VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

DoubleD

https://forum.viry.cz:443/viewtopic.php?t=97706

Stránka 1 z 2

DoubleD

Napsal: 15 úno 2010 19:21
od kretotaur
spybot našel v mem pc doubled, můžete prosím pomoci? z 11entries PUPSC se mi podařilo pomocí combofixu odstranit 9, ale 2 tam zůstaly a nejdou odstranit. pc píše po restartu, ale nestalo se tak. odstranil jsem je i z karantény esetu, ale pořád nic. jsou to tyto:
1. (SBI S9A2CEF84) Type library
HKEY_CLASSES_ROOT\TypeLib\(883DFC00-8A21-411D-956C-73A4E4B7D16F) klíč v registru
2. (SBI SOB2D5COF) Interface
HKEY_CLASSES_ROOT\Interface\(480098C6-F6AD-4C61-9B5C-2BAE228A34D1) klíč v registru

ComboFix 10-02-12.01 - kretotaur 14.02.2010 18:37:21.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1943 [GMT 1:00]
Spuštěný z: c:\users\kretotaur\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3739927416-3359866453-3552197657-1004
c:\users\kretotaur\Documents\z loha registr….reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-13 13:32 . 2010-02-13 17:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-13 13:32 . 2010-02-13 13:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\users\kretotaur\AppData\Roaming\VistaCodecs
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\program files\VistaCodecPack
2010-02-13 11:43 . 2010-02-13 11:47 -------- d-----w- c:\programdata\VistaCodecs
2010-02-10 08:42 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 08:42 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-06 10:00 . 2010-02-06 10:00 -------- d-----r- c:\program files\Skype
2010-02-05 13:29 . 2010-02-05 13:29 -------- d-----w- c:\users\kretotaur\AppData\Local\AOL
2010-02-05 13:29 . 2010-02-14 12:26 -------- d-----w- c:\program files\ICQ7.0
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\readmes
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\licenses
2010-01-31 12:46 . 2010-02-01 12:50 -------- d-----w- c:\programdata\PhotoMail
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\program files\PhotoMail Maker
2010-01-31 12:46 . 2010-02-01 13:05 -------- d-----w- c:\users\kretotaur\AppData\Local\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IncrediMail
2010-01-31 12:45 . 2010-02-01 12:55 -------- d-----w- c:\program files\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 17:35 . 2010-01-13 08:26 35275 ----a-w- c:\programdata\nvModes.dat
2010-02-14 17:09 . 2009-01-28 15:15 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Skype
2010-02-14 17:09 . 2009-03-01 10:27 -------- d-----w- c:\users\kretotaur\AppData\Roaming\ICQ
2010-02-13 17:11 . 2009-02-14 13:37 -------- d-----w- c:\programdata\Google Updater
2010-02-13 11:52 . 2009-02-07 17:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-10 14:00 . 2009-02-14 13:37 -------- d-----w- c:\program files\Google
2010-02-10 08:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-06 10:00 . 2009-01-28 15:14 -------- d-----w- c:\programdata\Skype
2010-02-06 09:45 . 2009-01-28 15:16 -------- d-----w- c:\users\kretotaur\AppData\Roaming\skypePM
2010-02-05 22:02 . 2010-01-12 22:22 -------- d-----w- c:\program files\Nimbuzz
2010-02-05 21:16 . 2009-11-11 18:41 -------- d-----w- c:\programdata\WinZip
2010-02-05 20:03 . 2009-02-27 12:01 1 ----a-w- c:\users\kretotaur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 13:29 . 2009-01-26 18:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 09:12 . 2009-12-30 20:56 -------- d-----w- c:\users\kretotaur\AppData\Roaming\translateclient
2010-02-02 14:58 . 2009-01-27 21:19 102416 ----a-w- c:\users\kretotaur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 13:05 . 2009-02-27 11:57 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-02 12:33 . 2009-07-08 22:12 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 12:33 . 2009-07-08 22:15 -------- d-----w- c:\program files\Microsoft.NET
2010-02-02 12:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-02-01 16:55 . 2009-12-30 20:52 -------- d-----w- c:\program files\Translate Client
2010-01-16 14:30 . 2009-01-30 17:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 10:12 . 2009-10-03 06:52 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 08:30 . 2009-01-26 18:36 -------- d-----w- c:\programdata\NVIDIA
2010-01-09 18:20 . 2010-01-09 18:20 557107 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\RichChat4.exe
2010-01-09 18:20 . 2010-01-09 18:20 53248 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\EmoticonOle.dll
2010-01-09 18:20 . 2010-01-09 18:20 433664 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\riched20.dll
2010-01-09 18:20 . 2010-01-09 18:20 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\GdiPlus.dll
2010-01-09 18:14 . 2010-01-09 18:14 931840 ------w- c:\programdata\Skype\Plugins\Plugins\0B3223A1A4EA4592841023160E190196\VirtualMakeover.dll
2010-01-09 16:52 . 2010-01-09 16:52 -------- d-----w- c:\program files\CCleaner
2010-01-02 06:38 . 2010-01-22 09:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 09:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 09:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 09:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 20:57 . 2009-11-22 11:53 -------- d-----w- c:\program files\Common Files\Nero
2010-01-01 20:57 . 2009-03-24 12:09 -------- d-----w- c:\program files\Nero
2010-01-01 20:56 . 2009-03-24 12:09 -------- d-----w- c:\programdata\Nero
2009-12-31 20:44 . 2009-11-21 11:01 -------- d-----w- c:\users\kretotaur\AppData\Roaming\DAEMON Tools Lite
2009-12-25 13:18 . 2009-01-29 18:52 -------- d-----w- c:\program files\Canon
2009-12-24 16:20 . 2009-03-24 12:13 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Nero
2009-12-08 20:01 . 2010-02-10 08:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 08:41 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 08:41 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 08:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-05 10:08 . 2009-01-25 22:44 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-12-05 10:08 . 2009-01-25 22:44 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-12-04 18:30 . 2010-02-10 08:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 08:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 08:41 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 08:41 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 08:41 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 08:41 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 08:41 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 08:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 08:41 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 08:41 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 08:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-21 11:03 . 2009-11-21 11:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-01-15 17:43 . 2009-01-15 17:43 1821008 ----a-w- c:\program files\instmsiw.exe
2009-01-15 17:43 . 2009-01-15 17:43 1707856 ----a-w- c:\program files\instmsia.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-02-01 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-25 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0a,c8,07,67,c9,19,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3739927416-3359866453-3552197657-1002]
"EnableNotificationsRef"=dword:00000001

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 14:49 93312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [13.2.2010 14:32 1153368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21.11.2009 12:03 691696]
S2 gupdate1c98eaa7fc6a880;Služba Google Update (gupdate1c98eaa7fc6a880);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2009 14:45 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.3.2009 12:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19.3.2009 12:48 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-02-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 16:04]

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-14 c:\windows\Tasks\User_Feed_Synchronization-{3402F9DE-7F32-421C-922D-3C5213CE615B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-14 18:45:28
ComboFix-quarantined-files.txt 2010-02-14 17:45

Před spuštěním: Volných bajtů: 243 132 407 808
Po spuštění: Volných bajtů: 243 398 295 552

- - End Of File - - A9CE6A3BF3E3FC1ED8A6C529F8EE67DB


ComboFix 10-02-12.01 - kretotaur 14.02.2010 22:25:40.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2123 [GMT 1:00]
Spuštěný z: c:\users\kretotaur\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\kretotaur\Documents\z loha registr….reg

----- BITS: Možné infikované stránky -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-14 21:29 . 2010-02-14 21:29 -------- d-----w- c:\users\kretotaur\AppData\Local\temp
2010-02-14 21:29 . 2010-02-14 21:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-14 21:29 . 2010-02-14 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-13 13:32 . 2010-02-13 17:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-13 13:32 . 2010-02-13 13:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\users\kretotaur\AppData\Roaming\VistaCodecs
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\program files\VistaCodecPack
2010-02-13 11:43 . 2010-02-13 11:47 -------- d-----w- c:\programdata\VistaCodecs
2010-02-10 08:42 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 08:42 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-06 10:00 . 2010-02-06 10:00 -------- d-----r- c:\program files\Skype
2010-02-05 13:29 . 2010-02-05 13:29 -------- d-----w- c:\users\kretotaur\AppData\Local\AOL
2010-02-05 13:29 . 2010-02-14 20:03 -------- d-----w- c:\program files\ICQ7.0
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\readmes
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\licenses
2010-01-31 12:46 . 2010-02-01 12:50 -------- d-----w- c:\programdata\PhotoMail
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\program files\PhotoMail Maker
2010-01-31 12:46 . 2010-02-01 13:05 -------- d-----w- c:\users\kretotaur\AppData\Local\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IncrediMail
2010-01-31 12:45 . 2010-02-01 12:55 -------- d-----w- c:\program files\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 21:17 . 2009-01-28 15:15 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Skype
2010-02-14 21:06 . 2010-01-13 08:26 35275 ----a-w- c:\programdata\nvModes.dat
2010-02-14 20:16 . 2009-03-01 10:27 -------- d-----w- c:\users\kretotaur\AppData\Roaming\ICQ
2010-02-14 19:20 . 2009-02-14 13:37 -------- d-----w- c:\programdata\Google Updater
2010-02-13 11:52 . 2009-02-07 17:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-10 14:00 . 2009-02-14 13:37 -------- d-----w- c:\program files\Google
2010-02-10 08:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-06 10:00 . 2009-01-28 15:14 -------- d-----w- c:\programdata\Skype
2010-02-06 09:45 . 2009-01-28 15:16 -------- d-----w- c:\users\kretotaur\AppData\Roaming\skypePM
2010-02-05 22:02 . 2010-01-12 22:22 -------- d-----w- c:\program files\Nimbuzz
2010-02-05 21:16 . 2009-11-11 18:41 -------- d-----w- c:\programdata\WinZip
2010-02-05 20:03 . 2009-02-27 12:01 1 ----a-w- c:\users\kretotaur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 13:29 . 2009-01-26 18:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 09:12 . 2009-12-30 20:56 -------- d-----w- c:\users\kretotaur\AppData\Roaming\translateclient
2010-02-02 14:58 . 2009-01-27 21:19 102416 ----a-w- c:\users\kretotaur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 13:05 . 2009-02-27 11:57 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-02 12:33 . 2009-07-08 22:12 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 12:33 . 2009-07-08 22:15 -------- d-----w- c:\program files\Microsoft.NET
2010-02-02 12:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-02-01 16:55 . 2009-12-30 20:52 -------- d-----w- c:\program files\Translate Client
2010-01-16 14:30 . 2009-01-30 17:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 10:12 . 2009-10-03 06:52 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 08:30 . 2009-01-26 18:36 -------- d-----w- c:\programdata\NVIDIA
2010-01-09 18:20 . 2010-01-09 18:20 557107 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\RichChat4.exe
2010-01-09 18:20 . 2010-01-09 18:20 53248 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\EmoticonOle.dll
2010-01-09 18:20 . 2010-01-09 18:20 433664 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\riched20.dll
2010-01-09 18:20 . 2010-01-09 18:20 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\GdiPlus.dll
2010-01-09 18:14 . 2010-01-09 18:14 931840 ------w- c:\programdata\Skype\Plugins\Plugins\0B3223A1A4EA4592841023160E190196\VirtualMakeover.dll
2010-01-09 16:52 . 2010-01-09 16:52 -------- d-----w- c:\program files\CCleaner
2010-01-02 06:38 . 2010-01-22 09:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 09:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 09:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 09:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 20:57 . 2009-11-22 11:53 -------- d-----w- c:\program files\Common Files\Nero
2010-01-01 20:57 . 2009-03-24 12:09 -------- d-----w- c:\program files\Nero
2010-01-01 20:56 . 2009-03-24 12:09 -------- d-----w- c:\programdata\Nero
2009-12-31 20:44 . 2009-11-21 11:01 -------- d-----w- c:\users\kretotaur\AppData\Roaming\DAEMON Tools Lite
2009-12-25 13:18 . 2009-01-29 18:52 -------- d-----w- c:\program files\Canon
2009-12-24 16:20 . 2009-03-24 12:13 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Nero
2009-12-08 20:01 . 2010-02-10 08:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 08:41 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 08:41 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 08:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-05 10:08 . 2009-01-25 22:44 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-12-05 10:08 . 2009-01-25 22:44 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-12-04 18:30 . 2010-02-10 08:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 08:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 08:41 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 08:41 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 08:41 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 08:41 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 08:41 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 08:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 08:41 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 08:41 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 08:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-21 11:03 . 2009-11-21 11:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-01-15 17:43 . 2009-01-15 17:43 1821008 ----a-w- c:\program files\instmsiw.exe
2009-01-15 17:43 . 2009-01-15 17:43 1707856 ----a-w- c:\program files\instmsia.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-02-01 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-25 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0a,c8,07,67,c9,19,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3739927416-3359866453-3552197657-1002]
"EnableNotificationsRef"=dword:00000001

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 14:49 93312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [13.2.2010 14:32 1153368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21.11.2009 12:03 691696]
S2 gupdate1c98eaa7fc6a880;Služba Google Update (gupdate1c98eaa7fc6a880);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2009 14:45 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.3.2009 12:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19.3.2009 12:48 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-02-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 16:04]

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-14 c:\windows\Tasks\User_Feed_Synchronization-{3402F9DE-7F32-421C-922D-3C5213CE615B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 22:29
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-14 22:31:41
ComboFix-quarantined-files.txt 2010-02-14 21:31
ComboFix2.txt 2010-02-14 17:45

Před spuštěním: Volných bajtů: 243 426 111 488
Po spuštění: Volných bajtů: 243 397 619 712

- - End Of File - - 28C36F6C8971FC6E41D2F7A7CBC003B0



ComboFix 10-02-12.01 - kretotaur 15.02.2010 12:49:53.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1959 [GMT 1:00]
Spuštěný z: c:\users\kretotaur\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\kretotaur\Documents\z loha registr….reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-15 11:56 . 2010-02-15 11:56 -------- d-----w- c:\users\kretotaur\AppData\Local\temp
2010-02-15 11:56 . 2010-02-15 11:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-15 11:56 . 2010-02-15 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-13 13:32 . 2010-02-13 17:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-13 13:32 . 2010-02-13 13:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\users\kretotaur\AppData\Roaming\VistaCodecs
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\program files\VistaCodecPack
2010-02-13 11:43 . 2010-02-13 11:47 -------- d-----w- c:\programdata\VistaCodecs
2010-02-10 08:42 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 08:42 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-06 10:00 . 2010-02-06 10:00 -------- d-----r- c:\program files\Skype
2010-02-05 13:29 . 2010-02-05 13:29 -------- d-----w- c:\users\kretotaur\AppData\Local\AOL
2010-02-05 13:29 . 2010-02-14 20:03 -------- d-----w- c:\program files\ICQ7.0
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\readmes
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\licenses
2010-01-31 12:46 . 2010-02-01 12:50 -------- d-----w- c:\programdata\PhotoMail
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\program files\PhotoMail Maker
2010-01-31 12:46 . 2010-02-01 13:05 -------- d-----w- c:\users\kretotaur\AppData\Local\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IncrediMail
2010-01-31 12:45 . 2010-02-01 12:55 -------- d-----w- c:\program files\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 11:49 . 2010-01-13 08:26 35275 ----a-w- c:\programdata\nvModes.dat
2010-02-15 10:19 . 2009-01-28 15:15 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Skype
2010-02-15 10:19 . 2009-03-01 10:27 -------- d-----w- c:\users\kretotaur\AppData\Roaming\ICQ
2010-02-14 19:20 . 2009-02-14 13:37 -------- d-----w- c:\programdata\Google Updater
2010-02-13 11:52 . 2009-02-07 17:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-10 14:00 . 2009-02-14 13:37 -------- d-----w- c:\program files\Google
2010-02-10 08:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-06 10:00 . 2009-01-28 15:14 -------- d-----w- c:\programdata\Skype
2010-02-06 09:45 . 2009-01-28 15:16 -------- d-----w- c:\users\kretotaur\AppData\Roaming\skypePM
2010-02-05 22:02 . 2010-01-12 22:22 -------- d-----w- c:\program files\Nimbuzz
2010-02-05 21:16 . 2009-11-11 18:41 -------- d-----w- c:\programdata\WinZip
2010-02-05 20:03 . 2009-02-27 12:01 1 ----a-w- c:\users\kretotaur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 13:29 . 2009-01-26 18:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 09:12 . 2009-12-30 20:56 -------- d-----w- c:\users\kretotaur\AppData\Roaming\translateclient
2010-02-02 14:58 . 2009-01-27 21:19 102416 ----a-w- c:\users\kretotaur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 13:05 . 2009-02-27 11:57 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-02 12:33 . 2009-07-08 22:12 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 12:33 . 2009-07-08 22:15 -------- d-----w- c:\program files\Microsoft.NET
2010-02-02 12:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-02-01 16:55 . 2009-12-30 20:52 -------- d-----w- c:\program files\Translate Client
2010-01-16 14:30 . 2009-01-30 17:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 10:12 . 2009-10-03 06:52 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 08:30 . 2009-01-26 18:36 -------- d-----w- c:\programdata\NVIDIA
2010-01-09 18:20 . 2010-01-09 18:20 557107 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\RichChat4.exe
2010-01-09 18:20 . 2010-01-09 18:20 53248 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\EmoticonOle.dll
2010-01-09 18:20 . 2010-01-09 18:20 433664 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\riched20.dll
2010-01-09 18:20 . 2010-01-09 18:20 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\GdiPlus.dll
2010-01-09 18:14 . 2010-01-09 18:14 931840 ------w- c:\programdata\Skype\Plugins\Plugins\0B3223A1A4EA4592841023160E190196\VirtualMakeover.dll
2010-01-09 16:52 . 2010-01-09 16:52 -------- d-----w- c:\program files\CCleaner
2010-01-02 06:38 . 2010-01-22 09:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 09:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 09:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 09:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 20:57 . 2009-11-22 11:53 -------- d-----w- c:\program files\Common Files\Nero
2010-01-01 20:57 . 2009-03-24 12:09 -------- d-----w- c:\program files\Nero
2010-01-01 20:56 . 2009-03-24 12:09 -------- d-----w- c:\programdata\Nero
2009-12-31 20:44 . 2009-11-21 11:01 -------- d-----w- c:\users\kretotaur\AppData\Roaming\DAEMON Tools Lite
2009-12-25 13:18 . 2009-01-29 18:52 -------- d-----w- c:\program files\Canon
2009-12-24 16:20 . 2009-03-24 12:13 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Nero
2009-12-08 20:01 . 2010-02-10 08:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 08:41 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 08:41 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 08:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-05 10:08 . 2009-01-25 22:44 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-12-05 10:08 . 2009-01-25 22:44 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-12-04 18:30 . 2010-02-10 08:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 08:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 08:41 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 08:41 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 08:41 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 08:41 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 08:41 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 08:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 08:41 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 08:41 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 08:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-21 11:03 . 2009-11-21 11:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-01-15 17:43 . 2009-01-15 17:43 1821008 ----a-w- c:\program files\instmsiw.exe
2009-01-15 17:43 . 2009-01-15 17:43 1707856 ----a-w- c:\program files\instmsia.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-02-01 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-25 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0a,c8,07,67,c9,19,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3739927416-3359866453-3552197657-1002]
"EnableNotificationsRef"=dword:00000001

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 14:49 93312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [13.2.2010 14:32 1153368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21.11.2009 12:03 691696]
S2 gupdate1c98eaa7fc6a880;Služba Google Update (gupdate1c98eaa7fc6a880);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2009 14:45 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.3.2009 12:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19.3.2009 12:48 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-02-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 16:04]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{3402F9DE-7F32-421C-922D-3C5213CE615B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 12:56
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-15 12:58:34
ComboFix-quarantined-files.txt 2010-02-15 11:58
ComboFix2.txt 2010-02-14 21:31
ComboFix3.txt 2010-02-14 17:45

Před spuštěním: Volných bajtů: 243 461 701 632
Po spuštění: Volných bajtů: 243 421 720 576

- - End Of File - - 612C79B741A14B4CDAA76F40B8F86902

Re: DoubleD

Napsal: 15 úno 2010 19:32
od Rudy
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Re: DoubleD

Napsal: 15 úno 2010 20:02
od kretotaur
při spuštění combofix se zobrazila tato zpráva: !!WARING!! CD-emulation drivers are running on this machine. combofix needs to temporarily disable them. neumim anglicky a google translator mi to přeložil prapodivně, tak nevim. dal jsem OK)

ComboFix 10-02-12.01 - kretotaur 15.02.2010 19:48:38.4.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1981 [GMT 1:00]
Spuštěný z: c:\users\kretotaur\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\kretotaur\Documents\z loha registr….reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-15 18:54 . 2010-02-15 18:55 -------- d-----w- c:\users\kretotaur\AppData\Local\temp
2010-02-15 18:54 . 2010-02-15 18:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-15 18:54 . 2010-02-15 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-13 13:32 . 2010-02-13 17:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-13 13:32 . 2010-02-13 13:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\users\kretotaur\AppData\Roaming\VistaCodecs
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\program files\VistaCodecPack
2010-02-13 11:43 . 2010-02-13 11:47 -------- d-----w- c:\programdata\VistaCodecs
2010-02-10 08:42 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 08:42 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-06 10:00 . 2010-02-06 10:00 -------- d-----r- c:\program files\Skype
2010-02-05 13:29 . 2010-02-05 13:29 -------- d-----w- c:\users\kretotaur\AppData\Local\AOL
2010-02-05 13:29 . 2010-02-14 20:03 -------- d-----w- c:\program files\ICQ7.0
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\readmes
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\licenses
2010-01-31 12:46 . 2010-02-01 12:50 -------- d-----w- c:\programdata\PhotoMail
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\program files\PhotoMail Maker
2010-01-31 12:46 . 2010-02-01 13:05 -------- d-----w- c:\users\kretotaur\AppData\Local\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IncrediMail
2010-01-31 12:45 . 2010-02-01 12:55 -------- d-----w- c:\program files\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 18:47 . 2010-01-13 08:26 35275 ----a-w- c:\programdata\nvModes.dat
2010-02-15 18:41 . 2009-01-28 15:15 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Skype
2010-02-15 16:32 . 2009-03-01 10:27 -------- d-----w- c:\users\kretotaur\AppData\Roaming\ICQ
2010-02-14 19:20 . 2009-02-14 13:37 -------- d-----w- c:\programdata\Google Updater
2010-02-13 11:52 . 2009-02-07 17:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-10 14:00 . 2009-02-14 13:37 -------- d-----w- c:\program files\Google
2010-02-10 08:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-06 10:00 . 2009-01-28 15:14 -------- d-----w- c:\programdata\Skype
2010-02-06 09:45 . 2009-01-28 15:16 -------- d-----w- c:\users\kretotaur\AppData\Roaming\skypePM
2010-02-05 22:02 . 2010-01-12 22:22 -------- d-----w- c:\program files\Nimbuzz
2010-02-05 21:16 . 2009-11-11 18:41 -------- d-----w- c:\programdata\WinZip
2010-02-05 20:03 . 2009-02-27 12:01 1 ----a-w- c:\users\kretotaur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 13:29 . 2009-01-26 18:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 09:12 . 2009-12-30 20:56 -------- d-----w- c:\users\kretotaur\AppData\Roaming\translateclient
2010-02-02 14:58 . 2009-01-27 21:19 102416 ----a-w- c:\users\kretotaur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 13:05 . 2009-02-27 11:57 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-02 12:33 . 2009-07-08 22:12 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 12:33 . 2009-07-08 22:15 -------- d-----w- c:\program files\Microsoft.NET
2010-02-02 12:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-02-01 16:55 . 2009-12-30 20:52 -------- d-----w- c:\program files\Translate Client
2010-01-16 14:30 . 2009-01-30 17:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 10:12 . 2009-10-03 06:52 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 08:30 . 2009-01-26 18:36 -------- d-----w- c:\programdata\NVIDIA
2010-01-09 18:20 . 2010-01-09 18:20 557107 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\RichChat4.exe
2010-01-09 18:20 . 2010-01-09 18:20 53248 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\EmoticonOle.dll
2010-01-09 18:20 . 2010-01-09 18:20 433664 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\riched20.dll
2010-01-09 18:20 . 2010-01-09 18:20 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\GdiPlus.dll
2010-01-09 18:14 . 2010-01-09 18:14 931840 ------w- c:\programdata\Skype\Plugins\Plugins\0B3223A1A4EA4592841023160E190196\VirtualMakeover.dll
2010-01-09 16:52 . 2010-01-09 16:52 -------- d-----w- c:\program files\CCleaner
2010-01-02 06:38 . 2010-01-22 09:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 09:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 09:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 09:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 20:57 . 2009-11-22 11:53 -------- d-----w- c:\program files\Common Files\Nero
2010-01-01 20:57 . 2009-03-24 12:09 -------- d-----w- c:\program files\Nero
2010-01-01 20:56 . 2009-03-24 12:09 -------- d-----w- c:\programdata\Nero
2009-12-31 20:44 . 2009-11-21 11:01 -------- d-----w- c:\users\kretotaur\AppData\Roaming\DAEMON Tools Lite
2009-12-25 13:18 . 2009-01-29 18:52 -------- d-----w- c:\program files\Canon
2009-12-24 16:20 . 2009-03-24 12:13 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Nero
2009-12-08 20:01 . 2010-02-10 08:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 08:41 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 08:41 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 08:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-05 10:08 . 2009-01-25 22:44 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-12-05 10:08 . 2009-01-25 22:44 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-12-04 18:30 . 2010-02-10 08:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 08:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 08:41 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 08:41 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 08:41 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 08:41 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 08:41 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 08:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 08:41 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 08:41 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 08:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-21 11:03 . 2009-11-21 11:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-01-15 17:43 . 2009-01-15 17:43 1821008 ----a-w- c:\program files\instmsiw.exe
2009-01-15 17:43 . 2009-01-15 17:43 1707856 ----a-w- c:\program files\instmsia.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-02-01 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-25 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0a,c8,07,67,c9,19,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3739927416-3359866453-3552197657-1002]
"EnableNotificationsRef"=dword:00000001

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 14:49 93312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [13.2.2010 14:32 1153368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21.11.2009 12:03 691696]
S2 gupdate1c98eaa7fc6a880;Služba Google Update (gupdate1c98eaa7fc6a880);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2009 14:45 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.3.2009 12:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19.3.2009 12:48 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-02-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 16:04]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{3402F9DE-7F32-421C-922D-3C5213CE615B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 19:55
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-15 19:56:47
ComboFix-quarantined-files.txt 2010-02-15 18:56
ComboFix2.txt 2010-02-15 11:58
ComboFix3.txt 2010-02-14 21:31
ComboFix4.txt 2010-02-14 17:45

Před spuštěním: Volných bajtů: 243 378 266 112
Po spuštění: Volných bajtů: 243 339 517 952

- - End Of File - - A34E39971709C3E4CAABC0585B964806

Re: DoubleD

Napsal: 15 úno 2010 21:52
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Registry::
[-HKEY_CLASSES_ROOT\TypeLib\{883DFC00-8A21-411D-956C-73A4E4B7D16F}]
[-HKEY_CLASSES_ROOT\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}]
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu Combofix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Obrázek

Re: DoubleD

Napsal: 15 úno 2010 22:10
od kretotaur
ComboFix 10-02-12.01 - kretotaur 15.02.2010 22:03:49.5.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2048 [GMT 1:00]
Spuštěný z: c:\users\kretotaur\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\kretotaur\Desktop\CFScript.txt.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\kretotaur\Documents\z loha registr….reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-15 21:07 . 2010-02-15 21:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-15 21:07 . 2010-02-15 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-15 18:56 . 2010-02-15 21:07 -------- d-----w- c:\users\kretotaur\AppData\Local\temp
2010-02-13 13:32 . 2010-02-13 17:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-13 13:32 . 2010-02-13 13:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\users\kretotaur\AppData\Roaming\VistaCodecs
2010-02-13 11:47 . 2010-02-13 11:47 -------- d-----w- c:\program files\VistaCodecPack
2010-02-13 11:43 . 2010-02-13 11:47 -------- d-----w- c:\programdata\VistaCodecs
2010-02-10 08:42 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 08:42 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-06 10:00 . 2010-02-06 10:00 -------- d-----r- c:\program files\Skype
2010-02-05 13:29 . 2010-02-05 13:29 -------- d-----w- c:\users\kretotaur\AppData\Local\AOL
2010-02-05 13:29 . 2010-02-14 20:03 -------- d-----w- c:\program files\ICQ7.0
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\readmes
2010-02-02 12:58 . 2010-02-02 12:58 -------- d-----w- c:\program files\licenses
2010-01-31 12:46 . 2010-02-01 12:50 -------- d-----w- c:\programdata\PhotoMail
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\program files\PhotoMail Maker
2010-01-31 12:46 . 2010-02-01 13:05 -------- d-----w- c:\users\kretotaur\AppData\Local\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IM
2010-01-31 12:46 . 2010-01-31 12:46 -------- d-----w- c:\programdata\IncrediMail
2010-01-31 12:45 . 2010-02-01 12:55 -------- d-----w- c:\program files\IncrediMail

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 20:21 . 2009-02-14 13:37 -------- d-----w- c:\programdata\Google Updater
2010-02-15 18:56 . 2010-01-13 08:26 35275 ----a-w- c:\programdata\nvModes.dat
2010-02-15 18:41 . 2009-01-28 15:15 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Skype
2010-02-15 16:32 . 2009-03-01 10:27 -------- d-----w- c:\users\kretotaur\AppData\Roaming\ICQ
2010-02-13 11:52 . 2009-02-07 17:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-10 14:00 . 2009-02-14 13:37 -------- d-----w- c:\program files\Google
2010-02-10 08:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-06 10:00 . 2009-01-28 15:14 -------- d-----w- c:\programdata\Skype
2010-02-06 09:45 . 2009-01-28 15:16 -------- d-----w- c:\users\kretotaur\AppData\Roaming\skypePM
2010-02-05 22:02 . 2010-01-12 22:22 -------- d-----w- c:\program files\Nimbuzz
2010-02-05 21:16 . 2009-11-11 18:41 -------- d-----w- c:\programdata\WinZip
2010-02-05 20:03 . 2009-02-27 12:01 1 ----a-w- c:\users\kretotaur\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 13:29 . 2009-01-26 18:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 09:12 . 2009-12-30 20:56 -------- d-----w- c:\users\kretotaur\AppData\Roaming\translateclient
2010-02-02 14:58 . 2009-01-27 21:19 102416 ----a-w- c:\users\kretotaur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-02 13:05 . 2009-02-27 11:57 -------- d-----w- c:\program files\OpenOffice.org 3
2010-02-02 12:33 . 2009-07-08 22:12 -------- d-----w- c:\programdata\Microsoft Help
2010-02-02 12:33 . 2009-07-08 22:15 -------- d-----w- c:\program files\Microsoft.NET
2010-02-02 12:32 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-02-01 16:55 . 2009-12-30 20:52 -------- d-----w- c:\program files\Translate Client
2010-01-16 14:30 . 2009-01-30 17:04 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 10:12 . 2009-10-03 06:52 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 08:30 . 2009-01-26 18:36 -------- d-----w- c:\programdata\NVIDIA
2010-01-09 18:20 . 2010-01-09 18:20 557107 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\RichChat4.exe
2010-01-09 18:20 . 2010-01-09 18:20 53248 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\EmoticonOle.dll
2010-01-09 18:20 . 2010-01-09 18:20 433664 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\riched20.dll
2010-01-09 18:20 . 2010-01-09 18:20 1712128 ----a-w- c:\programdata\Skype\Plugins\Plugins\F6E4F248A04D453E940CFCED80F21C48\GdiPlus.dll
2010-01-09 18:14 . 2010-01-09 18:14 931840 ------w- c:\programdata\Skype\Plugins\Plugins\0B3223A1A4EA4592841023160E190196\VirtualMakeover.dll
2010-01-09 16:52 . 2010-01-09 16:52 -------- d-----w- c:\program files\CCleaner
2010-01-02 06:38 . 2010-01-22 09:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 09:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 09:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 09:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 20:57 . 2009-11-22 11:53 -------- d-----w- c:\program files\Common Files\Nero
2010-01-01 20:57 . 2009-03-24 12:09 -------- d-----w- c:\program files\Nero
2010-01-01 20:56 . 2009-03-24 12:09 -------- d-----w- c:\programdata\Nero
2009-12-31 20:44 . 2009-11-21 11:01 -------- d-----w- c:\users\kretotaur\AppData\Roaming\DAEMON Tools Lite
2009-12-25 13:18 . 2009-01-29 18:52 -------- d-----w- c:\program files\Canon
2009-12-24 16:20 . 2009-03-24 12:13 -------- d-----w- c:\users\kretotaur\AppData\Roaming\Nero
2009-12-08 20:01 . 2010-02-10 08:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 08:41 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 08:41 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 08:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-05 10:08 . 2009-01-25 22:44 598594 ----a-w- c:\windows\system32\perfh005.dat
2009-12-05 10:08 . 2009-01-25 22:44 114786 ----a-w- c:\windows\system32\perfc005.dat
2009-12-04 18:30 . 2010-02-10 08:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 08:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 08:41 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 08:41 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 08:41 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 08:41 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 08:41 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 08:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 08:41 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 08:41 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 08:41 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-21 11:03 . 2009-11-21 11:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-01-15 17:43 . 2009-01-15 17:43 1821008 ----a-w- c:\program files\instmsiw.exe
2009-01-15 17:43 . 2009-01-15 17:43 1707856 ----a-w- c:\program files\instmsia.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-02-01 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-02-13 4915200]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2010-1-25 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0a,c8,07,67,c9,19,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3739927416-3359866453-3552197657-1002]
"EnableNotificationsRef"=dword:00000001

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14.5.2009 14:47 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 14:47 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [14.5.2009 14:49 93312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [13.2.2010 14:32 1153368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [21.11.2009 12:03 691696]
S2 gupdate1c98eaa7fc6a880;Služba Google Update (gupdate1c98eaa7fc6a880);c:\program files\Google\Update\GoogleUpdate.exe [14.2.2009 14:45 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19.3.2009 12:48 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19.3.2009 12:48 8320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-02-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-14 16:04]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 13:45]

2010-02-15 c:\windows\Tasks\User_Feed_Synchronization-{3402F9DE-7F32-421C-922D-3C5213CE615B}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 22:07
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-02-15 22:09:07
ComboFix-quarantined-files.txt 2010-02-15 21:09
ComboFix2.txt 2010-02-15 18:56
ComboFix3.txt 2010-02-15 11:58
ComboFix4.txt 2010-02-14 21:31
ComboFix5.txt 2010-02-15 21:02

Před spuštěním: Volných bajtů: 243 362 287 616
Po spuštění: Volných bajtů: 243 337 502 720

- - End Of File - - 1EEC5D3234D673FE1A79C37E39F048B6

Re: DoubleD

Napsal: 15 úno 2010 22:17
od Rudy
Log vypadá čistý.

Re: DoubleD

Napsal: 15 úno 2010 22:28
od kretotaur
ok, zkusím to tedy znovu projet spybotem. taky by mě prosím vás zajímalo, jak je to s daemon tools. je třeba ho mít při spuštění combofix odinstalovaný? a když ho poté zpátky nainstaluju a budu mít v pc i combofix (aniž bych ho spouštěl) nebude to dělat nějakou neplechu?

Re: DoubleD

Napsal: 15 úno 2010 22:33
od Rudy
1. DT je lépe odinstalovat, chová se podobně jako rootkit.
2. Spybot není zrovna nejlepší antispy, co existuje. Svou slávu má už za sebou.
3. CF odinstalujete: Start>spustit>(napsat) combofix /uninstall>OK.

Re: DoubleD

Napsal: 15 úno 2010 22:56
od kretotaur
tak s tebou bych na pivo teda šel. fakt díky moc. spybot to všechno proběhl čistě. ještě poslední otázka ( teda dnes :lol: ) čím nahradit spybot (existuje něco zdarma? př.odkaz). ještě jednou díky.

Re: DoubleD

Napsal: 16 úno 2010 10:56
od kretotaur
po včerejším řádění s combofix se ráno probudím a na modemu nesvítila kontrolka "internet" (nikdy předtím se to nestalo). nešel ani internet, ani televize. restartoval jsem tedy modem a zatím se zdá vše v pořádku. tedy až na ICQ7, které při přihlašování píše: Jejda, něco se pokazilo, opakujte akci. zkoušel jsem ho přeinstalovat, ale nic nepomáhá. nevíte prosím, v čem by mohl být problém? (skype funguje). děkuji

p.s. - ještě jsem se teď dočetl, že by měla být při startu combofix vypnutá brána firewall. nevim, jestli tomu tak bylo. rezidentní šťít esetu jsem ale vypl. :oops:

Re: DoubleD

Napsal: 16 úno 2010 12:19
od kretotaur
tak ICQ už funguje. měl jsem nastaveno "uložit heslo" a když jsem to zrušil a znovu zadal přihlašovací údaje tak se to rozjelo :D mělo mě to napadnout dřív, než jsem začal s přeinstalací, uznávám. ještě mi na Céčku zůstaly nějaké složky, patrně po combofixu, můžu z toho něco vymazat? jedná se o: SINPLACE.-TR (složka je prázdná), SWINDOWS.-Q (složka je prázdná), BOOT, PROGRAMDATA, INTEL (ve složce je INTEL CHIPSET.TXT) a nakonec soubor BOOTSECT.BAK

a ta zpráva při spuštění combofix : !!WARING!! CD-emulation drivers are running on this machine. combofix needs to temporarily disable them. dal jsem OK, nemohl jsem tímto způsobit nějaký problém? to okno, které by mělo (ohledně licence, nebo čeho-potvrzuje se "ANO") se mi vůbec nezobrazilo.

Re: DoubleD

Napsal: 16 úno 2010 19:48
od Rudy
1. CF odinstalujete Startg>spustit>(napsat)ú combofix /uninstall>OK.
2. Ta hláška CF znamená, že v PC máte nainstalován nějaký soft, který emuluje opt. mechaniky a žádá o jejich zastavení, nebo odinstalaci.

Re: DoubleD

Napsal: 16 úno 2010 19:55
od kretotaur
taky mě to napadlo. leda ten daemon tools, ale už jsem ho odinstaloval, tak nevim proč ta hláška (mám ho ale pořád ve "stažené soubory", vadí to?). combofix už je také odinstalovaný. odinstaloval jsem i spybot a stáhnul terminatora a tak mě zajímá: mám placenou verzi eset nod32. můžu při spuštěném esetu spustit i terminatora? a ma to vůbec smysl, nestačí na to vše jen eset? nebo umí terminator o něco víc? děkuji

Re: DoubleD

Napsal: 16 úno 2010 20:27
od Rudy
Na spyware je lepší ST, než vestavěný antispy Nodu. Nedoporučuji ale spouštět obě aplikace současně.

Re: DoubleD

Napsal: 16 úno 2010 21:09
od kretotaur
moc děkuju za čas a znalosti, velmi si vašich rad vážím. člověk by musel mít aspoň tři životy, aby mohl vždycky všechno nastudovat. doufám, že už vás nebudu potřebovat. mějte se hezky :D :closed: :all_coholic:
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz