . 2010-03-17 13:25 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-03-16 17:19 . 2010-03-13 16:37 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-03-14 17:21 . 2010-03-14 17:21 -------- d-----w- c:\program files\freebird
2010-03-14 13:45 . 2010-03-14 13:45 -------- d-----w- c:\program files\Empire Interactive
2010-03-14 11:11 . 2003-02-21 03:42 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-14 11:11 . 2003-03-18 19:14 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-14 11:10 . 2010-03-14 10:59 -------- d-----w- c:\program files\CyberLink
2010-03-14 10:56 . 2010-03-14 09:44 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-14 09:44 . 2010-03-14 09:44 -------- d-----w- c:\program files\Common Files\CyberLink
2010-03-14 09:27 . 2010-03-14 09:12 112835 ----a-w- c:\windows\hpoins07.dat
2010-03-14 09:24 . 2010-03-14 09:24 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-14 09:24 . 2010-03-14 09:23 -------- d-----w- c:\program files\Common Files\HP
2010-03-14 09:21 . 2010-03-14 09:21 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-14 09:21 . 2010-03-14 09:13 -------- d-----w- c:\program files\HP
2010-03-14 09:18 . 2010-03-14 09:18 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-14 08:59 . 2010-03-14 08:58 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-14 08:58 . 2010-03-14 08:58 -------- d-----w- c:\program files\Nero
2010-03-13 18:15 . 2010-03-13 18:15 -------- d-----w- c:\program files\1C Company
2010-03-13 18:02 . 2010-03-13 18:02 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-03-13 18:02 . 2010-03-13 18:02 737280 ----a-w- c:\windows\iun6002.exe
2010-03-13 18:00 . 2010-03-13 18:00 -------- d-----w- c:\program files\IVT Corporation
2010-03-13 17:48 . 2010-03-13 17:48 -------- d-----w- c:\program files\Reference Assemblies
2010-03-13 17:38 . 2010-03-13 17:10 -------- d-----w- c:\program files\uTorrent
2010-03-13 17:31 . 2010-03-13 17:31 -------- d-----w- c:\program files\UltraISO
2010-03-13 17:31 . 2010-03-13 17:31 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-03-13 17:22 . 2010-03-13 17:22 -------- d-----w- c:\program files\IObit
2010-03-13 17:06 . 2010-03-13 17:06 -------- d-----w- c:\program files\NOS
2010-03-13 16:58 . 2010-03-13 16:58 -------- d-----w- c:\program files\QIP
2010-03-13 16:55 . 2010-03-13 16:55 0 ----a-w- c:\windows\nsreg.dat
2010-03-13 16:51 . 2010-03-13 16:51 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-13 16:50 . 2010-03-13 16:50 -------- d-----w- c:\program files\AMD
2010-03-13 16:50 . 2010-03-13 16:48 -------- d-----w- c:\program files\ATI Technologies
2010-03-13 16:49 . 2010-03-13 16:49 -------- d-----w- c:\program files\Realtek Sound Manager
2010-03-13 16:49 . 2010-03-13 16:49 -------- d-----w- c:\program files\AvRack
2010-03-13 16:48 . 2010-03-13 16:45 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-13 16:38 . 2010-03-13 16:38 -------- d-----w- c:\program files\microsoft frontpage
2010-03-13 16:34 . 2010-03-13 16:34 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-13 14:32 . 2010-03-13 14:32 -------- d-----w- c:\program files\Java
2010-03-13 14:32 . 2010-03-13 14:32 -------- d-----w- c:\program files\MSXML 4.0
2010-03-13 14:28 . 2010-03-13 14:28 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-11 07:38 . 2010-02-11 07:38 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:17 . 2010-02-11 05:17 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2010-02-11 05:07 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-11 04:46 . 2010-02-11 04:46 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:45 . 2010-02-11 04:45 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-11 04:37 . 2010-02-11 04:37 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-11 04:36 . 2010-02-11 04:36 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2010-02-11 04:35 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2010-02-11 04:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2010-02-11 04:33 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2010-02-11 04:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2010-02-11 04:25 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-11 04:23 . 2010-02-11 04:23 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-11 04:21 . 2010-02-11 04:21 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-11 04:19 . 2010-02-11 04:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-11 04:12 . 2010-02-11 04:12 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-11 04:12 . 2010-02-11 04:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-11 03:59 . 2010-02-11 03:59 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-11 03:55 . 2010-02-11 03:55 475136 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-11 03:54 . 2010-02-11 03:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-11 03:53 . 2010-02-11 03:53 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-11 03:47 . 2010-02-11 03:47 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2010-02-10 20:20 . 2010-03-13 16:49 593920 ------w- c:\windows\system32\ati2sgag.exe
2008-04-14 06:51 . 2006-03-02 12:00 164975 --sha-r- c:\windows\system32\czxuld.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\BS_Player\tbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\anti\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41 294912 ----a-w- c:\anti\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7779:TCP"= 7779:TCP:kweznby

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.5.2010 22:58 162768]
R1 SASDIFSV;SASDIFSV;c:\anti\SUPERAntiSpyware\sasdifsv.sys [28.5.2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\anti\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 55024]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/14 12:10];c:\program files\CyberLink\PowerDVD9\000.fcl [1.9.2009 17:59 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.5.2010 22:58 19024]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S2 wnjjyga;Microsoft Task;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 14:00 14336]
S3 SASENUM;SASENUM;c:\anti\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 7408]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
wnjjyga
.
Obsah adresáře 'Naplánované úlohy'

2010-05-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 14:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michal Havlík.HOMEMADE-1E0AE2\Data aplikací\Mozilla\Firefox\Profiles\74d5rafi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_heroes.exe
AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 06:57
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wnjjyga]
"ServiceDll"="c:\windows\system32\czxuld.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\anti\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-05-05 06:58:37
ComboFix-quarantined-files.txt 2010-05-05 04:58

Před spuštěním: Volných bajtů: 43 616 141 312
Po spuštění: Volných bajtů: 43 731 877 888

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E958951BE53F0B5983093BAEA03DF0E2

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\Ask.com

Collect::
c:\windows\system32\czxuld.dll

Driver::
wnjjyga

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 10-05-04.04 - Michal Havlík 05.05.2010 20:22:22.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.632 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michal Havlík.HOMEMADE-1E0AE2\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal Havlík.HOMEMADE-1E0AE2\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\system32\czxuld.dll
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\system32\czxuld.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WNJJYGA
-------\Service_wnjjyga


((((((((((((((((((((((((( Soubory vytvořené od 2010-04-05 do 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-05 18:16 . 2008-10-21 15:58 6569984 ----a-w- c:\windows\system32\toolkitpro1202vc80.dll
2010-05-05 18:16 . 2010-05-05 18:16 -------- d-----w- c:\program files\Extensions for Windows
2010-05-04 19:22 . 2010-05-04 19:22 -------- d-----w- C:\rsit
2010-05-04 19:13 . 2010-05-04 20:42 23072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-04 19:13 . 2010-05-04 20:42 218656 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-04 19:07 . 2010-05-04 19:22 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-05-04 15:37 . 2006-03-02 12:00 57392 -c--a-w- c:\windows\system32\dllcache\wshcs.dll
2010-05-04 15:37 . 2006-03-02 12:00 57392 ----a-w- c:\windows\system32\wshcs.dll
2010-05-04 15:37 . 2006-03-02 12:00 52224 -c--a-w- c:\windows\system32\dllcache\wmerrcsy.dll
2010-05-04 15:37 . 2006-03-02 12:00 52224 ----a-w- c:\windows\system32\wmerrcsy.dll
2010-05-04 15:37 . 2006-03-02 12:00 24626 -c--a-w- c:\windows\system32\dllcache\scrrncs.dll
2010-05-04 15:37 . 2006-03-02 12:00 24626 ----a-w- c:\windows\system32\scrrncs.dll
2010-05-04 15:37 . 2006-03-02 12:00 20528 -c--a-w- c:\windows\system32\dllcache\scocs.dll
2010-05-04 15:37 . 2006-03-02 12:00 20528 ----a-w- c:\windows\system32\scocs.dll
2010-05-04 14:19 . 2010-05-04 14:19 -------- d-----w- C:\VundoFix Backups
2010-05-04 14:16 . 2008-07-30 18:07 38472 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 14:16 . 2008-07-30 18:07 17144 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 14:15 . 2010-05-04 14:15 -------- d-----w- c:\program files\Yahoo!
2010-05-04 14:13 . 2010-05-04 14:19 -------- d-----w- C:\anti
2010-05-04 14:12 . 2010-05-04 14:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-02 21:31 . 2010-05-02 21:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-02 21:31 . 2010-05-02 21:31 -------- d-----w- c:\program files\Lavalys
2010-05-02 20:58 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-02 20:58 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-02 20:58 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-02 20:58 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-02 20:58 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-02 20:58 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-02 20:58 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 20:58 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-02 20:58 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-02 20:58 . 2010-05-02 20:58 -------- d-----w- c:\program files\Alwil Software
2010-05-02 20:54 . 2010-05-02 21:00 -------- d-----w- c:\program files\RegCleaner
2010-05-01 08:57 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-01 08:57 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-01 08:57 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-05-01 08:56 . 2010-05-01 11:01 -------- d-----w- c:\program files\Mount&Blade Warband
2010-04-21 14:24 . 2010-04-21 14:24 -------- d-----w- c:\program files\Cenega Czech
2010-04-19 02:04 . 2010-04-19 02:04 -------- d-----w- c:\program files\PowerISO
2010-04-14 17:06 . 2010-04-14 20:20 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-14 17:06 . 2010-04-14 20:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-14 17:06 . 2010-04-14 17:06 -------- d-----w- c:\program files\OpenAL
2010-04-14 16:16 . 2010-04-18 09:53 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-14 16:16 . 2010-04-18 09:52 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-14 16:16 . 2010-04-14 16:16 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-14 16:09 . 2010-04-14 16:09 -------- d-----w- c:\program files\EA Games
2010-04-11 12:52 . 2010-04-11 12:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-11 12:51 . 2010-04-11 12:51 -------- d-----w- c:\program files\Common Files\Skype
2010-04-11 12:51 . 2010-04-11 12:51 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 20:42 . 2010-05-04 19:13 4004 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-04 20:42 . 2010-05-04 19:13 3236 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-02 21:25 . 2010-03-13 17:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-02 13:26 . 2006-03-02 12:00 82296 ----a-w- c:\windows\system32\perfc005.dat
2010-05-02 13:26 . 2006-03-02 12:00 435648 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 03:18 . 2010-03-13 17:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-05 12:22 . 2010-03-13 16:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 12:22 . 2010-04-05 12:22 -------- d-----w- c:\program files\Windows Media Components
2010-04-05 12:22 . 2010-04-05 12:21 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-04-05 12:21 . 2010-04-05 12:19 -------- d-----w- c:\program files\Corel
2010-04-05 12:12 . 2010-04-05 12:08 -------- d-----w- c:\program files\WME DevKit
2010-03-31 14:44 . 2010-03-13 16:36 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-31 14:44 . 2010-03-13 16:36 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-30 08:38 . 2010-03-20 21:04 -------- d-----w- c:\program files\Emergency 3
2010-03-28 15:52 . 2010-03-28 15:52 -------- d-----w- c:\program files\Microsoft Works
2010-03-28 15:52 . 2010-03-13 17:54 -------- d-----w- c:\program files\MSBuild
2010-03-28 15:51 . 2010-03-28 15:51 -------- d-----w- c:\program files\Microsoft.NET
2010-03-28 15:49 . 2010-03-28 15:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-28 10:37 . 2010-03-28 10:37 -------- d-----w- c:\program files\Conduit
2010-03-28 10:37 . 2010-03-28 10:37 -------- d-----w- c:\program files\BS_Player
2010-03-28 10:37 . 2010-03-28 10:37 -------- d-----w- c:\program files\Webteh
2010-03-17 13:25 . 2010-03-17 13:25 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-03-16 17:19 . 2010-03-13 16:37 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-03-14 17:21 . 2010-03-14 17:21 -------- d-----w- c:\program files\freebird
2010-03-14 13:45 . 2010-03-14 13:45 -------- d-----w- c:\program files\Empire Interactive
2010-03-14 11:11 . 2003-02-21 03:42 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-14 11:11 . 2003-03-18 19:14 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-14 11:10 . 2010-03-14 10:59 -------- d-----w- c:\program files\CyberLink
2010-03-14 10:56 . 2010-03-14 09:44 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-14 09:44 . 2010-03-14 09:44 -------- d-----w- c:\program files\Common Files\CyberLink
2010-03-14 09:27 . 2010-03-14 09:12 112835 ----a-w- c:\windows\hpoins07.dat
2010-03-14 09:24 . 2010-03-14 09:24 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-14 09:24 . 2010-03-14 09:23 -------- d-----w- c:\program files\Common Files\HP
2010-03-14 09:21 . 2010-03-14 09:21 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-14 09:21 . 2010-03-14 09:13 -------- d-----w- c:\program files\HP
2010-03-14 09:18 . 2010-03-14 09:18 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-14 08:59 . 2010-03-14 08:58 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-14 08:58 . 2010-03-14 08:58 -------- d-----w- c:\program files\Nero
2010-03-13 18:15 . 2010-03-13 18:15 -------- d-----w- c:\program files\1C Company
2010-03-13 18:02 . 2010-03-13 18:02 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-03-13 18:02 . 2010-03-13 18:02 737280 ----a-w- c:\windows\iun6002.exe
2010-03-13 18:00 . 2010-03-13 18:00 -------- d-----w- c:\program files\IVT Corporation
2010-03-13 17:48 . 2010-03-13 17:48 -------- d-----w- c:\program files\Reference Assemblies
2010-03-13 17:38 . 2010-03-13 17:10 -------- d-----w- c:\program files\uTorrent
2010-03-13 17:31 . 2010-03-13 17:31 -------- d-----w- c:\program files\UltraISO
2010-03-13 17:31 . 2010-03-13 17:31 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-03-13 17:22 . 2010-03-13 17:22 -------- d-----w- c:\program files\IObit
2010-03-13 17:06 . 2010-03-13 17:06 -------- d-----w- c:\program files\NOS
2010-03-13 16:58 . 2010-03-13 16:58 -------- d-----w- c:\program files\QIP
2010-03-13 16:55 . 2010-03-13 16:55 0 ----a-w- c:\windows\nsreg.dat
2010-03-13 16:51 . 2010-03-13 16:51 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-13 16:50 . 2010-03-13 16:50 -------- d-----w- c:\program files\AMD
2010-03-13 16:50 . 2010-03-13 16:48 -------- d-----w- c:\program files\ATI Technologies
2010-03-13 16:49 . 2010-03-13 16:49 -------- d-----w- c:\program files\Realtek Sound Manager
2010-03-13 16:49 . 2010-03-13 16:49 -------- d-----w- c:\program files\AvRack
2010-03-13 16:48 . 2010-03-13 16:45 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-13 16:38 . 2010-03-13 16:38 -------- d-----w- c:\program files\microsoft frontpage
2010-03-13 16:34 . 2010-03-13 16:34 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-13 14:32 . 2010-03-13 14:32 -------- d-----w- c:\program files\Java
2010-03-13 14:32 . 2010-03-13 14:32 -------- d-----w- c:\program files\MSXML 4.0
2010-03-13 14:28 . 2010-03-13 14:28 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-11 07:38 . 2010-02-11 07:38 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:17 . 2010-02-11 05:17 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2010-02-11 05:07 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-11 04:46 . 2010-02-11 04:46 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:45 . 2010-02-11 04:45 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-11 04:37 . 2010-02-11 04:37 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-11 04:36 . 2010-02-11 04:36 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2010-02-11 04:35 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2010-02-11 04:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2010-02-11 04:33 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2010-02-11 04:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2010-02-11 04:25 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-11 04:23 . 2010-02-11 04:23 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-11 04:21 . 2010-02-11 04:21 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-11 04:19 . 2010-02-11 04:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-11 04:12 . 2010-02-11 04:12 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-11 04:12 . 2010-02-11 04:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-11 03:59 . 2010-02-11 03:59 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-11 03:55 . 2010-02-11 03:55 475136 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-11 03:54 . 2010-02-11 03:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-11 03:53 . 2010-02-11 03:53 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-11 03:47 . 2010-02-11 03:47 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2010-02-10 20:20 . 2010-03-13 16:49 593920 ------w- c:\windows\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-05_04.57.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-05 18:16 . 2010-05-05 18:16 146432 c:\windows\Installer\576a20.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\BS_Player\tbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\anti\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41 294912 ----a-w- c:\anti\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7779:TCP"= 7779:TCP:kweznby

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.5.2010 22:58 162768]
R1 SASDIFSV;SASDIFSV;c:\anti\SUPERAntiSpyware\sasdifsv.sys [28.5.2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\anti\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 55024]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/14 12:10];c:\program files\CyberLink\PowerDVD9\000.fcl [1.9.2009 17:59 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.5.2010 22:58 19024]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 SASENUM;SASENUM;c:\anti\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 7408]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michal Havlík.HOMEMADE-1E0AE2\Data aplikací\Mozilla\Firefox\Profiles\74d5rafi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 20:28
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\anti\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1008)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\nvidia\NetworkAccessManager\bin\nSvcIp.exe
c:\nvidia\NetworkAccessManager\bin\nSvcLog.exe
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-05-05 20:31:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-05 18:31
ComboFix2.txt 2010-05-05 04:58

Před spuštěním: Volných bajtů: 38 963 318 784
Po spuštění: Volných bajtů: 38 839 697 408

- - End Of File - - 9156A39079940FDB504CAF74C2A1C332

Ještě jednou spusťte CF tímto skriptem:

Registry::
[-HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

ComboFix 10-05-04.04 - Michal Havlík 05.05.2010 20:43:30.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.639 [GMT 2:00]
Spuštěný z: c:\documents and settings\Michal Havlík.HOMEMADE-1E0AE2\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Michal Havlík.HOMEMADE-1E0AE2\Plocha\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-05 do 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-05 18:29 . 2010-05-05 18:29 -------- d-----w- c:\windows\LastGood
2010-05-05 18:16 . 2008-10-21 15:58 6569984 ----a-w- c:\windows\system32\toolkitpro1202vc80.dll
2010-05-05 18:16 . 2010-05-05 18:16 -------- d-----w- c:\program files\Extensions for Windows
2010-05-04 19:22 . 2010-05-04 19:22 -------- d-----w- C:\rsit
2010-05-04 19:13 . 2010-05-04 20:42 23072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-04 19:13 . 2010-05-04 20:42 218656 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-04 19:07 . 2010-05-04 19:22 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-05-04 15:37 . 2006-03-02 12:00 57392 -c--a-w- c:\windows\system32\dllcache\wshcs.dll
2010-05-04 15:37 . 2006-03-02 12:00 57392 ----a-w- c:\windows\system32\wshcs.dll
2010-05-04 15:37 . 2006-03-02 12:00 52224 -c--a-w- c:\windows\system32\dllcache\wmerrcsy.dll
2010-05-04 15:37 . 2006-03-02 12:00 52224 ----a-w- c:\windows\system32\wmerrcsy.dll
2010-05-04 15:37 . 2006-03-02 12:00 24626 -c--a-w- c:\windows\system32\dllcache\scrrncs.dll
2010-05-04 15:37 . 2006-03-02 12:00 24626 ----a-w- c:\windows\system32\scrrncs.dll
2010-05-04 15:37 . 2006-03-02 12:00 20528 -c--a-w- c:\windows\system32\dllcache\scocs.dll
2010-05-04 15:37 . 2006-03-02 12:00 20528 ----a-w- c:\windows\system32\scocs.dll
2010-05-04 14:19 . 2010-05-04 14:19 -------- d-----w- C:\VundoFix Backups
2010-05-04 14:16 . 2008-07-30 18:07 38472 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 14:16 . 2008-07-30 18:07 17144 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 14:15 . 2010-05-04 14:15 -------- d-----w- c:\program files\Yahoo!
2010-05-04 14:13 . 2010-05-04 14:19 -------- d-----w- C:\anti
2010-05-04 14:12 . 2010-05-04 14:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-02 21:31 . 2010-05-02 21:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-02 21:31 . 2010-05-02 21:31 -------- d-----w- c:\program files\Lavalys
2010-05-02 20:58 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-02 20:58 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-02 20:58 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-02 20:58 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-02 20:58 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-02 20:58 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-02 20:58 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-02 20:58 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-02 20:58 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-02 20:58 . 2010-05-02 20:58 -------- d-----w- c:\program files\Alwil Software
2010-05-02 20:54 . 2010-05-02 21:00 -------- d-----w- c:\program files\RegCleaner
2010-05-01 08:57 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-05-01 08:57 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-01 08:57 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-05-01 08:56 . 2010-05-01 11:01 -------- d-----w- c:\program files\Mount&Blade Warband
2010-04-21 14:24 . 2010-04-21 14:24 -------- d-----w- c:\program files\Cenega Czech
2010-04-19 02:04 . 2010-04-19 02:04 -------- d-----w- c:\program files\PowerISO
2010-04-14 17:06 . 2010-04-14 20:20 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-14 17:06 . 2010-04-14 20:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-14 17:06 . 2010-04-14 17:06 -------- d-----w- c:\program files\OpenAL
2010-04-14 16:16 . 2010-04-18 09:53 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-14 16:16 . 2010-04-18 09:52 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-14 16:16 . 2010-04-14 16:16 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-04-14 16:09 . 2010-04-14 16:09 -------- d-----w- c:\program files\EA Games
2010-04-11 12:52 . 2010-04-11 12:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-11 12:51 . 2010-04-11 12:51 -------- d-----w- c:\program files\Common Files\Skype
2010-04-11 12:51 . 2010-04-11 12:51 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 20:42 . 2010-05-04 19:13 4004 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-04 20:42 . 2010-05-04 19:13 3236 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-02 21:25 . 2010-03-13 17:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-02 13:26 . 2006-03-02 12:00 82296 ----a-w- c:\windows\system32\perfc005.dat
2010-05-02 13:26 . 2006-03-02 12:00 435648 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 03:18 . 2010-03-13 17:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-05 12:22 . 2010-03-13 16:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 12:22 . 2010-04-05 12:22 -------- d-----w- c:\program files\Windows Media Components
2010-04-05 12:22 . 2010-04-05 12:21 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-04-05 12:21 . 2010-04-05 12:19 -------- d-----w- c:\program files\Corel
2010-04-05 12:12 . 2010-04-05 12:08 -------- d-----w- c:\program files\WME DevKit
2010-03-31 14:44 . 2010-03-13 16:36 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-31 14:44 . 2010-03-13 16:36 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-30 08:38 . 2010-03-20 21:04 -------- d-----w- c:\program files\Emergency 3
2010-03-28 15:52 . 2010-03-28 15:52 -------- d-----w- c:\program files\Microsoft Works
2010-03-28 15:52 . 2010-03-13 17:54 -------- d-----w- c:\program files\MSBuild
2010-03-28 15:51 . 2010-03-28 15:51 -------- d-----w- c:\program files\Microsoft.NET
2010-03-28 15:49 . 2010-03-28 15:49 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-28 10:37 . 2010-03-28 10:37 -------- d-----w- c:\program files\Conduit
2010-03-28 10:37 . 2010-03-28 10:37 -------- d-----w- c:\program files\BS_Player
2010-03-28 10:37 . 2010-03-28 10:37 -------- d-----w- c:\program files\Webteh
2010-03-17 13:25 . 2010-03-17 13:25 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2010-03-16 17:19 . 2010-03-13 16:37 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-03-14 17:21 . 2010-03-14 17:21 -------- d-----w- c:\program files\freebird
2010-03-14 13:45 . 2010-03-14 13:45 -------- d-----w- c:\program files\Empire Interactive
2010-03-14 11:11 . 2003-02-21 03:42 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-14 11:11 . 2003-03-18 19:14 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-14 11:10 . 2010-03-14 10:59 -------- d-----w- c:\program files\CyberLink
2010-03-14 10:56 . 2010-03-14 09:44 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-14 09:44 . 2010-03-14 09:44 -------- d-----w- c:\program files\Common Files\CyberLink
2010-03-14 09:27 . 2010-03-14 09:12 112835 ----a-w- c:\windows\hpoins07.dat
2010-03-14 09:24 . 2010-03-14 09:24 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-14 09:24 . 2010-03-14 09:23 -------- d-----w- c:\program files\Common Files\HP
2010-03-14 09:21 . 2010-03-14 09:21 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-14 09:21 . 2010-03-14 09:13 -------- d-----w- c:\program files\HP
2010-03-14 09:18 . 2010-03-14 09:18 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-03-14 08:59 . 2010-03-14 08:58 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-14 08:58 . 2010-03-14 08:58 -------- d-----w- c:\program files\Nero
2010-03-13 18:15 . 2010-03-13 18:15 -------- d-----w- c:\program files\1C Company
2010-03-13 18:02 . 2010-03-13 18:02 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-03-13 18:02 . 2010-03-13 18:02 737280 ----a-w- c:\windows\iun6002.exe
2010-03-13 18:00 . 2010-03-13 18:00 -------- d-----w- c:\program files\IVT Corporation
2010-03-13 17:48 . 2010-03-13 17:48 -------- d-----w- c:\program files\Reference Assemblies
2010-03-13 17:38 . 2010-03-13 17:10 -------- d-----w- c:\program files\uTorrent
2010-03-13 17:31 . 2010-03-13 17:31 -------- d-----w- c:\program files\UltraISO
2010-03-13 17:31 . 2010-03-13 17:31 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-03-13 17:22 . 2010-03-13 17:22 -------- d-----w- c:\program files\IObit
2010-03-13 17:06 . 2010-03-13 17:06 -------- d-----w- c:\program files\NOS
2010-03-13 16:58 . 2010-03-13 16:58 -------- d-----w- c:\program files\QIP
2010-03-13 16:55 . 2010-03-13 16:55 0 ----a-w- c:\windows\nsreg.dat
2010-03-13 16:51 . 2010-03-13 16:51 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-13 16:50 . 2010-03-13 16:50 -------- d-----w- c:\program files\AMD
2010-03-13 16:50 . 2010-03-13 16:48 -------- d-----w- c:\program files\ATI Technologies
2010-03-13 16:49 . 2010-03-13 16:49 -------- d-----w- c:\program files\Realtek Sound Manager
2010-03-13 16:49 . 2010-03-13 16:49 -------- d-----w- c:\program files\AvRack
2010-03-13 16:48 . 2010-03-13 16:45 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-13 16:38 . 2010-03-13 16:38 -------- d-----w- c:\program files\microsoft frontpage
2010-03-13 16:34 . 2010-03-13 16:34 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-13 14:32 . 2010-03-13 14:32 -------- d-----w- c:\program files\Java
2010-03-13 14:32 . 2010-03-13 14:32 -------- d-----w- c:\program files\MSXML 4.0
2010-03-13 14:28 . 2010-03-13 14:28 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-11 07:38 . 2010-02-11 07:38 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:17 . 2010-02-11 05:17 11845632 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2010-02-11 05:07 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-11 04:46 . 2010-02-11 04:46 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:45 . 2010-02-11 04:45 325120 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-11 04:37 . 2010-02-11 04:37 290816 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-11 04:36 . 2010-02-11 04:36 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2010-02-11 04:35 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2010-02-11 04:35 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2010-02-11 04:35 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2010-02-11 04:33 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2010-02-11 04:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2010-02-11 04:25 3818144 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-11 04:23 . 2010-02-11 04:23 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-11 04:21 . 2010-02-11 04:21 3227648 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-11 04:19 . 2010-02-11 04:19 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-11 04:12 . 2010-02-11 04:12 2670592 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-11 04:12 . 2010-02-11 04:12 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12 3107788 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-11 03:59 . 2010-02-11 03:59 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-11 03:55 . 2010-02-11 03:55 475136 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-11 03:54 . 2010-02-11 03:54 126976 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-11 03:53 . 2010-02-11 03:53 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-11 03:47 . 2010-02-11 03:47 626688 ----a-w- c:\windows\system32\ati2cqag.dll
2010-02-10 20:20 . 2010-03-13 16:49 593920 ------w- c:\windows\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-05_04.57.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 17:24 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2010-03-13 16:35 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-05-05 18:29 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2010-03-13 16:35 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-03-02 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2006-03-02 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2010-05-05 18:29 . 2008-04-14 06:52 32256 c:\windows\LastGood\system32\wups.dll
+ 2010-05-05 18:29 . 2008-04-14 06:51 66560 c:\windows\LastGood\system32\cdm.dll
+ 2010-03-13 16:35 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2010-03-13 16:35 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2010-03-13 16:35 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2010-03-13 16:35 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2010-03-13 16:35 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2010-03-13 16:35 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-05-05 18:29 . 2008-04-14 06:52 120320 c:\windows\LastGood\system32\wuweb.dll
+ 2010-05-05 18:29 . 2008-04-14 06:52 112640 c:\windows\LastGood\system32\wucltui.dll
+ 2010-05-05 18:29 . 2008-04-14 06:52 111104 c:\windows\LastGood\system32\wuauclt.exe
+ 2010-05-05 18:29 . 2008-04-14 06:52 431104 c:\windows\LastGood\system32\wuapi.dll
+ 2010-05-05 18:16 . 2010-05-05 18:16 146432 c:\windows\Installer\576a20.msi
+ 2010-03-13 16:35 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2010-03-13 16:35 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-05-05 18:29 . 2008-04-14 06:52 1135616 c:\windows\LastGood\system32\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\BS_Player\tbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\anti\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41 294912 ----a-w- c:\anti\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.5.2010 22:58 162768]
R1 SASDIFSV;SASDIFSV;c:\anti\SUPERAntiSpyware\sasdifsv.sys [28.5.2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\anti\SUPERAntiSpyware\SASKUTIL.SYS [28.5.2008 10:33 55024]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/14 12:10];c:\program files\CyberLink\PowerDVD9\000.fcl [1.9.2009 17:59 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.5.2010 22:58 19024]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [?]
S3 SASENUM;SASENUM;c:\anti\SUPERAntiSpyware\SASENUM.SYS [28.5.2008 10:33 7408]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys --> c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michal Havlík.HOMEMADE-1E0AE2\Data aplikací\Mozilla\Firefox\Profiles\74d5rafi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 20:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\anti\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3096)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-05-05 20:48:47
ComboFix-quarantined-files.txt 2010-05-05 18:48
ComboFix2.txt 2010-05-05 18:31
ComboFix3.txt 2010-05-05 04:58

Před spuštěním: Volných bajtů: 38 819 110 912
Po spuštění: Volných bajtů: 38 811 697 152

- - End Of File - - 714C93F9F7A592BE7B02F4C83E4FBB63

Log již vypadá čistý. Nastala nějaká změna?

Jo nastala. Mam celej den pustene pc a kdyz jsem prisel po nocni z prace nikdy nesel zvuk ale dneska uz jo diky moc za pomoc.

Nemáte zač!