pls. o kontrolu logu. Děkuji

[vorryy]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jirka at 2010-10-02 00:07:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (27%) free of 30 GB
Total RAM: 3071 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:07:07, on 2.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\AeroSnap\AeroSnap.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\ZyXEL\NWD-270N\Service\RalinkRegistryWriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\instalační programy\bezpečnost\RSIT.exe
C:\Program Files\trend micro\Jirka.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.drivermax.com/driver/auto_dr ... /index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe
O4 - HKCU\..\Run: [AeroSnap] C:\Program Files\AeroSnap\AeroSnap.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: humyo.com - humyo.com Ltd. - C:\Program Files\humyo SmartDrive\hrfscore.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\ZyXEL\NWD-270N\Service\RalinkRegistryWriter.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 8790 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}]
Browsing Protection Class - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll [2010-09-07 544440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{265EEE8E-3228-44D3-AEA5-F7FDF5860049} - Browsing Protection Toolbar - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll [2010-09-07 544440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2009-07-09 199264]
"F-Secure TNB"=C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [2009-07-09 2349664]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-10-23 906648]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 40448]
"speedfan"=C:\Program Files\SpeedFan\speedfan.exe [2008-08-19 3562496]
"AeroSnap"=C:\Program Files\AeroSnap\AeroSnap.exe [2008-12-06 886784]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe

C:\Documents and Settings\Jirka\Nabídka Start\Programy\Po spuštění
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-10-02 00:04:31 ----D---- C:\rsit
2010-10-02 00:04:31 ----D---- C:\Program Files\trend micro
2010-10-02 00:00:02 ----D---- C:\WINDOWS\Minidump
2010-10-01 23:32:23 ----A---- C:\WINDOWS\system32\msvcr80.dll
2010-10-01 23:32:21 ----A---- C:\WINDOWS\system32\msvcp80.dll
2010-10-01 23:32:20 ----A---- C:\WINDOWS\system32\eEmpty.exe
2010-10-01 23:32:18 ----A---- C:\WINDOWS\system32\TASKMGR.COM
2010-10-01 23:32:18 ----A---- C:\WINDOWS\system32\T.COM
2010-10-01 23:32:18 ----A---- C:\WINDOWS\REGEDIT.COM
2010-10-01 23:32:18 ----A---- C:\WINDOWS\R.COM
2010-10-01 23:32:17 ----D---- C:\Program Files\Common Files\MicroWorld
2010-10-01 23:32:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2010-10-01 23:30:11 ----D---- C:\Program Files\Simpli Software
2010-10-01 15:46:56 ----D---- C:\Program Files\ESET
2010-09-29 23:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-09-15 15:38:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2259922$
2010-09-15 15:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2010-09-15 15:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2010-09-15 15:37:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2121546$
2010-09-15 15:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB982802$
2010-09-15 15:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2010-09-15 15:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2141007$
2010-09-03 21:42:59 ----D---- C:\Program Files\MozyHome

======List of files/folders modified in the last 1 months======

2010-10-02 00:05:10 ----D---- C:\WINDOWS\Prefetch
2010-10-02 00:04:32 ----D---- C:\WINDOWS\system32
2010-10-02 00:04:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-10-02 00:04:31 ----RD---- C:\Program Files
2010-10-02 00:00:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-02 00:00:32 ----D---- C:\WINDOWS\Temp
2010-10-02 00:00:10 ----D---- C:\Program Files\SpeedFan
2010-10-02 00:00:02 ----D---- C:\WINDOWS
2010-10-01 23:32:17 ----D---- C:\Program Files\Common Files
2010-10-01 23:29:53 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-01 23:29:42 ----D---- C:\Program Files\Common Files\InstallShield
2010-10-01 23:27:06 ----A---- C:\WINDOWS\wincmd.ini
2010-10-01 23:25:14 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Vso
2010-10-01 23:12:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\RFA_Backups
2010-10-01 23:02:20 ----SHD---- C:\WINDOWS\Installer
2010-10-01 23:02:20 ----SHD---- C:\Config.Msi
2010-10-01 22:47:38 ----D---- C:\WINDOWS\Debug
2010-10-01 22:39:04 ----D---- C:\WINDOWS\SHELLNEW
2010-10-01 22:14:44 ----D---- C:\Documents and Settings\Jirka\Data aplikací\AIMP
2010-10-01 08:02:05 ----D---- C:\Documents and Settings\Jirka\Data aplikací\skypePM
2010-10-01 06:02:11 ----D---- C:\Documents and Settings\Jirka\Data aplikací\Skype
2010-09-30 22:04:43 ----D---- C:\Program Files\Microsoft Silverlight
2010-09-30 22:04:01 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-09-30 21:51:52 ----D---- C:\WINDOWS\Microsoft.NET
2010-09-30 21:51:50 ----RSD---- C:\WINDOWS\assembly
2010-09-30 21:19:44 ----D---- C:\Documents and Settings\Jirka\Data aplikací\KeePass
2010-09-30 20:29:46 ----D---- C:\WINDOWS\WinSxS
2010-09-29 23:23:33 ----HD---- C:\WINDOWS\inf
2010-09-28 22:06:51 ----SD---- C:\Documents and Settings\Jirka\Data aplikací\Microsoft
2010-09-27 22:03:04 ----D---- C:\Documents and Settings\Jirka\Data aplikací\uTorrent
2010-09-27 20:44:13 ----D---- C:\Program Files\uTorrent
2010-09-24 13:58:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2010-09-19 20:30:28 ----D---- C:\WINDOWS\repair
2010-09-19 20:30:20 ----D---- C:\WINDOWS\Registration
2010-09-18 20:10:31 ----D---- C:\Program Files\Mozilla Thunderbird
2010-09-18 20:10:29 ----D---- C:\Program Files\Mozilla Firefox
2010-09-16 18:54:47 ----D---- C:\Program Files\KeePass Password Safe 2
2010-09-16 18:30:34 ----D---- C:\Program Files\Opera
2010-09-15 15:38:42 ----HD---- C:\WINDOWS\$hf_mig$
2010-09-15 15:38:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-09-15 15:38:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-09-15 15:31:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-09-03 21:43:04 ----D---- C:\WINDOWS\system32\drivers
2010-09-03 21:43:01 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys []
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 mozyFilter;mozyFilter; C:\WINDOWS\system32\DRIVERS\mozy.sys [2010-08-19 54776]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-12-29 44384]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-04-15 990632]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys []
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-10-22 57800]
R3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-10-22 72520]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-07-20 5795328]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-24 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-12-30 47360]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 aa00pduk;aa00pduk; C:\WINDOWS\system32\drivers\aa00pduk.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-03-27 47272]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GMSIPCI;GMSIPCI; C:\WINDOWS\system32\drivers\GMSIPCI.sys []
S3 hrfsmrx;hrfsmrx; C:\WINDOWS\System32\Drivers\hrfsmrx.sys [2010-07-05 144624]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSICPL;MSICPL; C:\WINDOWS\system32\drivers\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 NTACCESS;NTACCESS; C:\WINDOWS\system32\drivers\NTACCESS.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 rt2870;%Generic.Service.DispName%; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-10-01 637952]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 SetupNTGLM7X;SetupNTGLM7X; C:\WINDOWS\system32\drivers\SetupNTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-10-23 427288]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-14 342624]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [2009-07-09 215648]
R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2009-07-09 186976]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2010-08-19 46904]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2009-04-08 1377536]
R2 RalinkRegistryWriter;Ralink Registry Writer; C:\Program Files\ZyXEL\NWD-270N\Service\RalinkRegistryWriter.exe [2008-05-13 69632]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-23 495832]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-04-30 604488]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [2009-12-29 522848]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [2010-08-23 58024]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-03 30192]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 humyo.com;humyo.com; C:\Program Files\humyo SmartDrive\hrfscore.exe [2010-07-05 3186672]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-04-30 361288]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[stell]

Zdravim
Log vyzera dobre.

[vorryy]

Děkuji. Poslední dobou mi zlobí Pc,že mi nejdou ukončit některé programy,takže musím použít tvrdý restart

[stell]

No to treba hned napisat,nakolko v logu vsetko nevidno.,

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

[vorryy]

tak mi to nějak nejde. vždy mi to dokončí fázi 50 a pak to napíše mažu soubory a pc se restartuje. Po restartu nikde žádný log také neni a program už se nespustí.

[stell]

no preto ze blokne ti to firewall, ,,
sprav to v nudzovom rezime, a pri restarte mackaj znova F-8 a daj do nudzoveho rezimu, a cakaj na log, zajtra sa pozriem na log.

[vorryy]

ok, zkusím ,jinak mám F.Secure a vypínal jsem to dle návodu.

[stell]

ja vidim ze mas F-secure, ale po restarte zapne, a blokne ti log, preto sprav to v nudzovom rezime.

[vorryy]

-01.07 - Jirka 02.10.2010 22:09:56.4.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2697 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Jirka\Plocha\ComboFix.exe
AV: F-Secure Internet Security 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2010 10.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com

Nakažená kopie C:\WINDOWS\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - C:\WINDOWS\NiwradSoft Shell Pack\Backup\midimap.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-02 do 2010-10-02 )))))))))))))))))))))))))))))))
.

2010-10-02 17:12:46 . 2010-10-02 17:12:46 -------- d-sh--w- C:\Documents and Settings\Jirka\IECompatCache
2010-10-02 16:44:44 . 2010-10-02 16:44:44 -------- d---a-w- C:\WINDOWS\VDLL.DLL
2010-10-02 16:44:44 . 2010-10-02 16:44:44 -------- d---a-w- C:\WINDOWS\system32\runouce.exe
2010-10-02 16:44:44 . 2010-10-02 16:44:44 -------- d---a-w- C:\WINDOWS\rundll16.exe
2010-10-02 16:44:44 . 2010-10-02 16:44:44 -------- d---a-w- C:\WINDOWS\RUNDL132.EXE
2010-10-02 16:44:44 . 2010-10-02 16:44:44 -------- d---a-w- C:\WINDOWS\logo1_.exe
2010-10-02 16:44:44 . 2010-10-02 16:44:44 -------- d---a-w- C:\WINDOWS\logo_1.exe
2010-10-01 22:04:31 . 2010-10-01 22:07:06 -------- d-----w- C:\Program Files\trend micro
2010-10-01 22:04:31 . 2010-10-01 22:04:56 -------- d-----w- C:\rsit
2010-10-01 21:32:23 . 2010-10-01 21:32:22 632064 ----a-w- C:\WINDOWS\system32\msvcr80.dll
2010-10-01 21:32:21 . 2010-10-01 21:32:20 554240 ----a-w- C:\WINDOWS\system32\msvcp80.dll
2010-10-01 21:32:20 . 2010-10-01 21:32:19 34048 ----a-w- C:\WINDOWS\system32\eEmpty.exe
2010-10-01 21:32:18 . 2008-04-14 06:52:50 185344 ----a-w- C:\WINDOWS\system32\T.COM
2010-10-01 21:32:18 . 2008-04-14 06:52:44 277504 ----a-w- C:\WINDOWS\R.COM
2010-10-01 21:32:17 . 2010-10-01 21:32:17 -------- d-----w- C:\Program Files\Common Files\MicroWorld
2010-10-01 21:30:11 . 2010-10-01 21:30:11 -------- d-----w- C:\Program Files\Simpli Software
2010-10-01 13:46:56 . 2010-10-01 13:46:56 -------- d-----w- C:\Program Files\ESET
2010-09-03 19:43:01 . 2010-08-19 06:46:34 54776 ----a-w- C:\WINDOWS\system32\drivers\mozy.sys
2010-09-03 19:42:59 . 2010-09-03 19:43:00 -------- d-----w- C:\Program Files\MozyHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 20:15:16 . 2009-12-29 12:15:11 -------- d-----w- C:\Program Files\SpeedFan
2010-10-02 20:12:52 . 2006-03-02 12:00:00 81094 ----a-w- C:\WINDOWS\system32\perfc005.dat
2010-10-02 20:12:52 . 2006-03-02 12:00:00 435872 ----a-w- C:\WINDOWS\system32\perfh005.dat
2010-10-01 21:29:53 . 2010-02-04 07:04:07 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-10-01 21:29:42 . 2009-12-28 23:55:39 -------- d-----w- C:\Program Files\Common Files\InstallShield
2010-09-30 20:04:43 . 2010-02-15 22:33:09 -------- d-----w- C:\Program Files\Microsoft Silverlight
2010-09-27 18:44:13 . 2009-12-29 19:00:12 -------- d-----w- C:\Program Files\uTorrent
2010-09-18 18:10:31 . 2009-12-29 00:27:24 -------- d-----w- C:\Program Files\Mozilla Thunderbird
2010-09-16 16:54:47 . 2009-12-29 22:32:28 -------- d-----w- C:\Program Files\KeePass Password Safe 2
2010-09-16 16:30:34 . 2009-12-29 11:23:09 -------- d-----w- C:\Program Files\Opera
2010-09-02 16:52:39 . 2010-07-25 16:56:43 -------- d-----w- C:\Program Files\Common Files\Adobe AIR
2010-09-02 16:52:30 . 2010-09-02 16:52:58 53632 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-02 16:52:30 . 2010-09-02 16:52:58 53632 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-31 10:16:51 . 2009-12-28 23:50:18 41624 ----a-w- C:\WINDOWS\system32\drivers\fsbts.sys
2010-08-27 13:32:13 . 2010-08-27 13:32:13 -------- d-----w- C:\Program Files\Common Files\Java
2010-08-27 13:31:58 . 2010-02-04 10:07:10 -------- d-----w- C:\Program Files\Java
2010-08-23 22:46:16 . 2010-08-23 22:46:16 503808 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcp71.dll
2010-08-23 22:46:16 . 2010-08-23 22:46:16 503808 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcp71.dll
2010-08-23 22:46:16 . 2010-08-23 22:46:16 499712 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\jmc.dll
2010-08-23 22:46:16 . 2010-08-23 22:46:16 499712 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\jmc.dll
2010-08-23 22:46:16 . 2010-08-23 22:46:16 348160 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcr71.dll
2010-08-23 22:46:16 . 2010-08-23 22:46:16 348160 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcr71.dll
2010-08-23 22:46:15 . 2010-08-23 22:46:15 61440 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-sse.dll
2010-08-23 22:46:15 . 2010-08-23 22:46:15 61440 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-sse.dll
2010-08-23 22:46:15 . 2010-08-23 22:46:15 12800 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-d3d.dll
2010-08-23 22:46:15 . 2010-08-23 22:46:15 12800 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-d3d.dll
2010-08-18 16:43:12 . 2010-08-28 20:38:43 52224 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\FFExternalAlert.dll
2010-08-18 16:43:12 . 2010-08-28 20:38:43 52224 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\FFExternalAlert.dll
2010-08-18 16:43:12 . 2010-08-28 20:38:43 101376 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\RadioWMPCore.dll
2010-08-18 16:43:12 . 2010-08-28 20:38:43 101376 ----a-w- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\RadioWMPCore.dll
2010-08-17 13:17:06 . 2008-04-14 06:52:50 58880 ----a-w- C:\WINDOWS\system32\spoolsv.exe
2010-08-12 09:28:56 . 2009-12-29 07:52:07 -------- d-----r- C:\Program Files\Skype
2010-08-10 20:55:53 . 2010-08-10 20:55:50 -------- d-----w- C:\Program Files\PixiePack Codec Pack
2010-07-25 16:56:32 . 2010-07-25 16:54:33 12124624 ----a-w- C:\Documents and Settings\All Users\Data aplikací\NOS\Adobe_Downloads\AdobeAIRInstaller.exe
2010-07-25 16:54:40 . 2010-07-25 16:54:33 77184 ----a-w- C:\Documents and Settings\All Users\Data aplikací\NOS\Adobe_Downloads\arh.exe
2010-07-22 15:46:07 . 2008-04-14 06:51:56 590848 ----a-w- C:\WINDOWS\system32\rpcrt4.dll
2010-07-22 06:19:05 . 2008-05-05 06:25:04 5632 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2010-07-17 03:00:04 . 2010-04-30 18:23:45 423656 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2010-07-05 09:01:20 . 2010-07-16 11:17:28 192496 ----a-w- C:\WINDOWS\system32\hrfsnp.dll
2010-07-05 09:01:12 . 2010-07-16 11:17:28 144624 ----a-w- C:\WINDOWS\system32\drivers\hrfsmrx.sys
2010-06-03 11:38:59 . 2010-06-03 11:38:59 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[7] 2008-04-14 06:52:54 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 06:52:54 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe
[-] 2008-04-14 06:52:54 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\dllcache\winlogon.exe

[7] 2008-04-14 06:51:40 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 06:51:40 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\system32\comctl32.dll
[-] 2008-04-14 06:51:40 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\comctl32.dll
[7] 2008-04-14 06:37:06 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0 (xpsp.080413-2105)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2006-03-02 12:00:00 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0 (xpclient.010817-1148)] . . C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2008-04-14 06:52:06 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 06:52:06 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll
[-] 2008-04-14 06:52:06 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\user32.dll

[-] 2008-04-14 06:52:24 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe
[7] 2008-04-14 06:52:24 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 06:52:24 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\explorer.exe

[7] 2008-04-14 06:51:54 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-14 06:51:54 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\ole32.dll
[-] 2008-04-14 06:51:54 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\system32\dllcache\ole32.dll

[7] 2008-04-14 06:52:18 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 06:52:18 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
[-] 2008-04-14 06:52:18 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\dllcache\ctfmon.exe

[7] 2009-03-08 13:09:26 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\NiwradSoft Shell Pack\Backup\iexplore.exe
[-] 2009-03-08 13:09:26 . F68C1BAC147227B86FFB36828FF8BEDF . 510816 . . [8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] . . C:\WINDOWS\system32\dllcache\iexplore.exe
[7] 2008-04-14 06:52:28 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\ie8\iexplore.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoConflict]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2010-07-05 09:01:22 757744 ----a-w- C:\Program Files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2010-07-05 09:01:22 757744 ----a-w- C:\Program Files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2010-07-05 09:01:22 757744 ----a-w- C:\Program Files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoUnavailable]
@="{06F5F772-99DF-4191-9AED-3037B0DF154B}"
[HKEY_CLASSES_ROOT\CLSID\{06F5F772-99DF-4191-9AED-3037B0DF154B}]
2010-07-05 09:01:22 757744 ----a-w- C:\Program Files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-08-19 06:46:40 3412792 ----a-w- C:\Program Files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-08-19 06:46:40 3412792 ----a-w- C:\Program Files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"speedfan"="C:\Program Files\SpeedFan\speedfan.exe" [2008-08-19 08:31:16 3562496]
"AeroSnap"="C:\Program Files\AeroSnap\AeroSnap.exe" [2008-12-06 18:32:22 886784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2009-07-09 09:34:54 199264]
"F-Secure TNB"="C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2009-07-09 09:32:46 2349664]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 16:58:18 906648]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 06:52:18 40448]

C:\Documents and Settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe [2009-8-21 900816]

C:\Documents and Settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe [2009-8-21 900816]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe [2010-8-19 3512120]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe"
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
"NokiaOviSuite2"=C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RTHDCPL"=RTHDCPL.EXE
"NiwradSoft Welcome"=C:\WINDOWS\NiwradSoft Shell Pack\Tools\NS Welcome.exe
"rfagent"="C:\Program Files\RFA\rfagent.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"KeePass 2 PreLoad"="C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"C:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 fsbts;fsbts;C:\WINDOWS\system32\drivers\fsbts.sys [29.12.2009 1:50:18 41624]
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [29.12.2009 1:50:09 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files\F-Secure\HIPS\drivers\fshs.sys [29.12.2009 1:49:56 68064]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [17.6.2010 23:44:09 233472]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [29.12.2009 1:49:44 124072]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [29.12.2009 1:49:56 58024]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [17.6.2010 23:44:09 36608]
R3 PSI;PSI;C:\WINDOWS\system32\drivers\psi_mf.sys [17.6.2009 14:20:34 12648]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [29.12.2009 13:31:05 1684736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [3.6.2010 13:38:53 30192]
S3 hrfsmrx;hrfsmrx;C:\WINDOWS\system32\drivers\hrfsmrx.sys [16.7.2010 13:17:28 144624]
S3 humyo.com;humyo.com;C:\Program Files\humyo SmartDrive\hrfscore.exe [16.7.2010 13:17:27 3186672]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\WINDOWS\system32\drivers\ss_bbus.sys [17.6.2010 23:44:22 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\WINDOWS\system32\drivers\ss_bmdfl.sys [17.6.2010 23:44:22 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\WINDOWS\system32\drivers\ss_bmdm.sys [17.6.2010 23:44:22 121856]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys [29.12.2009 1:49:44 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys [29.12.2009 1:49:44 25184]
S4 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [30.12.2009 1:36:23 721904]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - FSUSBEXDISK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02:30 114688 ----a-w- C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-10-02 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:43:30 . 2009-11-16 14:43:30]

2010-10-02 C:\WINDOWS\Tasks\Úklid 1 kliknutím.job
- C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:43:30 . 2009-11-16 14:43:30]
.
.
------- Doplňkový sken -------
.
uLocal Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
uInternet Connection Wizard,ShellNext = hxxp://www.drivermax.com/driver/auto_drivers.p ... /index.php
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Save Image To humyo.cz
IE: Save Target To humyo.cz
LSP: C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
FF - ProfilePath - C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - component: C:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: C:\Program Files\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: browser.urlbar.autoFill - true
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
FCOPY::
C:\WINDOWS\NiwradSoft Shell Pack\Backup\winlogon.exe | C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\NiwradSoft Shell Pack\Backup\winlogon.exe | C:\WINDOWS\system32\dllcache\winlogon.exe
C:\WINDOWS\NiwradSoft Shell Pack\Backup\comctl32.dll | C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\NiwradSoft Shell Pack\Backup\comctl32.dll | C:\WINDOWS\system32\dllcache\comctl32.dll
C:\WINDOWS\NiwradSoft Shell Pack\Backup\user32.dll | C:\WINDOWS\system32\user32.dll
C:\WINDOWS\NiwradSoft Shell Pack\Backup\user32.dll | C:\WINDOWS\system32\dllcache\user32.dll
C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe | C:\WINDOWS\explorer.exe
C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe | C:\WINDOWS\system32\dllcache\explorer.exe
C:\WINDOWS\NiwradSoft Shell Pack\Backup\ole32.dll | C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\NiwradSoft Shell Pack\Backup\ole32.dll | C:\WINDOWS\system32\dllcache\ole32.dll
C:\WINDOWS\NiwradSoft Shell Pack\Backup\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NiwradSoft Shell Pack\Backup\ctfmon.exe | C:\WINDOWS\system32\dllcache\ctfmon.exe
C:\WINDOWS\NiwradSoft Shell Pack\Backup\iexplore.exe | C:\WINDOWS\system32\dllcache\iexplore.exe

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[vorryy]

ComboFix 10-10-01.07 - Jirka 03.10.2010 10:45:18.5.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2796 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: F-Secure Internet Security 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2010 10.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

-- Předchozí spuštění --

Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll

--------

.
--------------- FCopy ---------------

c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe --> c:\windows\system32\dllcache\winlogon.exe
c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll --> c:\windows\system32\comctl32.dll
c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll --> c:\windows\system32\dllcache\comctl32.dll
c:\windows\NiwradSoft Shell Pack\Backup\user32.dll --> c:\windows\system32\user32.dll
c:\windows\NiwradSoft Shell Pack\Backup\user32.dll --> c:\windows\system32\dllcache\user32.dll
c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe --> c:\windows\explorer.exe
c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe --> c:\windows\system32\dllcache\explorer.exe
c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll --> c:\windows\system32\ole32.dll
c:\windows\NiwradSoft Shell Pack\Backup\ole32.dll --> c:\windows\system32\dllcache\ole32.dll
c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe --> c:\windows\system32\ctfmon.exe
c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe --> c:\windows\system32\dllcache\ctfmon.exe
c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe --> c:\windows\system32\dllcache\iexplore.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-02 17:12 . 2010-10-02 17:12 -------- d-sh--w- c:\documents and settings\Jirka\IECompatCache
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\VDLL.DLL
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\system32\runouce.exe
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\rundll16.exe
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\logo1_.exe
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\logo_1.exe
2010-10-01 22:04 . 2010-10-01 22:07 -------- d-----w- c:\program files\trend micro
2010-10-01 22:04 . 2010-10-01 22:04 -------- d-----w- C:\rsit
2010-10-01 21:32 . 2010-10-01 21:32 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-10-01 21:32 . 2010-10-01 21:32 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-10-01 21:32 . 2010-10-01 21:32 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-10-01 21:32 . 2008-04-14 06:52 185344 ----a-w- c:\windows\system32\T.COM
2010-10-01 21:32 . 2008-04-14 06:52 277504 ----a-w- c:\windows\R.COM
2010-10-01 21:32 . 2010-10-01 21:32 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-10-01 21:30 . 2010-10-01 21:30 -------- d-----w- c:\program files\Simpli Software
2010-10-01 13:46 . 2010-10-01 13:46 -------- d-----w- c:\program files\ESET
2010-09-03 19:43 . 2010-08-19 06:46 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2010-09-03 19:42 . 2010-09-03 19:43 -------- d-----w- c:\program files\MozyHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 08:47 . 2006-03-02 12:00 81094 ----a-w- c:\windows\system32\perfc005.dat
2010-10-03 08:47 . 2006-03-02 12:00 435872 ----a-w- c:\windows\system32\perfh005.dat
2010-10-03 08:37 . 2009-12-29 12:15 -------- d-----w- c:\program files\SpeedFan
2010-10-01 21:29 . 2010-02-04 07:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-10-01 21:29 . 2009-12-28 23:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-30 20:04 . 2010-02-15 22:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-27 18:44 . 2009-12-29 19:00 -------- d-----w- c:\program files\uTorrent
2010-09-18 18:10 . 2009-12-29 00:27 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-16 16:54 . 2009-12-29 22:32 -------- d-----w- c:\program files\KeePass Password Safe 2
2010-09-16 16:30 . 2009-12-29 11:23 -------- d-----w- c:\program files\Opera
2010-09-02 16:52 . 2010-07-25 16:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-02 16:52 . 2010-09-02 16:52 53632 ----a-w- c:\documents and settings\Jirka\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-02 16:52 . 2010-09-02 16:52 53632 ----a-w- c:\documents and settings\Jirka\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-31 10:16 . 2009-12-28 23:50 41624 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-08-27 13:32 . 2010-08-27 13:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-27 13:31 . 2010-02-04 10:07 -------- d-----w- c:\program files\Java
2010-08-23 22:46 . 2010-08-23 22:46 503808 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcp71.dll
2010-08-23 22:46 . 2010-08-23 22:46 503808 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcp71.dll
2010-08-23 22:46 . 2010-08-23 22:46 499712 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\jmc.dll
2010-08-23 22:46 . 2010-08-23 22:46 499712 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\jmc.dll
2010-08-23 22:46 . 2010-08-23 22:46 348160 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcr71.dll
2010-08-23 22:46 . 2010-08-23 22:46 348160 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcr71.dll
2010-08-23 22:46 . 2010-08-23 22:46 61440 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-sse.dll
2010-08-23 22:46 . 2010-08-23 22:46 61440 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-sse.dll
2010-08-23 22:46 . 2010-08-23 22:46 12800 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-d3d.dll
2010-08-23 22:46 . 2010-08-23 22:46 12800 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-d3d.dll
2010-08-18 16:43 . 2010-08-28 20:38 52224 ----a-w- c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\FFExternalAlert.dll
2010-08-18 16:43 . 2010-08-28 20:38 52224 ----a-w- c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\FFExternalAlert.dll
2010-08-18 16:43 . 2010-08-28 20:38 101376 ----a-w- c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\RadioWMPCore.dll
2010-08-18 16:43 . 2010-08-28 20:38 101376 ----a-w- c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\RadioWMPCore.dll
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 09:28 . 2009-12-29 07:52 -------- d-----r- c:\program files\Skype
2010-08-10 20:55 . 2010-08-10 20:55 -------- d-----w- c:\program files\PixiePack Codec Pack
2010-07-25 16:56 . 2010-07-25 16:54 12124624 ----a-w- c:\documents and settings\All Users\Data aplikací\NOS\Adobe_Downloads\AdobeAIRInstaller.exe
2010-07-25 16:54 . 2010-07-25 16:54 77184 ----a-w- c:\documents and settings\All Users\Data aplikací\NOS\Adobe_Downloads\arh.exe
2010-07-22 15:46 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-04-30 18:23 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-05 09:01 . 2010-07-16 11:17 192496 ----a-w- c:\windows\system32\hrfsnp.dll
2010-07-05 09:01 . 2010-07-16 11:17 144624 ----a-w- c:\windows\system32\drivers\hrfsmrx.sys
2010-06-03 11:38 . 2010-06-03 11:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-02_20.15.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-03-02 12:00 . 2010-10-02 20:12 70556 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-10-03 08:47 70556 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-10-03 08:47 439484 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2010-10-02 20:12 439484 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoConflict]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2010-07-05 09:01 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2010-07-05 09:01 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2010-07-05 09:01 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoUnavailable]
@="{06F5F772-99DF-4191-9AED-3037B0DF154B}"
[HKEY_CLASSES_ROOT\CLSID\{06F5F772-99DF-4191-9AED-3037B0DF154B}]
2010-07-05 09:01 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-08-19 06:46 3412792 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-08-19 06:46 3412792 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"speedfan"="c:\program files\SpeedFan\speedfan.exe" [2008-08-19 3562496]
"AeroSnap"="c:\program files\AeroSnap\AeroSnap.exe" [2008-12-06 886784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-07-09 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-07-09 2349664]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-8-19 3512120]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"DAEMON Tools Lite"=c:\program files\DAEMON Tools Lite\daemon.exe -autorun
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RTHDCPL"=RTHDCPL.EXE
"NiwradSoft Welcome"=c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe
"rfagent"="c:\program files\RFA\rfagent.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"OODefragTray"=c:\windows\system32\oodtray.exe
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" --preload
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [29.12.2009 1:50 80000]
S0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [29.12.2009 1:50 41624]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [29.12.2009 1:49 68064]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [17.6.2010 23:44 233472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.12.2009 13:31 1684736]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [29.12.2009 1:49 124072]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [29.12.2009 1:49 58024]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [17.6.2010 23:44 36608]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3.6.2010 13:38 30192]
S3 hrfsmrx;hrfsmrx;c:\windows\system32\drivers\hrfsmrx.sys [16.7.2010 13:17 144624]
S3 humyo.com;humyo.com;c:\program files\humyo SmartDrive\hrfscore.exe [16.7.2010 13:17 3186672]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [17.6.2010 23:44 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [17.6.2010 23:44 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [17.6.2010 23:44 121856]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [29.12.2009 1:49 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [29.12.2009 1:49 25184]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.12.2009 1:36 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-10-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:43]

2010-10-03 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:43]
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uInternet Connection Wizard,ShellNext = hxxp://www.drivermax.com/driver/auto_drivers.p ... /index.php
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Save Image To humyo.cz
IE: Save Target To humyo.cz
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - component: c:\program files\F-Secure\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: browser.urlbar.autoFill - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 10:49
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9l.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9l.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3A09BBE29FB7112BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA2D97226D213B555A2D97226D213B55537B4B35A153E4254A81FEB99AF387F9B6EBC1B1B20B4324DA349C3A1B8D914505EAF3617ADBFCCCB3CCD379966E623A1060B3554F173B92CE3C893AD7C44DD541F9078C5574D66FAF3A43EBF1ACB2127F4D4DF6046C3D20C7B2886F808D34561ADD59B25FAD5E4048F89F2D789C86F69A203FCB6D39CB4699BF81245ABB5E0CD25D3C4E52059DF38B035CA2197D6C759D9D2F243750A5970D71BAC4F5D2B0EA301311B2FF670B6235EB43F4D4B002A9DCA562D67ACAC818529485241B588ECA4246CCC9BCF44090002E7CE854FE4D58F88731A779CB9303F6B07833D71B7E0C2535309B72114BC406B0579E272B6D33D8A642CB88D782BE6DFBA4258713612A6B689060604B17B874C1346F5283EECE52CB6D8696A457F7B2B14189A3B956E2B5E077AFBB70231AD3B703F4007D5AE022ECA9CB844917A2FD3198E0376F923DF3A9825859C028EC132CCF0B9CA6E6CB831D8F54BCEDFB0E9C7263701709EA7099F5CC4FE3ABD8B810FAC6CCD50893C693FE86638614979C4D7E824FA9BCEB11DC7C720BBB858DDE296EAC8DA1DBE7724C159F50CF77A6E0EB6E36EC78A6C3DC7D0217E7F6807858D6C329F33553A3DAE89DA2E48B3B2704A7E6F3136F76D8CE8BB852C87B896C15F9C838D9F463B6E8248751EDED6C7212E2B358B873FD9A294EDE37BFE40E2186815B4355ADC13B2CE1801D838C92068A49BB321EE63D04711B101BE893ADED2EBA76E3C912E2C72F3722C74B019B9F0CC96BE9A17878106DA3273D0BC8291FD648C2CCBE9EFFEDD8637780C98F424AAF7C2FB231CF4B2B12182278CA11D94EA7DDB4090797C9CE55129BB3DB3AE83C7AEAD67EA1097BC5CC719DB5438AD17AF18154E3E4AD327C051F0A02BB94110C029474EA377030EDD65CCA60C708059A3C61CCF89DC185669B819A2FD56C71650D7635487CAE9A65347DCED9B33023365D434102C2410761C6C90955E2B00F574DB3BF150F6261D9C6B696DEFD6448ED4BC8AB2630727E4DC062C1E7BCBD0A4F10DEAEE3E5EB419DD05F8367BAC7D6A19B02C2A71606C16F052223709BEC02ACEF3736A1655B559007DF4AAAF7487581A940CC09B7F1211E2540E2EBC81FB22D65138591D25EDAEADEE2A830966DFFD84007F122C266FF180C0F0A3D083D1BC181781012209477D58A84A4C012AA817C9C0420EEF8C00E55C012B8F84A937BE676AFCFCF034CEBF33AE6AE4195FA7F0A0D6F1FB385E61B1CCB307B99BC9C280D9A7B93B61CBB30437390400D69647ED7F7691F35DB8582D6BA82EC0D9B1326ECCDCAD7EC766CCE920B27427C2D794042608"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(456)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(512)
c:\windows\system32\relog_ap.dll
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(1076)
c:\windows\system32\COMRes.dll
c:\program files\humyo SmartDrive\HrfsShellExtension.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\windows\System32\cscui.dll
c:\windows\System32\hrfsnp.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Celkový čas: 2010-10-03 10:52:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-03 08:52

Před spuštěním: Volných bajtů: 12 038 385 664
Po spuštění: Volných bajtů: 11 994 427 392

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 5031BE0FF8A9F0BFFD22D22259C9882A

[stell]

ok, ako sa chova pocitac??

[vorryy]

Zatím nevim. Napadlo mě taky jestli mi to vypínání nedělal skype. Kdyř ho mám zapnutý a dám režim spánku nebo úsporný a pak probudim PC,tak se mi skype nepřihlásí a ani proces nejde ukončit.

[stell]

urcite nie, ako vidis mal si infikovane systemove subory>
este sprav tento script:
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
FixCSet::

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[vorryy]

ComboFix 10-10-01.07 - Jirka 03.10.2010 16:04:05.6.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3071.2798 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: F-Secure Internet Security 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2010 10.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-03 do 2010-10-03 )))))))))))))))))))))))))))))))
.

2010-10-02 17:12 . 2010-10-02 17:12 -------- d-sh--w- c:\documents and settings\Jirka\IECompatCache
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\VDLL.DLL
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\system32\runouce.exe
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\rundll16.exe
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\logo1_.exe
2010-10-02 16:44 . 2010-10-02 16:44 -------- d---a-w- c:\windows\logo_1.exe
2010-10-01 22:04 . 2010-10-01 22:07 -------- d-----w- c:\program files\trend micro
2010-10-01 22:04 . 2010-10-01 22:04 -------- d-----w- C:\rsit
2010-10-01 21:32 . 2010-10-01 21:32 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-10-01 21:32 . 2010-10-01 21:32 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-10-01 21:32 . 2010-10-01 21:32 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-10-01 21:32 . 2008-04-14 06:52 185344 ----a-w- c:\windows\system32\T.COM
2010-10-01 21:32 . 2008-04-14 06:52 277504 ----a-w- c:\windows\R.COM
2010-10-01 21:32 . 2010-10-01 21:32 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-10-01 21:30 . 2010-10-01 21:30 -------- d-----w- c:\program files\Simpli Software
2010-10-01 13:46 . 2010-10-01 13:46 -------- d-----w- c:\program files\ESET
2010-09-03 19:43 . 2010-08-19 06:46 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2010-09-03 19:42 . 2010-09-03 19:43 -------- d-----w- c:\program files\MozyHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 14:06 . 2006-03-02 12:00 81094 ----a-w- c:\windows\system32\perfc005.dat
2010-10-03 14:06 . 2006-03-02 12:00 435872 ----a-w- c:\windows\system32\perfh005.dat
2010-10-03 14:00 . 2009-12-29 12:15 -------- d-----w- c:\program files\SpeedFan
2010-10-01 21:29 . 2010-02-04 07:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-10-01 21:29 . 2009-12-28 23:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-30 20:04 . 2010-02-15 22:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-27 18:44 . 2009-12-29 19:00 -------- d-----w- c:\program files\uTorrent
2010-09-18 18:10 . 2009-12-29 00:27 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-16 16:54 . 2009-12-29 22:32 -------- d-----w- c:\program files\KeePass Password Safe 2
2010-09-16 16:30 . 2009-12-29 11:23 -------- d-----w- c:\program files\Opera
2010-09-02 16:52 . 2010-07-25 16:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-09-02 16:52 . 2010-09-02 16:52 53632 ----a-w- c:\documents and settings\Jirka\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-02 16:52 . 2010-09-02 16:52 53632 ----a-w- c:\documents and settings\Jirka\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-31 10:16 . 2009-12-28 23:50 41624 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-08-27 13:32 . 2010-08-27 13:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-27 13:31 . 2010-02-04 10:07 -------- d-----w- c:\program files\Java
2010-08-23 22:46 . 2010-08-23 22:46 503808 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcp71.dll
2010-08-23 22:46 . 2010-08-23 22:46 503808 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcp71.dll
2010-08-23 22:46 . 2010-08-23 22:46 499712 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\jmc.dll
2010-08-23 22:46 . 2010-08-23 22:46 499712 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\jmc.dll
2010-08-23 22:46 . 2010-08-23 22:46 348160 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcr71.dll
2010-08-23 22:46 . 2010-08-23 22:46 348160 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d3cf561-n\msvcr71.dll
2010-08-23 22:46 . 2010-08-23 22:46 61440 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-sse.dll
2010-08-23 22:46 . 2010-08-23 22:46 61440 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-sse.dll
2010-08-23 22:46 . 2010-08-23 22:46 12800 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-d3d.dll
2010-08-23 22:46 . 2010-08-23 22:46 12800 ----a-w- c:\documents and settings\Jirka\Data aplikací\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38f3ed57-n\decora-d3d.dll
2010-08-18 16:43 . 2010-08-28 20:38 52224 ----a-w- c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\FFExternalAlert.dll
2010-08-18 16:43 . 2010-08-28 20:38 52224 ----a-w- c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\FFExternalAlert.dll
2010-08-18 16:43 . 2010-08-28 20:38 101376 ----a-w- c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\RadioWMPCore.dll
2010-08-18 16:43 . 2010-08-28 20:38 101376 ----a-w- c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\extensions\{e413a417-d00b-4a3b-9c17-19048046f1ce}\components\RadioWMPCore.dll
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 09:28 . 2009-12-29 07:52 -------- d-----r- c:\program files\Skype
2010-08-10 20:55 . 2010-08-10 20:55 -------- d-----w- c:\program files\PixiePack Codec Pack
2010-07-25 16:56 . 2010-07-25 16:54 12124624 ----a-w- c:\documents and settings\All Users\Data aplikací\NOS\Adobe_Downloads\AdobeAIRInstaller.exe
2010-07-25 16:54 . 2010-07-25 16:54 77184 ----a-w- c:\documents and settings\All Users\Data aplikací\NOS\Adobe_Downloads\arh.exe
2010-07-22 15:46 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 03:00 . 2010-04-30 18:23 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-03 11:38 . 2010-06-03 11:38 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-02_20.15.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-03-02 12:00 . 2010-10-02 20:12 70556 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2010-10-03 14:06 70556 c:\windows\system32\perfc009.dat
+ 2008-04-14 06:52 . 2008-04-14 06:52 15360 c:\windows\system32\dllcache\ctfmon.exe
+ 2008-04-14 06:52 . 2008-04-14 06:52 15360 c:\windows\system32\ctfmon.exe
+ 2008-04-14 06:52 . 2008-04-14 06:52 507904 c:\windows\system32\winlogon.exe
+ 2006-03-02 12:00 . 2010-10-03 14:06 439484 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2010-10-02 20:12 439484 c:\windows\system32\perfh009.dat
+ 2008-04-14 06:52 . 2008-04-14 06:52 507904 c:\windows\system32\dllcache\winlogon.exe
+ 2008-04-14 06:51 . 2008-04-14 06:51 617472 c:\windows\system32\dllcache\comctl32.dll
+ 2008-04-14 06:51 . 2008-04-14 06:51 617472 c:\windows\system32\comctl32.dll
+ 2008-04-14 06:51 . 2008-04-14 06:51 1287168 c:\windows\system32\ole32.dll
+ 2008-04-14 06:51 . 2008-04-14 06:51 1287168 c:\windows\system32\dllcache\ole32.dll
+ 2008-04-14 06:52 . 2008-04-14 06:52 1034240 c:\windows\system32\dllcache\explorer.exe
+ 2008-04-14 06:52 . 2008-04-14 06:52 1034240 c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoConflict]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2010-07-05 09:01 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2010-07-05 09:01 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2010-07-05 09:01 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HumyoUnavailable]
@="{06F5F772-99DF-4191-9AED-3037B0DF154B}"
[HKEY_CLASSES_ROOT\CLSID\{06F5F772-99DF-4191-9AED-3037B0DF154B}]
2010-07-05 09:01 757744 ----a-w- c:\program files\humyo SmartDrive\HrfsShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-08-19 06:46 3412792 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-08-19 06:46 3412792 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"speedfan"="c:\program files\SpeedFan\speedfan.exe" [2008-08-19 3562496]
"AeroSnap"="c:\program files\AeroSnap\AeroSnap.exe" [2008-12-06 886784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-07-09 199264]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-07-09 2349664]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-23 906648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\Jirka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-8-19 3512120]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"DAEMON Tools Lite"=c:\program files\DAEMON Tools Lite\daemon.exe -autorun
"NokiaOviSuite2"=c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RTHDCPL"=RTHDCPL.EXE
"NiwradSoft Welcome"=c:\windows\NiwradSoft Shell Pack\Tools\NS Welcome.exe
"rfagent"="c:\program files\RFA\rfagent.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"OODefragTray"=c:\windows\system32\oodtray.exe
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" --preload
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [29.12.2009 1:50 80000]
S0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [29.12.2009 1:50 41624]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [29.12.2009 1:49 68064]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [17.6.2010 23:44 233472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.12.2009 13:31 1684736]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [29.12.2009 1:49 124072]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [29.12.2009 1:49 58024]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [17.6.2010 23:44 36608]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3.6.2010 13:38 30192]
S3 hrfsmrx;hrfsmrx;c:\windows\system32\drivers\hrfsmrx.sys [16.7.2010 13:17 144624]
S3 humyo.com;humyo.com;c:\program files\humyo SmartDrive\hrfscore.exe [16.7.2010 13:17 3186672]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [17.6.2010 23:44 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [17.6.2010 23:44 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [17.6.2010 23:44 121856]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [29.12.2009 1:49 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [29.12.2009 1:49 25184]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.12.2009 1:36 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-10-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:43]

2010-10-03 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 14:43]
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uInternet Connection Wizard,ShellNext = hxxp://www.drivermax.com/driver/auto_drivers.p ... /index.php
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat do zařízení Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Save Image To humyo.cz
IE: Save Target To humyo.cz
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\naf5m2tn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - component: c:\program files\F-Secure\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: browser.urlbar.autoFill - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 16:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9l.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9l.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3A09BBE29FB7112BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA2D97226D213B555A2D97226D213B55537B4B35A153E4254A81FEB99AF387F9B6EBC1B1B20B4324DA349C3A1B8D914505EAF3617ADBFCCCB3CCD379966E623A1060B3554F173B92CE3C893AD7C44DD541F9078C5574D66FAF3A43EBF1ACB2127F4D4DF6046C3D20C7B2886F808D34561ADD59B25FAD5E4048F89F2D789C86F69A203FCB6D39CB4699BF81245ABB5E0CD25D3C4E52059DF38B035CA2197D6C759D9D2F243750A5970D71BAC4F5D2B0EA301311B2FF670B6235EB43F4D4B002A9DCA562D67ACAC818529485241B588ECA4246CCC9BCF44090002E7CE854FE4D58F88731A779CB9303F6B07833D71B7E0C2535309B72114BC406B0579E272B6D33D8A642CB88D782BE6DFBA4258713612A6B689060604B17B874C1346F5283EECE52CB6D8696A457F7B2B14189A3B956E2B5E077AFBB70231AD3B703F4007D5AE022ECA9CB844917A2FD3198E0376F923DF3A9825859C028EC132CCF0B9CA6E6CB831D8F54BCEDFB0E9C7263701709EA7099F5CC4FE3ABD8B810FAC6CCD50893C693FE86638614979C4D7E824FA9BCEB11DC7C720BBB858DDE296EAC8DA1DBE7724C159F50CF77A6E0EB6E36EC78A6C3DC7D0217E7F6807858D6C329F33553A3DAE89DA2E48B3B2704A7E6F3136F76D8CE8BB852C87B896C15F9C838D9F463B6E8248751EDED6C7212E2B358B873FD9A294EDE37BFE40E2186815B4355ADC13B2CE1801D838C92068A49BB321EE63D04711B101BE893ADED2EBA76E3C912E2C72F3722C74B019B9F0CC96BE9A17878106DA3273D0BC8291FD648C2CCBE9EFFEDD8637780C98F424AAF7C2FB231CF4B2B12182278CA11D94EA7DDB4090797C9CE55129BB3DB3AE83C7AEAD67EA1097BC5CC719DB5438AD17AF18154E3E4AD327C051F0A02BB94110C029474EA377030EDD65CCA60C708059A3C61CCF89DC185669B819A2FD56C71650D7635487CAE9A65347DCED9B33023365D434102C2410761C6C90955E2B00F574DB3BF150F6261D9C6B696DEFD6448ED4BC8AB2630727E4DC062C1E7BCBD0A4F10DEAEE3E5EB419DD05F8367BAC7D6A19B02C2A71606C16F052223709BEC02ACEF3736A1655B559007DF4AAAF7487581A940CC09B7F1211E2540E2EBC81FB22D65138591D25EDAEADEE2A830966DFFD84007F122C266FF180C0F0A3D083D1BC181781012209477D58A84A4C012AA817C9C0420EEF8C00E55C012B8F84A937BE676AFCFCF034CEBF33AE6AE4195FA7F0A0D6F1FB385E61B1CCB307B99BC9C280D9A7B93B61CBB30437390400D69647ED7F7691F35DB8582D6BA82EC0D9B1326ECCDCAD7EC766CCE920B27427C2D794042608"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(456)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(512)
c:\windows\system32\relog_ap.dll
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(1000)
c:\windows\system32\COMRes.dll
c:\program files\humyo SmartDrive\HrfsShellExtension.dll
c:\program files\MozyHome\mozyshell.dll
c:\program files\MozyHome\LIBEAY32.dll
c:\windows\System32\cscui.dll
c:\windows\System32\hrfsnp.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Celkový čas: 2010-10-03 16:11:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-10-03 14:11
ComboFix2.txt 2010-10-03 08:52

Před spuštěním: Volných bajtů: 12 007 043 072
Po spuštění: Volných bajtů: 11 983 872 000

- - End Of File - - 07A5A8C575C0CA6C1B03DDC37241C50E