VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

stále padající internet

https://forum.viry.cz:443/viewtopic.php?t=97559

Stránka 1 z 2

stále padající internet

Napsal: 12 úno 2010 16:15
od Dennis
zdravím mám vista 32 a stále ni padá internet na cca 3-5 vteřin nefunguje a pak zase jde
netušíte někdo prosím

Logfile of random's system information tool 1.06 (written by random/random)
Run by uzivatel at 2010-02-12 16:07:39
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 8 GB (4%) free of 186 GB
Total RAM: 3566 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:57, on 12.2.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\oodtray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\system32\SearchFilterHost.exe
P:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe
P:\Downloads\RSIT.exe
C:\Program Files\trend micro\uzivatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - P:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - p:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OM2_Monitor] "P:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: ESET Smart Security.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe
O4 - Global Startup: Logo Calibration Loader.lnk = P:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O4 - Global Startup: ProfileReminder.lnk = P:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
O4 - Global Startup: SrvMod.lnk = C:\Windows\twain_32\L12U16U2\SrvMod.exe
O8 - Extra context menu item: &Download All by FlashGet - P:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - P:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c990d59aaaa1c5) (gupdate1c990d59aaaa1c5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nexus Server (Carbon Coder) (Nexus Server) - Unknown owner - C:\Program Files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Rider Test Agent (Rider) - Unknown owner - (no file)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8950 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2848497818-3269473320-3972940658-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2848497818-3269473320-3972940658-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - P:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - p:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - P:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"=C:\Windows\system32\oodtray.exe [2008-11-03 2540800]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Google Update"=C:\Users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-17 133104]
"OM2_Monitor"=P:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2009-04-17 95536]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
ESET Smart Security.lnk - C:\Program Files\ESET\ESET Smart Security\egui.exe
Logo Calibration Loader.lnk - P:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
ProfileReminder.lnk - P:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
SrvMod.lnk - C:\Windows\twain_32\L12U16U2\SrvMod.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"p:\Program Files\Photocopier Expert\simplecopier.exe"="p:\Program Files\Photocopier Expert\simplecopier.exe:*:Enabled:SimpleCopier"
"p:\Program Files\SimpleCopier\simplecopier.exe"="p:\Program Files\SimpleCopier\simplecopier.exe:*:Enabled:SimpleCopier"
"p:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="p:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"p:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="p:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"p:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="p:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"p:\Program Files\Photocopier Expert\simplecopier.exe"="p:\Program Files\Photocopier Expert\simplecopier.exe:*:Enabled:SimpleCopier"
"p:\Program Files\SimpleCopier\simplecopier.exe"="p:\Program Files\SimpleCopier\simplecopier.exe:*:Enabled:SimpleCopier"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b1d5209-c108-11dd-9f0c-0011091f3021}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c62e26b-ea10-11de-8a8b-0011091f3021}]
shell\AutoRun\command - O:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3dd476-f5e8-11de-880e-0011091f3021}]
shell\AutoRun\command - O:\Setup.exe Setup.cdl /A


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-02-02 09:12:17 ----D---- C:\Users\uzivatel\AppData\Roaming\Mozilla
2010-02-02 09:12:10 ----D---- C:\Program Files\Mozilla Firefox
2010-01-22 08:09:40 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 08:09:39 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 08:09:37 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 08:09:37 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 08:09:37 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 08:09:36 ----A---- C:\Windows\system32\occache.dll
2010-01-22 08:09:36 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 08:09:36 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 08:09:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 08:09:34 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 08:09:34 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 08:09:34 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 08:09:33 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-22 08:09:33 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 08:09:33 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-22 08:09:33 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 08:09:33 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-22 08:09:32 ----A---- C:\Windows\system32\iernonce.dll
2010-01-18 09:03:46 ----D---- C:\Users\uzivatel\AppData\Roaming\dvdisaster
2010-01-13 07:59:15 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 07:59:14 ----A---- C:\Windows\system32\fontsub.dll

======List of files/folders modified in the last 1 months======

2010-02-12 16:07:51 ----D---- C:\Windows\Prefetch
2010-02-12 16:07:49 ----D---- C:\Windows\Temp
2010-02-12 16:07:41 ----D---- C:\Program Files\trend micro
2010-02-12 16:07:15 ----D---- C:\Users\uzivatel\AppData\Roaming\BITS
2010-02-12 09:48:18 ----SHD---- C:\System Volume Information
2010-02-12 08:28:28 ----D---- C:\Windows
2010-02-10 15:56:07 ----A---- C:\Windows\NeroDigital.ini
2010-02-10 08:37:23 ----D---- C:\Windows\system32\catroot
2010-02-10 08:37:21 ----D---- C:\Windows\winsxs
2010-02-10 08:36:51 ----D---- C:\Windows\system32\catroot2
2010-02-09 16:38:42 ----D---- C:\Windows\System32
2010-02-09 16:38:41 ----D---- C:\Windows\inf
2010-02-09 16:38:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-09 09:20:22 ----D---- C:\Users\uzivatel\AppData\Roaming\Canon
2010-02-09 08:14:01 ----SHD---- C:\Windows\Installer
2010-02-09 08:13:43 ----D---- C:\Program Files\Google
2010-02-05 14:26:29 ----AD---- C:\ProgramData\TEMP
2010-02-05 08:05:47 ----D---- C:\ProgramData\DVD Shrink
2010-02-02 09:12:10 ----RD---- C:\Program Files
2010-01-23 10:07:20 ----D---- C:\Windows\system32\migration
2010-01-23 10:07:17 ----D---- C:\Program Files\Internet Explorer
2010-01-22 16:20:32 ----D---- C:\Tmp
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-19 350720]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R2 aksfridge;aksfridge; C:\Windows\system32\drivers\aksfridge.sys [2007-05-28 352256]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-11-16 38240]
R2 Hardlock;Hardlock; C:\Windows\system32\drivers\hardlock.sys [2007-08-06 585728]
R2 PDIHWCTL;PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [2007-01-25 14416]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2006-12-21 90688]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-09-10 212992]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-09-13 19456]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-09-13 29184]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-07-21 7569568]
R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2008-09-05 10368]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 ALSysIO;ALSysIO; \??\C:\Users\uzivatel\AppData\Local\Temp\ALSysIO.sys []
S3 aqcdv4jw;aqcdv4jw; C:\Windows\system32\drivers\aqcdv4jw.sys []
S3 Avc;Zařízení AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-09-13 220160]
S3 catchme;catchme; \??\C:\Users\uzivatel\AppData\Local\Temp\catchme.sys []
S3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver; C:\Windows\system32\DRIVERS\cmiucr.SYS []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 i1;i1 Pro; C:\Windows\System32\Drivers\i1.sys [2006-05-10 26045]
S3 i1display;i1 Display; C:\Windows\System32\Drivers\i1display.sys [2007-03-28 44344]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 lvpopflt;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopflt.sys [2007-10-12 1920920]
S3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2007-10-12 2091800]
S3 lvselsus;Logitech Selective Suspend Filter; C:\Windows\system32\DRIVERS\lvselsus.sys [2007-10-12 66456]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 LVUVC;QuickCam Orbit/Sphere AF(UVC); C:\Windows\system32\DRIVERS\lvuvc.sys [2007-10-12 3647384]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2007-04-02 328192]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-19 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Canon Driver Information Assist Service;Canon Driver Information Assist Service; C:\Program Files\Canon\DIAS\CnxDIAS.exe [2008-02-26 2389352]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 hasplms;HASP License Manager; C:\Windows\system32\hasplms.exe [2007-08-09 1757696]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-07-30 73728]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 Nexus Server;Nexus Server (Carbon Coder); C:\Program Files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [2008-03-13 692325]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2008-11-03 1332480]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2006-12-06 167936]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 gupdate1c990d59aaaa1c5;Google Update Service (gupdate1c990d59aaaa1c5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-17 133104]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-05 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504]

-----------------EOF-----------------

Re: stále padající internet

Napsal: 12 úno 2010 19:20
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: stále padající internet

Napsal: 15 úno 2010 08:48
od Dennis
ComboFix 10-02-12.01 - uzivatel 15.02.2010 8:35.2.4 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3566.2016 [GMT 1:00]
Spuštěný z: p:\downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\uzivatel\AppData\Roaming\BITS
c:\users\uzivatel\AppData\Roaming\BITS\BITS.ini
c:\users\uzivatel\AppData\Roaming\BITS\DHTTable.dat
c:\users\uzivatel\AppData\Roaming\BITS\ProxyList.ini
c:\users\uzivatel\AppData\Roaming\BITS\Torrent\20100202095903.torrent
c:\users\uzivatel\AppData\Roaming\BITS\Torrent\20100202095903.torrent.filelist
c:\windows\system32\Icons
c:\windows\system32\Icons\EFI_XF.ico
c:\windows\system32\twain_32.dll
N:\resycled
n:\resycled\boot.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-15 07:43 . 2010-02-15 07:44 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2010-02-15 07:43 . 2010-02-15 07:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-02 08:12 . 2010-02-02 08:12 0 ----a-w- c:\windows\nsreg.dat
2010-02-02 08:12 . 2010-02-02 08:12 -------- d-----w- c:\users\uzivatel\AppData\Local\Mozilla
2010-01-18 08:03 . 2010-01-18 08:07 -------- d-----w- c:\users\uzivatel\AppData\Roaming\dvdisaster

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 07:31 . 2008-09-20 06:15 4582 ----a-w- c:\windows\bthservsdp.dat
2010-02-12 15:07 . 2009-05-18 05:34 -------- d-----w- c:\program files\trend micro
2010-02-09 15:38 . 2007-01-08 21:12 639016 ----a-w- c:\windows\system32\perfh005.dat
2010-02-09 15:38 . 2007-01-08 21:12 135794 ----a-w- c:\windows\system32\perfc005.dat
2010-02-09 08:20 . 2008-09-08 16:41 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Canon
2010-02-09 07:13 . 2008-10-07 13:37 -------- d-----w- c:\program files\Google
2010-02-05 07:05 . 2008-09-10 12:55 -------- d-----w- c:\programdata\DVD Shrink
2010-01-14 10:12 . 2009-11-04 06:56 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-02 06:38 . 2010-01-22 07:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 07:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 07:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-30 10:31 . 2005-03-20 06:06 629536 ----a-w- c:\users\uzivatel\AppData\Local\GDIPFONTCACHEV1.DAT
2008-09-10 13:00 . 2008-09-10 13:00 48 --sha-w- c:\windows\S95634B80(9428).tmp
2008-09-10 13:00 . 2008-09-10 13:00 48 --sh--w- c:\windows\S95634B80.tmp
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Google Update"="c:\users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-17 133104]
"OM2_Monitor"="p:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-9-25 25214]
ESET Smart Security.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
Logo Calibration Loader.lnk - p:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2008-9-11 708608]
ProfileReminder.lnk - p:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2008-9-11 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [16.11.2009 9:06 38240]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 PDIHWCTL;PDIHWCTL;c:\windows\System32\drivers\pdihwctl.sys [11.9.2008 15:20 14416]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [3.10.2008 14:32 212992]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\System32\drivers\WSDPrint.sys [26.9.2008 8:12 16896]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [15.9.2008 13:06 717296]
S2 gupdate1c990d59aaaa1c5;Google Update Service (gupdate1c990d59aaaa1c5);c:\program files\Google\Update\GoogleUpdate.exe [17.2.2009 8:59 133104]
S2 Nexus Server;Nexus Server (Carbon Coder);c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [8.10.2008 12:48 692325]
S2 Rider;Rider Test Agent; [x]
S3 i1;i1 Pro;c:\windows\System32\drivers\i1.sys [23.9.2008 16:26 26045]
S3 i1display;i1 Display;c:\windows\System32\drivers\i1display.sys [11.9.2008 15:20 44344]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [2.4.2007 13:59 328192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 08:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 07:58]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 07:58]

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2848497818-3269473320-3972940658-1000Core.job
- c:\users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-17 07:54]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2848497818-3269473320-3972940658-1000UA.job
- c:\users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-17 07:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: &Download All by FlashGet - p:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - p:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\c5gcs5uc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\users\uzivatel\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: p:\program files\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 08:44
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\users\uzivatel\AppData\Local\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.arw"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.cr2"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.crw"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.dng"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
"Progid"="ACDSee Pro 2.5.eps"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.erf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.fff"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.j2k"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jpc"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.kdc"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.mef"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.mrw"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.nef"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.orf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pbm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pcd"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pef"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pgm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.ppm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.psp"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pspimage"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.raf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.raw"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.sr2"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.srf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.thm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="501B14F2C1061828385CE165A24A59766B646CB7B5D99C572BC6FB9BC1C1284C7E55633199744E3D04AB694FB6075F3052893E24E325A3CAEDF97F9BF76C6DAB494952249D043687DA50083234154C25398CD4233204939C53091869A685516DB2932D853F7F8E65C7CBD9D2E4B48051D473BF2A654A0E02DA9DE3C52D97D8A59EA4C40315C35D65B872016EB838A3DF3C971120E3E1FA6663B807648ABF4A1B5740ECBF57C36B4E816CA33342071FB26927DE60B9458668B0AA2A6FE42DB24A0A7C7FD06686471556386AC4371E21DF3E2445BC98851ED96C9B7804052763E04947D74041A540E952258339740A9CB17CE3E0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794C038D530D6EB345278D1DF867C1A4A411C0118D3E82FFA6AD80AA7780CF756D3D458AC7AA53F5F4556C58772510D76BC933886F7B88630E1C84AE71F9E628213A684AD8C2CE8BA79122C3B8E1C0743A9AE99C2CA28F4C1E538A50B0353E0FAD8349FFEDB7DB90E726D5F0DC3437B7ACFBAD8D4583915FC2C2347ACEC6B583169476EF0923380112C1CDCA23E5EC0B8F7FA4A57EC206603EEF881FD6CD591EB139BDAE9A21E6E5021CA47B66F3B106F6F266A7B9B47CD4AEC9FC5C1553C37C6A4E16F613EC1182AD195E3988ED809E287E859823B4C901D6AEC2DD1BE76DB3072BFDF655FD4F7D4C38F9CA991EB2D2B96615744E4005C98AB2DF2998394716BD2CE7E18C1436AD500BE8060385D63B5F6A1CD2D77683EAE7D217719C3D9D28E219B46AEE4AB3189921D3F4782CAF5440532453B14BF2BA42DFC3FE5E03A3A04BE2652718CE3F1A00C19307BB4039369238DEE81A1727A950D68F0A604634A0C0F6565BDC171B61E01924E30D98B4E8F37A19C29C92266EDF4FED9989631063878BF63865190EA5A0BE1B4AB3E1C1DF3A9D344EAFB258FEFBFD1670C48B7D56FE71654CE4A316100C4512848F2A15925E879821869847931CAE3B0658DBC86EBCBB5E6318176500F519C8D734D3EC289E65D951308FC8A9B79ADEA1C9B3C48BE19E5EAD90F37CE5C53F7EC31E543F95A19BEDF5292010FED321C74BDEDE2AF48465ED58BCD805C8FF508F6161B3B8723F8D169E38636B538DF8C4B69C4143540CFCD409ADE10D8A362E7FBCC8CE353C484BCDBE3A6F512617056145323E53431B5D3E6F0A6DA8BE7CB257294A02A2E75BC1B0707F74E1D23D73F17C34FA36EFA7A05AB0BCD081C816641F3BE0036C93C28F9DC15467E2F0A0C043F19D44B094F276B91FA3FF219676B32BEB197DD3CF650DE76689F7E89F987D49CC0030F893445844366ABAAF2661563346798307F56C1408B70D4F750274956E340EC565E85E6408D8407F3"
"OODEFRAG11.00.00.01WORKSTATION"="113C84402E27371134016A2BEA7A2E387CD72D17F2453A7B681F95F8F4E41155406D17D7330C386030BF3E04E29B77FA6F7B2B9AA5C9E62F7E42265C849FFB72ED8B37CD073A3630BC1A5AAF566A54A6C0BBBA41EC181C9322D9045557FBAB30E1D7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407FEBC9E127BECC74CA6A0AC4980AC7933F45A7DBF2DE5A0CC5EB9C5168A6DE81B2C05052287AA6713AB8C353BC62E78ED40E54B5BD7D1F18BB305F8D51133AC4B171BFC5D707DA0C32D508B62958C903FEC443C36C9D4C00C8B660B86109EC4A0A1176F22D4175808CF9C7E181C28492189E817994DAAF636D630ADB5855BD358BC451761832D878D28DA6F5098E598D7697A0B9DB2852081C8E2F641F1079EBD1FA791DE4DECCE190929A6D5CC9C13BC24D225324D096D7CD738DFDF58331035BFF1E1B387F3F0020F58D046809876BB9380DC9AF55035C6C39A459642E6B633DE0D6E4C0D55533397ED7B13FC1AA255D74708EC87666E950AAAEA423D9B42C37A94806AB91903AB44A39A0212559C1CD31C6514E04D3734EE3AF21359BF0A04D8D9C8A2F039AD7F7C6706AD92F1893AAF2A144E667AD0FEFCD2E78CAAB388A68360575D17A4A5D4E95BF803D30CB66BD4D018B001D49EE57C2EB7854BCFD972C76223D617BF63677AD213C332B495007321DA9E19BCA9EF81BCB42CD65DC14136CA88A1DDDF80075FD8D6058A6E385C7FE1A855228020B5DC2291FC6D19A481A4BAC2A0DCD0BC96102BAB33BF3156F72E0E31638D66D2E4A9356A4E34B68D34AA87F60D8A517A8DC6BA5F89BAEA4DE07BD4892AD227B5BD4282BAC6545B2AF0A7B82974DE95C0F501AD9E9BE3F81C35279729616E70E11646C865E17AA14C62BA8AC536D943BAF0015C7D4D2AB266AA34EDED14606215D89B7BAF71569769C54AEE1A89FA76B6B04DD473D9015CF409E82118A02B913000E9C1C0969DBD9B6E00095974493C28FCAF595CCDDE35B22C51B0C93A5608369F1CF8A84A088BA0C0473299D54D1BA631375EF78CBD6BAF063DCD8DE6EFC2D15C643058D8D26B5B3AD1F6D4DC1686EABBB40E68CA1C24A098BC61508105B2CEEDB4A824E13F3A50E59616E90FB46BD5213EC63612FE755CFDAA0460B9A9BB2023C65C4657904B2A67CB879AC53EA8E9773098CB41696EDF61A004F312F639585D1775DB031063B6F371700EACCD104DEAA5C8F989690C4A037DE5A1E086F5329164D366818ABCE858C6AFCEC5FEEACB3983D2F1EF8BC460B864DE6850F9340A49B20CCA3FD08554F051D44AE4F47254386DE2CDCE62FE09E83DD8A661F329DE204BE354033760B4305AA3543354D5F7CCCF5A07550617511132F221641CFC584A3AD8ADE39662"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-15 08:47:25
ComboFix-quarantined-files.txt 2010-02-15 07:47

Před spuštěním: 7 450 480 640
Po spuštění: 8 924 184 576

- - End Of File - - 639EBC166A52DD695C6C3B344BCCC6B1

Re: stále padající internet

Napsal: 15 úno 2010 18:41
od Rudy
Ještě dočistíme. Přesuňte ComboFix na plochu. Otrevřte poznámkový blok a zkopírujte do něj:
Collect::
c:\windows\S95634B80(9428).tmp
c:\windows\S95634B80.tmp

Driver::
Rider
Uložte na ploochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: stále padající internet

Napsal: 17 úno 2010 09:16
od Dennis
děkuji, ale ty tmp nejdou smazat :-(

ComboFix 10-02-16.02 - uzivatel 17.02.2010 8:49.3.4 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1250.420.1029.18.3566.2284 [GMT 1:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\uzivatel\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý


file zipped: c:\windows\S95634B80(9428).tmp
file zipped: c:\windows\S95634B80.tmp
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\S95634B80(9428).tmp
c:\windows\S95634B80.tmp . . . . nemohl být smazán

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Rider


((((((((((((((((((((((((( Soubory vytvořené od 2010-01-17 do 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-17 07:56 . 2010-02-17 08:01 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2010-02-17 07:56 . 2010-02-17 07:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-17 07:56 . 2010-02-17 07:56 -------- d-----w- c:\users\Desktop\AppData\Local\temp
2010-02-17 07:56 . 2010-02-17 07:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-15 08:00 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-15 08:00 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-02 08:12 . 2010-02-02 08:12 0 ----a-w- c:\windows\nsreg.dat
2010-02-02 08:12 . 2010-02-02 08:12 -------- d-----w- c:\users\uzivatel\AppData\Local\Mozilla
2010-01-18 08:03 . 2010-01-18 08:07 -------- d-----w- c:\users\uzivatel\AppData\Roaming\dvdisaster

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 07:57 . 2008-09-20 06:15 4582 ----a-w- c:\windows\bthservsdp.dat
2010-02-17 07:49 . 2007-01-08 21:12 639016 ----a-w- c:\windows\system32\perfh005.dat
2010-02-17 07:49 . 2007-01-08 21:12 135794 ----a-w- c:\windows\system32\perfc005.dat
2010-02-15 07:55 . 2008-09-08 16:41 -------- d-----w- c:\users\uzivatel\AppData\Roaming\Canon
2010-02-12 15:07 . 2009-05-18 05:34 -------- d-----w- c:\program files\trend micro
2010-02-09 07:13 . 2008-10-07 13:37 -------- d-----w- c:\program files\Google
2010-02-05 07:05 . 2008-09-10 12:55 -------- d-----w- c:\programdata\DVD Shrink
2010-01-14 10:12 . 2009-11-04 06:56 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-02 06:38 . 2010-01-22 07:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 07:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 07:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35 . 2010-02-10 07:37 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 07:37 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 07:37 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 07:37 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 07:37 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 07:37 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 07:37 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 07:37 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 07:37 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 07:37 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-11 12:07 . 2010-02-10 07:37 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 07:37 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 07:37 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 07:37 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 07:37 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 16:12 . 2010-02-10 07:37 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 07:37 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 10:31 . 2005-03-20 06:06 629536 ----a-w- c:\users\uzivatel\AppData\Local\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Google Update"="c:\users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-17 133104]
"OM2_Monitor"="p:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-11-16 2054360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2008-9-25 25214]
ESET Smart Security.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
Logo Calibration Loader.lnk - p:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2008-9-11 708608]
ProfileReminder.lnk - p:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2008-9-11 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [16.11.2009 9:03 108792]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 735960]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [16.11.2009 9:06 38240]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 Nexus Server;Nexus Server (Carbon Coder);c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [8.10.2008 12:48 692325]
R2 PDIHWCTL;PDIHWCTL;c:\windows\System32\drivers\pdihwctl.sys [11.9.2008 15:20 14416]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [3.10.2008 14:32 212992]
S2 gupdate1c990d59aaaa1c5;Google Update Service (gupdate1c990d59aaaa1c5);c:\program files\Google\Update\GoogleUpdate.exe [17.2.2009 8:59 133104]
S3 i1;i1 Pro;c:\windows\System32\drivers\i1.sys [23.9.2008 16:26 26045]
S3 i1display;i1 Display;c:\windows\System32\drivers\i1display.sys [11.9.2008 15:20 44344]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [2.4.2007 13:59 328192]
S3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\System32\drivers\WSDPrint.sys [26.9.2008 8:12 16896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 08:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 07:58]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 07:58]

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2848497818-3269473320-3972940658-1000Core.job
- c:\users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-17 07:54]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2848497818-3269473320-3972940658-1000UA.job
- c:\users\uzivatel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-17 07:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: &Download All by FlashGet - p:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - p:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - p:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\c5gcs5uc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\users\uzivatel\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: p:\program files\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 09:00
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

LVPrcSrv.exe [12708]

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\users\uzivatel\AppData\Local\Temp\lucene-2f8e8e257746c8ca85372f2593f2bd46-commit.lock 0 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864FF1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8d1ab322
\Driver\ACPI -> acpi.sys @ 0x807b9d4c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.arw"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.cr2"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.crw"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcr"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.dng"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
"Progid"="ACDSee Pro 2.5.eps"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.erf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.fff"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.j2k"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.jpc"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpe"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpeg"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.kdc"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.mef"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.mrw"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.nef"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.orf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pbm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pcd"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pef"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pgm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.ppm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.psp"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.pspimage"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.raf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.raw"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.sr2"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.srf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tga"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ZPS120.Document.thm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.tiff"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (S-1-5-21-2848497818-3269473320-3972940658-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"

[HKEY_USERS\S-1-5-21-2848497818-3269473320-3972940658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="501B14F2C1061828385CE165A24A59766B646CB7B5D99C572BC6FB9BC1C1284C7E55633199744E3D04AB694FB6075F3052893E24E325A3CAEDF97F9BF76C6DAB494952249D043687DA50083234154C25398CD4233204939C53091869A685516DB2932D853F7F8E65C7CBD9D2E4B48051D473BF2A654A0E02DA9DE3C52D97D8A59EA4C40315C35D65B872016EB838A3DF3C971120E3E1FA6663B807648ABF4A1B5740ECBF57C36B4E816CA33342071FB26927DE60B9458668B0AA2A6FE42DB24A0A7C7FD06686471556386AC4371E21DF3E2445BC98851ED96C9B7804052763E04947D74041A540E952258339740A9CB17CE3E0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933BA7FD869164D6794C038D530D6EB345278D1DF867C1A4A411C0118D3E82FFA6AD80AA7780CF756D3D458AC7AA53F5F4556C58772510D76BC933886F7B88630E1C84AE71F9E628213A684AD8C2CE8BA79122C3B8E1C0743A9AE99C2CA28F4C1E538A50B0353E0FAD8349FFEDB7DB90E726D5F0DC3437B7ACFBAD8D4583915FC2C2347ACEC6B583169476EF0923380112C1CDCA23E5EC0B8F7FA4A57EC206603EEF881FD6CD591EB139BDAE9A21E6E5021CA47B66F3B106F6F266A7B9B47CD4AEC9FC5C1553C37C6A4E16F613EC1182AD195E3988ED809E287E859823B4C901D6AEC2DD1BE76DB3072BFDF655FD4F7D4C38F9CA991EB2D2B96615744E4005C98AB2DF2998394716BD2CE7E18C1436AD500BE8060385D63B5F6A1CD2D77683EAE7D217719C3D9D28E219B46AEE4AB3189921D3F4782CAF5440532453B14BF2BA42DFC3FE5E03A3A04BE2652718CE3F1A00C19307BB4039369238DEE81A1727A950D68F0A604634A0C0F6565BDC171B61E01924E30D98B4E8F37A19C29C92266EDF4FED9989631063878BF63865190EA5A0BE1B4AB3E1C1DF3A9D344EAFB258FEFBFD1670C48B7D56FE71654CE4A316100C4512848F2A15925E879821869847931CAE3B0658DBC86EBCBB5E6318176500F519C8D734D3EC289E65D951308FC8A9B79ADEA1C9B3C48BE19E5EAD90F37CE5C53F7EC31E543F95A19BEDF5292010FED321C74BDEDE2AF48465ED58BCD805C8FF508F6161B3B8723F8D169E38636B538DF8C4B69C4143540CFCD409ADE10D8A362E7FBCC8CE353C484BCDBE3A6F512617056145323E53431B5D3E6F0A6DA8BE7CB257294A02A2E75BC1B0707F74E1D23D73F17C34FA36EFA7A05AB0BCD081C816641F3BE0036C93C28F9DC15467E2F0A0C043F19D44B094F276B91FA3FF219676B32BEB197DD3CF650DE76689F7E89F987D49CC0030F893445844366ABAAF2661563346798307F56C1408B70D4F750274956E340EC565E85E6408D8407F3"
"OODEFRAG11.00.00.01WORKSTATION"="113C84402E27371134016A2BEA7A2E387CD72D17F2453A7B681F95F8F4E41155406D17D7330C386030BF3E04E29B77FA6F7B2B9AA5C9E62F7E42265C849FFB72ED8B37CD073A3630BC1A5AAF566A54A6C0BBBA41EC181C9322D9045557FBAB30E1D7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407FEBC9E127BECC74CA6A0AC4980AC7933F45A7DBF2DE5A0CC5EB9C5168A6DE81B2C05052287AA6713AB8C353BC62E78ED40E54B5BD7D1F18BB305F8D51133AC4B171BFC5D707DA0C32D508B62958C903FEC443C36C9D4C00C8B660B86109EC4A0A1176F22D4175808CF9C7E181C28492189E817994DAAF636D630ADB5855BD358BC451761832D878D28DA6F5098E598D7697A0B9DB2852081C8E2F641F1079EBD1FA791DE4DECCE190929A6D5CC9C13BC24D225324D096D7CD738DFDF58331035BFF1E1B387F3F0020F58D046809876BB9380DC9AF55035C6C39A459642E6B633DE0D6E4C0D55533397ED7B13FC1AA255D74708EC87666E950AAAEA423D9B42C37A94806AB91903AB44A39A0212559C1CD31C6514E04D3734EE3AF21359BF0A04D8D9C8A2F039AD7F7C6706AD92F1893AAF2A144E667AD0FEFCD2E78CAAB388A68360575D17A4A5D4E95BF803D30CB66BD4D018B001D49EE57C2EB7854BCFD972C76223D617BF63677AD213C332B495007321DA9E19BCA9EF81BCB42CD65DC14136CA88A1DDDF80075FD8D6058A6E385C7FE1A855228020B5DC2291FC6D19A481A4BAC2A0DCD0BC96102BAB33BF3156F72E0E31638D66D2E4A9356A4E34B68D34AA87F60D8A517A8DC6BA5F89BAEA4DE07BD4892AD227B5BD4282BAC6545B2AF0A7B82974DE95C0F501AD9E9BE3F81C35279729616E70E11646C865E17AA14C62BA8AC536D943BAF0015C7D4D2AB266AA34EDED14606215D89B7BAF71569769C54AEE1A89FA76B6B04DD473D9015CF409E82118A02B913000E9C1C0969DBD9B6E00095974493C28FCAF595CCDDE35B22C51B0C93A5608369F1CF8A84A088BA0C0473299D54D1BA631375EF78CBD6BAF063DCD8DE6EFC2D15C643058D8D26B5B3AD1F6D4DC1686EABBB40E68CA1C24A098BC61508105B2CEEDB4A824E13F3A50E59616E90FB46BD5213EC63612FE755CFDAA0460B9A9BB2023C65C4657904B2A67CB879AC53EA8E9773098CB41696EDF61A004F312F639585D1775DB031063B6F371700EACCD104DEAA5C8F989690C4A037DE5A1E086F5329164D366818ABCE858C6AFCEC5FEEACB3983D2F1EF8BC460B864DE6850F9340A49B20CCA3FD08554F051D44AE4F47254386DE2CDCE62FE09E83DD8A661F329DE204BE354033760B4305AA3543354D5F7CCCF5A07550617511132F221641CFC584A3AD8ADE39662"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(12080)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\conime.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\DIAS\CnxDIAS.exe
c:\windows\system32\hasplms.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXKERNL.Exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Celkový čas: 2010-02-17 09:11:07 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-17 08:11
ComboFix2.txt 2010-02-15 07:47

Před spuštěním: 7 880 237 056
Po spuštění: 7 489 105 920

- - End Of File - - CEC16F0FC1ECFA5185296E461DD297BF
Nahr nˇ probŘhlo ŁspŘçnŘ

Re: stále padající internet

Napsal: 17 úno 2010 19:50
od Rudy
Stáhněte a spusťte Avenger: http://www.viry.cz/forum/viewtopic.php?f=15&t=19832 tímto sriptem:
Files to delete:
c:\windows\S95634B80.tmp
Druhý soubor byl podle CF smazán.

Re: stále padající internet

Napsal: 22 úno 2010 12:58
od Dennis
padá to stále :-(

projel jsem to AVPTool (alias Kaspersky Virus Removal Tool)

Re: stále padající internet

Napsal: 22 úno 2010 15:02
od archeo
No tak s tymto by som sa tu neukazoval, sami crack a keygen od vrchu az po spodok, sa necuduj ze to potom pada :roll:

Re: stále padající internet

Napsal: 22 úno 2010 18:44
od Rudy
Doufám, že jste vše, co AVP našel také smazal.

Re: stále padající internet

Napsal: 23 úno 2010 18:04
od Dennis
jojo všechno je smazané, ale PC stejně zlobí :-(

Re: stále padající internet

Napsal: 23 úno 2010 18:31
od Rudy
Ještě udělejte sken IcveSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 . Dejte logy Process a KernelModule.

Re: stále padající internet

Napsal: 24 úno 2010 16:16
od Dennis
nejde mi to spustit, Initialize failed[1]!

Re: stále padající internet

Napsal: 24 úno 2010 19:25
od Rudy
Mno, na Vistě to možná nepůjde. Zkuste GMER: http://www.viry.cz/forum/viewtopic.php?f=29&t=62878 a dejte oba logy.

Re: stále padající internet

Napsal: 25 úno 2010 12:47
od Dennis
jde mi jen jeden log, když dám pak sken tak mi spadne celý počítač :-(

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-25 10:46:58
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\uzivatel\AppData\Local\Temp\ugryrkob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x8343EFD3]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8343EFD3] ZwEnumerateKey [0x8343EFD3]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x8343EFD8]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8343EFD8] ZwEnumerateValueKey [0x8343EFD8]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 875741F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\fastfat \Fat 898871F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Společnost Microsoft)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----

Re: stále padající internet

Napsal: 25 úno 2010 20:09
od Rudy
Rootkit nemáte. Jaké máte připojení?
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz