Neustále mi naskakuje pozadí o varování že byl PC nakažen (modré pozadí a žlutý a bílý text).
Taky mi to vyhazuje varovnou ikonku u hodin. Nelze spusti správce úloh.
Chce to stáhnout AntiSpy Spider
Tady je log z Hijacku:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:14, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\444.0
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\portsv.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\25870.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\25870.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = file://c:/windows/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PMCS] C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe -host -clearDebug
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1256] command /c del "C:\Program Files\webHancer\Programs\readme.txt"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] C:\PROGRA~1\MICROS~2\wcescomm.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\25870.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2571] command /c del "C:\Program Files\webHancer\Programs\readme.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2231] cmd /c del "C:\Program Files\webHancer\Programs\readme.txt"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5BE6279-7EBD-4702-A1C3-D5BE028FAB97}: NameServer = 82.99.133.33,82.99.133.35
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.0.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
Díky za odpověď
Kontrola HJT - AntiSpy Spider Vyřešeno
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Kontrola HJT - AntiSpy Spider
Vítej na fóru
Nediv se že máš problém, když ti tam chybí minimálně antivir.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Po té použij ComboFix, ale před jeho použitím udělej následující kroky:
#Krok 1:
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)
- zavři program
Restartuj PC.
#Krok 2:
Po té si stáhni ResetTeaTimer.bat (viz. Poznámka) a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z SDFix
- log z ComboFix
Nediv se že máš problém, když ti tam chybí minimálně antivir.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknoutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Po té použij ComboFix, ale před jeho použitím udělej následující kroky:
#Krok 1:
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)
- zavři program
Restartuj PC.
#Krok 2:
Po té si stáhni ResetTeaTimer.bat (viz. Poznámka) a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pak si stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z SDFix
- log z ComboFix
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Kontrola HJT - AntiSpy Spider
SDFIX:
SDFix: Version 1.189
Run by Fridrichovskě on ne 08.06.2008 at 11:30
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix\SDFix
Checking Services :
Name :
MsSecurity1.209.4
Path :
C:\WINDOWS\444.0 service
MsSecurity1.209.4 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default IE Settings
Rebooting
Checking Files :
Trojan Files Found:
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\vtmp2\ktnv33.log - Deleted
C:\WINDOWS\system32\vntiho06\vntiho061083.exe - Deleted
C:\WINDOWS\x.exe - Deleted
C:\WINDOWS\y.exe - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\explorer32.exe - Deleted
C:\WINDOWS\funniest.exe - Deleted
C:\WINDOWS\funny.exe - Deleted
C:\WINDOWS\gfmnaaa.dll - Deleted
C:\WINDOWS\helpcvs.exe - Deleted
C:\WINDOWS\iedll.exe - Deleted
C:\WINDOWS\iexplorer.exe - Deleted
C:\WINDOWS\index.html - Deleted
C:\WINDOWS\inetinf.exe - Deleted
C:\WINDOWS\internet.exe - Deleted
C:\WINDOWS\loader.exe - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\msconfd.dll - Deleted
C:\WINDOWS\msspi.dll - Deleted
C:\WINDOWS\mssys.exe - Deleted
C:\WINDOWS\msupdate.exe - Deleted
C:\WINDOWS\mswsc10.dll - Deleted
C:\WINDOWS\mswsc20.dll - Deleted
C:\WINDOWS\mtwirl32.dll - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\notepad32.exe - Deleted
C:\WINDOWS\olehelp.exe - Deleted
C:\WINDOWS\qttasks.exe - Deleted
C:\WINDOWS\quicken.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted
C:\WINDOWS\rundll32.vbe - Deleted
C:\WINDOWS\searchword.dll - Deleted
C:\WINDOWS\sistem.exe - Deleted
C:\WINDOWS\svchost32.exe - Deleted
C:\WINDOWS\svcinit.exe - Deleted
C:\WINDOWS\systeem.exe - Deleted
C:\WINDOWS\systemcritical.exe - Deleted
C:\WINDOWS\system32\hljwugsf.bin - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\sft.res - Deleted
C:\WINDOWS\system32\sockins32.dll - Deleted
C:\WINDOWS\time.exe - Deleted
C:\WINDOWS\users32.exe - Deleted
C:\WINDOWS\waol.exe - Deleted
C:\WINDOWS\win32e.exe - Deleted
C:\WINDOWS\win64.exe - Deleted
C:\WINDOWS\winajbm.dll - Deleted
C:\WINDOWS\window.exe - Deleted
C:\WINDOWS\winmgnt.exe - Deleted
C:\WINDOWS\xplugin.dll - Deleted
C:\WINDOWS\xxxvideo.hta - Deleted
Could Not Remove C:\WINDOWS\accesss.exe
Could Not Remove C:\WINDOWS\astctl32.ocx
Could Not Remove C:\WINDOWS\avpcc.dll
Could Not Remove C:\WINDOWS\clrssn.exe
Could Not Remove C:\WINDOWS\cpan.dll
Could Not Remove C:\WINDOWS\ctfmon32.exe
Could Not Remove C:\WINDOWS\ctrlpan.dll
Could Not Remove C:\WINDOWS\directx32.exe
Could Not Remove C:\WINDOWS\dnsrelay.dll
Could Not Remove C:\WINDOWS\editpad.exe
Could Not Remove C:\WINDOWS\explore.exe
Could Not Remove C:\WINDOWS\explorer32.exe
Folder C:\Temp\1cb - Removed
Folder C:\Temp\vtmp2 - Removed
Folder C:\WINDOWS\system32\vntiho06 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 11:35:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:73,d5,08,57,0a,f3,c7,cf,03,19,07,f3,21,4a,1c,95,12,80,29,ab,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ab,05,f3,bb,00,2b,48,f2,67,c2,8a,fe,ad,b9,1e,ba,fd,..
"khjeh"=hex:86,5f,27,7f,40,09,c8,7d,0c,c7,1e,b0,8c,99,94,65,72,ab,e1,de,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:90,2a,bd,a1,1a,3b,3c,53,43,c6,4c,03,79,81,04,cb,7d,82,fe,56,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:aa,0d,6b,c3,9a,96,3e,25,f6,15,21,50,25,e5,4c,5c,2b,31,7e,53,bb,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c8,f9,b1,94,85,31,7b,56,af,46,e6,3e,30,be,39,80,2d,7d,be,06,96,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:48,9b,7f,c3,9d,8e,26,ed,22,03,68,5a,03,f4,12,9d,8f,a3,b6,91,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:73,d5,08,57,0a,f3,c7,cf,03,19,07,f3,21,4a,1c,95,12,80,29,ab,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ab,05,f3,bb,00,2b,48,f2,67,c2,8a,fe,ad,b9,1e,ba,fd,..
"khjeh"=hex:86,5f,27,7f,40,09,c8,7d,0c,c7,1e,b0,8c,99,94,65,72,ab,e1,de,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:90,2a,bd,a1,1a,3b,3c,53,43,c6,4c,03,79,81,04,cb,7d,82,fe,56,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:aa,0d,6b,c3,9a,96,3e,25,f6,15,21,50,25,e5,4c,5c,2b,31,7e,53,bb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c8,f9,b1,94,85,31,7b,56,af,46,e6,3e,30,be,39,80,2d,7d,be,06,96,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:48,9b,7f,c3,9d,8e,26,ed,22,03,68,5a,03,f4,12,9d,8f,a3,b6,91,da,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000009e
"TracesSuccessful"=dword:00000006
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe:*:Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PmcSettings.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PmcSettings.exe:*:Enabled:pmcsettings.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:*:Enabled:PMSManager.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\EpgSpoolerSrv.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\EpgSpoolerSrv.exe:*:Enabled:EpgSpoolerSrv.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:*:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:*:Enabled:PMC.Service.Main.exe"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Disabled:Windows Media(TM) Audio (wma)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Eidos\\Serious Sam - The Second Encounter\\Bin\\SeriousSam.exe"="C:\\Program Files\\Eidos\\Serious Sam - The Second Encounter\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\\Program Files\\Half Life 2\\root\\hl2.exe"="C:\\Program Files\\Half Life 2\\root\\hl2.exe:*:Enabled:hl2"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Roger Wilco\\roger.exe"="C:\\Program Files\\Roger Wilco\\roger.exe:*:Enabled:roger"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Disabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"="C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe:*:Enabled:Empire Earth II"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
Remaining Files :
C:\WINDOWS\x.exe Found
C:\WINDOWS\y.exe Found
C:\WINDOWS\accesss.exe Found
C:\WINDOWS\astctl32.ocx Found
C:\WINDOWS\avpcc.dll Found
C:\WINDOWS\clrssn.exe Found
C:\WINDOWS\cpan.dll Found
C:\WINDOWS\ctfmon32.exe Found
C:\WINDOWS\ctrlpan.dll Found
C:\WINDOWS\default.htm Found
C:\WINDOWS\directx32.exe Found
C:\WINDOWS\dnsrelay.dll Found
C:\WINDOWS\editpad.exe Found
C:\WINDOWS\explore.exe Found
C:\WINDOWS\explorer32.exe Found
C:\WINDOWS\funniest.exe Found
C:\WINDOWS\funny.exe Found
C:\WINDOWS\gfmnaaa.dll Found
C:\WINDOWS\helpcvs.exe Found
C:\WINDOWS\iedll.exe Found
C:\WINDOWS\iexplorer.exe Found
C:\WINDOWS\inetinf.exe Found
C:\WINDOWS\internet.exe Found
C:\WINDOWS\loader.exe Found
C:\WINDOWS\msconfd.dll Found
C:\WINDOWS\msspi.dll Found
C:\WINDOWS\mssys.exe Found
C:\WINDOWS\msupdate.exe Found
C:\WINDOWS\mswsc10.dll Found
C:\WINDOWS\mswsc20.dll Found
C:\WINDOWS\mtwirl32.dll Found
C:\WINDOWS\notepad32.exe Found
C:\WINDOWS\olehelp.exe Found
C:\WINDOWS\qttasks.exe Found
C:\WINDOWS\quicken.exe Found
C:\WINDOWS\rundll16.exe Found
C:\WINDOWS\rundll32.vbe Found
C:\WINDOWS\searchword.dll Found
C:\WINDOWS\sistem.exe Found
C:\WINDOWS\svchost32.exe Found
C:\WINDOWS\svcinit.exe Found
C:\WINDOWS\systeem.exe Found
C:\WINDOWS\systemcritical.exe Found
C:\WINDOWS\time.exe Found
C:\WINDOWS\users32.exe Found
C:\WINDOWS\waol.exe Found
C:\WINDOWS\win32e.exe Found
C:\WINDOWS\win64.exe Found
C:\WINDOWS\winajbm.dll Found
C:\WINDOWS\window.exe Found
C:\WINDOWS\winmgnt.exe Found
C:\WINDOWS\xplugin.dll Found
C:\WINDOWS\xxxvideo.hta Found
File Backups: - C:\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 30 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 23 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 13 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\06ab16452633f247931c97dd4afe1e93\BIT2.tmp"
Mon 6 Aug 2007 444 ...HR --- "C:\Documents and Settings\Fridrichovskě\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Finished!
**************************************************************************************************************************************
A Combo:
ComboFix 08-06-07.3 - Fridrichovský 2008-06-08 11:49:44.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.648 [GMT 2:00]
Running from: C:\Documents and Settings\Fridrichovský\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Fridrichovský\Data aplikací\inst.exe
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\@KeyLogger Home v2.0b.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\@KeyLogger Home v2.0b.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\25870.exe
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\alcohol.120.1.9.5.3105.trial.patch-tsrh.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\alcohol.120.1.9.5.3105.trial.patch-tsrh.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\CloneCD.V4.0.0.0.Build14.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\CloneCD.V4.0.0.0.Build14.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Crysis.GENERIC_KEYGEN-FFF.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Crysis.GENERIC_KEYGEN-FFF.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Norton Internet Security Suite 2007keygen.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Norton Internet Security Suite 2007keygen.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Propellerheads.Reason v2.0.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Propellerheads.Reason v2.0.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\s
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\The.Lord.Of.The.Rings.The.Battle.For.Middle-Earth.II.BETA KEYGEN-FFF.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\The.Lord.Of.The.Rings.The.Battle.For.Middle-Earth.II.BETA KEYGEN-FFF.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\TomTom 3 Navigator by Digerati.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\TomTom 3 Navigator by Digerati.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\TuneUp Utilities 2003 3.0.1006 by TSRh.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\TuneUp Utilities 2003 3.0.1006 by TSRh.zip
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-08 11:21 . 2008-06-08 11:21 <DIR> d-------- C:\SDFix
2008-06-07 23:01 . 2008-06-07 23:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-07 22:17 . 2008-06-07 22:17 105 --a------ C:\WINDOWS\wininit.ini
2008-06-07 21:20 . 2008-06-08 11:47 <DIR> d-------- C:\WINDOWS\system32\3512
2008-06-07 21:20 . 2008-06-07 21:20 55,808 --a------ C:\WINDOWS\portsv.exe
2008-06-07 20:20 . 2008-06-07 20:20 <DIR> d-------- C:\WINDOWS\system32\zabD
2008-06-07 20:20 . 2008-06-07 20:20 <DIR> d-------- C:\WINDOWS\system32\izo
2008-06-07 20:20 . 2008-06-08 11:35 <DIR> d-------- C:\Temp
2008-06-07 20:20 . 2008-06-07 20:20 <DIR> dr------- C:\Documents and Settings\NetworkService\Oblíbené položky
2008-06-07 20:20 . 2008-06-07 20:20 87,511 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-07 20:20 . 2008-06-07 20:20 67,179 --a------ C:\Temp\prev2dx.exe
2008-06-07 20:20 . 2008-06-07 20:20 49,158 --a------ C:\WINDOWS\444.0
2008-05-29 19:33 . 2008-05-29 19:33 <DIR> d-------- C:\Documents and Settings\Fridrichovský\Data aplikací\Sierra
2008-05-29 18:35 . 2008-05-29 18:35 <DIR> d-------- C:\Program Files\Sierra
2008-05-22 22:20 . 2008-05-22 22:32 <DIR> d-------- C:\Documents and Settings\Fridrichovský\Data aplikací\MoyeaFLV2Video
2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Pacient
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:46 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-06-07 19:48 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\uTorrent
2008-06-07 17:59 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\Hamachi
2008-06-07 14:34 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\OpenOffice.org2
2008-05-29 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 16:33 --------- d-----w C:\Program Files\Electronic Arts
2008-05-27 14:13 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\Vso
2008-05-06 15:51 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-05-05 16:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-04-25 10:23 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-04-24 20:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-23 11:47 --------- d-----w C:\Program Files\DAP
2008-04-23 11:38 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-04-23 11:38 --------- d-----w C:\Program Files\Google
2008-03-05 22:20 47,360 ----a-w C:\Documents and Settings\Fridrichovský\Data aplikací\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2006-06-26 22:09 1211176]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2004-09-29 08:39 24576]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2004-09-23 18:56 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-04-23 13:38 3053056]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-04-23 13:40 2729584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\Fridrichovskě\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PmcSettings.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\EpgSpoolerSrv.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Roger Wilco\\roger.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service []
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-04-23 13:40]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-04-23 13:40]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 12:14]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\EE2AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 09:46:58 C:\WINDOWS\Tasks\SpeedOptimizer Startup.job"
- c:\progra~1\speedo~1\SPO.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 11:52:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-06-08 11:53:50
ComboFix-quarantined-files.txt 2008-06-08 09:53:45
Adresářů: 14, Volných bajtů: 10,960,101,376
Adresářů: 18, Volných bajtů: 10,975,514,624
239 --- E O F --- 2007-07-13 10:27:14
**************************************************************************************************************************************
Stále přetrvává problém se zakázaným správcem úloh.
Díky za pomoc
SDFix: Version 1.189
Run by Fridrichovskě on ne 08.06.2008 at 11:30
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix\SDFix
Checking Services :
Name :
MsSecurity1.209.4
Path :
C:\WINDOWS\444.0 service
MsSecurity1.209.4 - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default IE Settings
Rebooting
Checking Files :
Trojan Files Found:
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\vtmp2\ktnv33.log - Deleted
C:\WINDOWS\system32\vntiho06\vntiho061083.exe - Deleted
C:\WINDOWS\x.exe - Deleted
C:\WINDOWS\y.exe - Deleted
C:\WINDOWS\mrofinu1000106.exe - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\explorer32.exe - Deleted
C:\WINDOWS\funniest.exe - Deleted
C:\WINDOWS\funny.exe - Deleted
C:\WINDOWS\gfmnaaa.dll - Deleted
C:\WINDOWS\helpcvs.exe - Deleted
C:\WINDOWS\iedll.exe - Deleted
C:\WINDOWS\iexplorer.exe - Deleted
C:\WINDOWS\index.html - Deleted
C:\WINDOWS\inetinf.exe - Deleted
C:\WINDOWS\internet.exe - Deleted
C:\WINDOWS\loader.exe - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\msconfd.dll - Deleted
C:\WINDOWS\msspi.dll - Deleted
C:\WINDOWS\mssys.exe - Deleted
C:\WINDOWS\msupdate.exe - Deleted
C:\WINDOWS\mswsc10.dll - Deleted
C:\WINDOWS\mswsc20.dll - Deleted
C:\WINDOWS\mtwirl32.dll - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\notepad32.exe - Deleted
C:\WINDOWS\olehelp.exe - Deleted
C:\WINDOWS\qttasks.exe - Deleted
C:\WINDOWS\quicken.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted
C:\WINDOWS\rundll32.vbe - Deleted
C:\WINDOWS\searchword.dll - Deleted
C:\WINDOWS\sistem.exe - Deleted
C:\WINDOWS\svchost32.exe - Deleted
C:\WINDOWS\svcinit.exe - Deleted
C:\WINDOWS\systeem.exe - Deleted
C:\WINDOWS\systemcritical.exe - Deleted
C:\WINDOWS\system32\hljwugsf.bin - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\sft.res - Deleted
C:\WINDOWS\system32\sockins32.dll - Deleted
C:\WINDOWS\time.exe - Deleted
C:\WINDOWS\users32.exe - Deleted
C:\WINDOWS\waol.exe - Deleted
C:\WINDOWS\win32e.exe - Deleted
C:\WINDOWS\win64.exe - Deleted
C:\WINDOWS\winajbm.dll - Deleted
C:\WINDOWS\window.exe - Deleted
C:\WINDOWS\winmgnt.exe - Deleted
C:\WINDOWS\xplugin.dll - Deleted
C:\WINDOWS\xxxvideo.hta - Deleted
Could Not Remove C:\WINDOWS\accesss.exe
Could Not Remove C:\WINDOWS\astctl32.ocx
Could Not Remove C:\WINDOWS\avpcc.dll
Could Not Remove C:\WINDOWS\clrssn.exe
Could Not Remove C:\WINDOWS\cpan.dll
Could Not Remove C:\WINDOWS\ctfmon32.exe
Could Not Remove C:\WINDOWS\ctrlpan.dll
Could Not Remove C:\WINDOWS\directx32.exe
Could Not Remove C:\WINDOWS\dnsrelay.dll
Could Not Remove C:\WINDOWS\editpad.exe
Could Not Remove C:\WINDOWS\explore.exe
Could Not Remove C:\WINDOWS\explorer32.exe
Folder C:\Temp\1cb - Removed
Folder C:\Temp\vtmp2 - Removed
Folder C:\WINDOWS\system32\vntiho06 - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 11:35:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:73,d5,08,57,0a,f3,c7,cf,03,19,07,f3,21,4a,1c,95,12,80,29,ab,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ab,05,f3,bb,00,2b,48,f2,67,c2,8a,fe,ad,b9,1e,ba,fd,..
"khjeh"=hex:86,5f,27,7f,40,09,c8,7d,0c,c7,1e,b0,8c,99,94,65,72,ab,e1,de,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:90,2a,bd,a1,1a,3b,3c,53,43,c6,4c,03,79,81,04,cb,7d,82,fe,56,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:aa,0d,6b,c3,9a,96,3e,25,f6,15,21,50,25,e5,4c,5c,2b,31,7e,53,bb,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c8,f9,b1,94,85,31,7b,56,af,46,e6,3e,30,be,39,80,2d,7d,be,06,96,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:48,9b,7f,c3,9d,8e,26,ed,22,03,68,5a,03,f4,12,9d,8f,a3,b6,91,da,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:73,d5,08,57,0a,f3,c7,cf,03,19,07,f3,21,4a,1c,95,12,80,29,ab,cd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ab,05,f3,bb,00,2b,48,f2,67,c2,8a,fe,ad,b9,1e,ba,fd,..
"khjeh"=hex:86,5f,27,7f,40,09,c8,7d,0c,c7,1e,b0,8c,99,94,65,72,ab,e1,de,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:90,2a,bd,a1,1a,3b,3c,53,43,c6,4c,03,79,81,04,cb,7d,82,fe,56,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:aa,0d,6b,c3,9a,96,3e,25,f6,15,21,50,25,e5,4c,5c,2b,31,7e,53,bb,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:c8,f9,b1,94,85,31,7b,56,af,46,e6,3e,30,be,39,80,2d,7d,be,06,96,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:48,9b,7f,c3,9d,8e,26,ed,22,03,68,5a,03,f4,12,9d,8f,a3,b6,91,da,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000009e
"TracesSuccessful"=dword:00000006
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe:*:Enabled:Pmc.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\PmcSettings.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PmcSettings.exe:*:Enabled:pmcsettings.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:*:Enabled:PMSManager.exe"
"C:\\Program Files\\Pinnacle\\MediaCenter\\EpgSpoolerSrv.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\EpgSpoolerSrv.exe:*:Enabled:EpgSpoolerSrv.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:*:Enabled:PMSInstallInit.exe"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:*:Enabled:PMC.Service.Main.exe"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Disabled:Windows Media(TM) Audio (wma)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"="C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\\Program Files\\Eidos\\Serious Sam - The Second Encounter\\Bin\\SeriousSam.exe"="C:\\Program Files\\Eidos\\Serious Sam - The Second Encounter\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\\Program Files\\Half Life 2\\root\\hl2.exe"="C:\\Program Files\\Half Life 2\\root\\hl2.exe:*:Enabled:hl2"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Roger Wilco\\roger.exe"="C:\\Program Files\\Roger Wilco\\roger.exe:*:Enabled:roger"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Disabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"="C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe:*:Enabled:Empire Earth II"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
Remaining Files :
C:\WINDOWS\x.exe Found
C:\WINDOWS\y.exe Found
C:\WINDOWS\accesss.exe Found
C:\WINDOWS\astctl32.ocx Found
C:\WINDOWS\avpcc.dll Found
C:\WINDOWS\clrssn.exe Found
C:\WINDOWS\cpan.dll Found
C:\WINDOWS\ctfmon32.exe Found
C:\WINDOWS\ctrlpan.dll Found
C:\WINDOWS\default.htm Found
C:\WINDOWS\directx32.exe Found
C:\WINDOWS\dnsrelay.dll Found
C:\WINDOWS\editpad.exe Found
C:\WINDOWS\explore.exe Found
C:\WINDOWS\explorer32.exe Found
C:\WINDOWS\funniest.exe Found
C:\WINDOWS\funny.exe Found
C:\WINDOWS\gfmnaaa.dll Found
C:\WINDOWS\helpcvs.exe Found
C:\WINDOWS\iedll.exe Found
C:\WINDOWS\iexplorer.exe Found
C:\WINDOWS\inetinf.exe Found
C:\WINDOWS\internet.exe Found
C:\WINDOWS\loader.exe Found
C:\WINDOWS\msconfd.dll Found
C:\WINDOWS\msspi.dll Found
C:\WINDOWS\mssys.exe Found
C:\WINDOWS\msupdate.exe Found
C:\WINDOWS\mswsc10.dll Found
C:\WINDOWS\mswsc20.dll Found
C:\WINDOWS\mtwirl32.dll Found
C:\WINDOWS\notepad32.exe Found
C:\WINDOWS\olehelp.exe Found
C:\WINDOWS\qttasks.exe Found
C:\WINDOWS\quicken.exe Found
C:\WINDOWS\rundll16.exe Found
C:\WINDOWS\rundll32.vbe Found
C:\WINDOWS\searchword.dll Found
C:\WINDOWS\sistem.exe Found
C:\WINDOWS\svchost32.exe Found
C:\WINDOWS\svcinit.exe Found
C:\WINDOWS\systeem.exe Found
C:\WINDOWS\systemcritical.exe Found
C:\WINDOWS\time.exe Found
C:\WINDOWS\users32.exe Found
C:\WINDOWS\waol.exe Found
C:\WINDOWS\win32e.exe Found
C:\WINDOWS\win64.exe Found
C:\WINDOWS\winajbm.dll Found
C:\WINDOWS\window.exe Found
C:\WINDOWS\winmgnt.exe Found
C:\WINDOWS\xplugin.dll Found
C:\WINDOWS\xxxvideo.hta Found
File Backups: - C:\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 30 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 23 Apr 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 13 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\06ab16452633f247931c97dd4afe1e93\BIT2.tmp"
Mon 6 Aug 2007 444 ...HR --- "C:\Documents and Settings\Fridrichovskě\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"
Finished!
**************************************************************************************************************************************
A Combo:
ComboFix 08-06-07.3 - Fridrichovský 2008-06-08 11:49:44.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.648 [GMT 2:00]
Running from: C:\Documents and Settings\Fridrichovský\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Fridrichovský\Data aplikací\inst.exe
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\@KeyLogger Home v2.0b.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\@KeyLogger Home v2.0b.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\25870.exe
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\alcohol.120.1.9.5.3105.trial.patch-tsrh.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\alcohol.120.1.9.5.3105.trial.patch-tsrh.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\CloneCD.V4.0.0.0.Build14.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\CloneCD.V4.0.0.0.Build14.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Crysis.GENERIC_KEYGEN-FFF.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Crysis.GENERIC_KEYGEN-FFF.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Norton Internet Security Suite 2007keygen.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Norton Internet Security Suite 2007keygen.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Propellerheads.Reason v2.0.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\Propellerheads.Reason v2.0.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\s
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\The.Lord.Of.The.Rings.The.Battle.For.Middle-Earth.II.BETA KEYGEN-FFF.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\The.Lord.Of.The.Rings.The.Battle.For.Middle-Earth.II.BETA KEYGEN-FFF.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\TomTom 3 Navigator by Digerati.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\TomTom 3 Navigator by Digerati.zip
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\TuneUp Utilities 2003 3.0.1006 by TSRh.torrent
C:\Documents and Settings\Fridrichovský\Data aplikací\Microsoft\dtsc\TuneUp Utilities 2003 3.0.1006 by TSRh.zip
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-08 11:21 . 2008-06-08 11:21 <DIR> d-------- C:\SDFix
2008-06-07 23:01 . 2008-06-07 23:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-07 22:17 . 2008-06-07 22:17 105 --a------ C:\WINDOWS\wininit.ini
2008-06-07 21:20 . 2008-06-08 11:47 <DIR> d-------- C:\WINDOWS\system32\3512
2008-06-07 21:20 . 2008-06-07 21:20 55,808 --a------ C:\WINDOWS\portsv.exe
2008-06-07 20:20 . 2008-06-07 20:20 <DIR> d-------- C:\WINDOWS\system32\zabD
2008-06-07 20:20 . 2008-06-07 20:20 <DIR> d-------- C:\WINDOWS\system32\izo
2008-06-07 20:20 . 2008-06-08 11:35 <DIR> d-------- C:\Temp
2008-06-07 20:20 . 2008-06-07 20:20 <DIR> dr------- C:\Documents and Settings\NetworkService\Oblíbené položky
2008-06-07 20:20 . 2008-06-07 20:20 87,511 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-07 20:20 . 2008-06-07 20:20 67,179 --a------ C:\Temp\prev2dx.exe
2008-06-07 20:20 . 2008-06-07 20:20 49,158 --a------ C:\WINDOWS\444.0
2008-05-29 19:33 . 2008-05-29 19:33 <DIR> d-------- C:\Documents and Settings\Fridrichovský\Data aplikací\Sierra
2008-05-29 18:35 . 2008-05-29 18:35 <DIR> d-------- C:\Program Files\Sierra
2008-05-22 22:20 . 2008-05-22 22:32 <DIR> d-------- C:\Documents and Settings\Fridrichovský\Data aplikací\MoyeaFLV2Video
2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Pacient
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 09:46 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-06-07 19:48 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\uTorrent
2008-06-07 17:59 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\Hamachi
2008-06-07 14:34 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\OpenOffice.org2
2008-05-29 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 16:33 --------- d-----w C:\Program Files\Electronic Arts
2008-05-27 14:13 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\Vso
2008-05-06 15:51 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-05-05 16:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-04-25 10:23 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-04-24 20:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-23 11:47 --------- d-----w C:\Program Files\DAP
2008-04-23 11:38 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-04-23 11:38 --------- d-----w C:\Program Files\Google
2008-03-05 22:20 47,360 ----a-w C:\Documents and Settings\Fridrichovský\Data aplikací\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2006-06-26 22:09 1211176]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2004-09-29 08:39 24576]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2004-09-23 18:56 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-04-23 13:38 3053056]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-04-23 13:40 2729584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\Fridrichovskě\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PmcSettings.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\EpgSpoolerSrv.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Roger Wilco\\roger.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service []
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-04-23 13:40]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-04-23 13:40]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 12:14]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\EE2AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 09:46:58 C:\WINDOWS\Tasks\SpeedOptimizer Startup.job"
- c:\progra~1\speedo~1\SPO.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 11:52:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-06-08 11:53:50
ComboFix-quarantined-files.txt 2008-06-08 09:53:45
Adresářů: 14, Volných bajtů: 10,960,101,376
Adresářů: 18, Volných bajtů: 10,975,514,624
239 --- E O F --- 2007-07-13 10:27:14
**************************************************************************************************************************************
Stále přetrvává problém se zakázaným správcem úloh.
Díky za pomoc
Re: Kontrola HJT - AntiSpy Spider
Už i ten správce úloh jede. Upravil jsem to v registrech.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Kontrola HJT - AntiSpy Spider
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
+
Na ploše se ti vytvoří soubor Submit(Datum+Čas).zip, vlož ho jako přílohu ke svému dalšímu příspěvku.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj
V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z ComboFix + přílohu
- log ze SUPERAntiSpyware
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
C:\WINDOWS\system32\iftuyszv.exe
C:\Temp\prev2dx.exe
C:\WINDOWS\444.0
DirLook::
C:\Temp
C:\WINDOWS\system32\3512
C:\WINDOWS\system32\zabD
C:\WINDOWS\system32\izo
Suspect::
C:\WINDOWS\portsv.exeZvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
+
Na ploše se ti vytvoří soubor Submit(Datum+Čas).zip, vlož ho jako přílohu ke svému dalšímu příspěvku.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj
V následujícím příspěvku sem vlož tyto logy/výsledky:
- log z ComboFix + přílohu
- log ze SUPERAntiSpyware
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Kontrola HJT - AntiSpy Spider
Ty soubory z toho HJT uz tam nebyly, tak jsem ten krok přeskočíl.
ComboFix mi vytvořil pouze log, ale žádný submit...
SuperAntiSpywarem to projíždím teď, takže log hodím později.
Tady je log z ComboFixu:
ComboFix 08-06-07.3 - Fridrichovský 2008-06-08 20:47:53.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.643 [GMT 2:00]
Running from: C:\Documents and Settings\Fridrichovský\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fridrichovský\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Temp\prev2dx.exe
C:\WINDOWS\444.0
C:\WINDOWS\system32\iftuyszv.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\444.0
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.
2008-06-08 12:23 . 2008-06-08 18:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-08 12:18 . 2008-06-08 12:21 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-08 12:18 . 2008-06-08 12:18 <DIR> d-------- C:\Program Files\AVG
2008-06-08 12:18 . 2008-06-08 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\avg8
2008-06-08 12:18 . 2008-06-08 12:18 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-08 12:18 . 2008-06-08 12:18 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-08 12:18 . 2008-06-08 12:18 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-08 11:55 . 2008-06-08 14:07 <DIR> d-------- C:\WINDOWS\system32\3131
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-08 11:21 . 2008-06-08 11:21 <DIR> d-------- C:\SDFix
2008-06-07 23:01 . 2008-06-07 23:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-07 22:17 . 2008-06-07 22:17 105 --a------ C:\WINDOWS\wininit.ini
2008-06-07 21:20 . 2008-06-08 11:47 <DIR> d-------- C:\WINDOWS\system32\3512
2008-06-07 20:20 . 2008-06-08 13:18 <DIR> d-------- C:\WINDOWS\system32\zabD
2008-06-07 20:20 . 2008-06-08 13:16 <DIR> d-------- C:\WINDOWS\system32\izo
2008-06-07 20:20 . 2008-06-08 13:20 <DIR> d-------- C:\Temp
2008-06-07 20:20 . 2008-06-07 20:20 <DIR> dr------- C:\Documents and Settings\NetworkService\Oblíbené položky
2008-05-29 19:33 . 2008-05-29 19:33 <DIR> d-------- C:\Documents and Settings\Fridrichovský\Data aplikací\Sierra
2008-05-29 18:35 . 2008-05-29 18:35 <DIR> d-------- C:\Program Files\Sierra
2008-05-22 22:20 . 2008-05-22 22:32 <DIR> d-------- C:\Documents and Settings\Fridrichovský\Data aplikací\MoyeaFLV2Video
2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Pacient
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 16:17 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\uTorrent
2008-06-08 13:58 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\Hamachi
2008-06-08 12:37 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-06-08 10:40 --------- d-----w C:\Program Files\DAEMON Tools
2008-06-07 14:34 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\OpenOffice.org2
2008-05-29 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 16:33 --------- d-----w C:\Program Files\Electronic Arts
2008-05-27 14:13 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\Vso
2008-05-06 15:51 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-05-05 16:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-04-25 10:23 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-04-24 20:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-23 11:47 --------- d-----w C:\Program Files\DAP
2008-04-23 11:38 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-04-23 11:38 --------- d-----w C:\Program Files\Google
2008-03-05 22:20 47,360 ----a-w C:\Documents and Settings\Fridrichovský\Data aplikací\pcouffin.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Temp ----
2008-06-08 15:58 359 --a------ C:\Temp\log.txt
---- Directory of C:\WINDOWS\system32\3512 ----
2008-06-08 11:47 476 -r-hs---- C:\WINDOWS\system32\3512\~!16479p.spt
---- Directory of C:\WINDOWS\system32\izo ----
---- Directory of C:\WINDOWS\system32\zabD ----
((((((((((((((((((((((((((((( snapshot@2008-06-08_11.53.37,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:46:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 12:36:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 10:18:19 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-06-08 12:36:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_118.dat
+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2006-06-26 22:09 1211176]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2004-09-29 08:39 24576]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2004-09-23 18:56 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-04-23 13:38 3053056]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-04-23 13:40 2729584]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-08 12:18 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\Fridrichovskě\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PmcSettings.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\EpgSpoolerSrv.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Roger Wilco\\roger.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-08 12:18]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-08 12:18]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-08 12:18]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-08 12:18]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-04-23 13:40]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-04-23 13:40]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 12:14]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\EE2AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 12:36:40 C:\WINDOWS\Tasks\SpeedOptimizer Startup.job"
- c:\progra~1\speedo~1\SPO.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 20:50:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-06-08 20:52:51
ComboFix-quarantined-files.txt 2008-06-08 18:52:22
ComboFix2.txt 2008-06-08 09:53:51
Adresářů: 14, Volných bajtů: 10,841,792,512
Adresářů: 19, Volných bajtů: 10,827,747,328
236 --- E O F --- 2007-07-13 10:27:14
ComboFix mi vytvořil pouze log, ale žádný submit...
SuperAntiSpywarem to projíždím teď, takže log hodím později.
Tady je log z ComboFixu:
ComboFix 08-06-07.3 - Fridrichovský 2008-06-08 20:47:53.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.643 [GMT 2:00]
Running from: C:\Documents and Settings\Fridrichovský\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fridrichovský\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Temp\prev2dx.exe
C:\WINDOWS\444.0
C:\WINDOWS\system32\iftuyszv.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\444.0
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.
2008-06-08 12:23 . 2008-06-08 18:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-08 12:18 . 2008-06-08 12:21 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-08 12:18 . 2008-06-08 12:18 <DIR> d-------- C:\Program Files\AVG
2008-06-08 12:18 . 2008-06-08 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\avg8
2008-06-08 12:18 . 2008-06-08 12:18 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-08 12:18 . 2008-06-08 12:18 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-08 12:18 . 2008-06-08 12:18 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-08 11:55 . 2008-06-08 14:07 <DIR> d-------- C:\WINDOWS\system32\3131
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-08 11:21 . 2008-06-08 11:21 <DIR> d-------- C:\SDFix
2008-06-07 23:01 . 2008-06-07 23:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-07 22:17 . 2008-06-07 22:17 105 --a------ C:\WINDOWS\wininit.ini
2008-06-07 21:20 . 2008-06-08 11:47 <DIR> d-------- C:\WINDOWS\system32\3512
2008-06-07 20:20 . 2008-06-08 13:18 <DIR> d-------- C:\WINDOWS\system32\zabD
2008-06-07 20:20 . 2008-06-08 13:16 <DIR> d-------- C:\WINDOWS\system32\izo
2008-06-07 20:20 . 2008-06-08 13:20 <DIR> d-------- C:\Temp
2008-06-07 20:20 . 2008-06-07 20:20 <DIR> dr------- C:\Documents and Settings\NetworkService\Oblíbené položky
2008-05-29 19:33 . 2008-05-29 19:33 <DIR> d-------- C:\Documents and Settings\Fridrichovský\Data aplikací\Sierra
2008-05-29 18:35 . 2008-05-29 18:35 <DIR> d-------- C:\Program Files\Sierra
2008-05-22 22:20 . 2008-05-22 22:32 <DIR> d-------- C:\Documents and Settings\Fridrichovský\Data aplikací\MoyeaFLV2Video
2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Pacient
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 16:17 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\uTorrent
2008-06-08 13:58 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\Hamachi
2008-06-08 12:37 --------- d---a-w C:\Documents and Settings\All Users\Data aplikací\TEMP
2008-06-08 10:40 --------- d-----w C:\Program Files\DAEMON Tools
2008-06-07 14:34 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\OpenOffice.org2
2008-05-29 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 16:33 --------- d-----w C:\Program Files\Electronic Arts
2008-05-27 14:13 --------- d-----w C:\Documents and Settings\Fridrichovský\Data aplikací\Vso
2008-05-06 15:51 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-05-05 16:35 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-04-25 10:23 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-04-24 20:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-23 11:47 --------- d-----w C:\Program Files\DAP
2008-04-23 11:38 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-04-23 11:38 --------- d-----w C:\Program Files\Google
2008-03-05 22:20 47,360 ----a-w C:\Documents and Settings\Fridrichovský\Data aplikací\pcouffin.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Temp ----
2008-06-08 15:58 359 --a------ C:\Temp\log.txt
---- Directory of C:\WINDOWS\system32\3512 ----
2008-06-08 11:47 476 -r-hs---- C:\WINDOWS\system32\3512\~!16479p.spt
---- Directory of C:\WINDOWS\system32\izo ----
---- Directory of C:\WINDOWS\system32\zabD ----
((((((((((((((((((((((((((((( snapshot@2008-06-08_11.53.37,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:46:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 12:36:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-08 10:18:19 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-06-08 12:36:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_118.dat
+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2006-06-26 22:09 1211176]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2004-09-29 08:39 24576]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2004-09-23 18:56 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-04-23 13:38 3053056]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-04-23 13:40 2729584]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-08 12:18 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
C:\Documents and Settings\Fridrichovskě\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PmcSettings.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\EpgSpoolerSrv.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Roger Wilco\\roger.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-08 12:18]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-08 12:18]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-08 12:18]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-08 12:18]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-04-23 13:40]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-04-23 13:40]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 12:14]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 PlugPlayRPC;Plug and Play (RPC);C:\WINDOWS\portsv.exe service []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\EE2AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-08 12:36:40 C:\WINDOWS\Tasks\SpeedOptimizer Startup.job"
- c:\progra~1\speedo~1\SPO.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 20:50:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-06-08 20:52:51
ComboFix-quarantined-files.txt 2008-06-08 18:52:22
ComboFix2.txt 2008-06-08 09:53:51
Adresářů: 14, Volných bajtů: 10,841,792,512
Adresářů: 19, Volných bajtů: 10,827,747,328
236 --- E O F --- 2007-07-13 10:27:14
Re: Kontrola HJT - AntiSpy Spider
A tady je log z SUPERAntiSpyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/08/2008 at 09:43 PM
Application Version : 4.15.1000
Core Rules Database Version : 3477
Trace Rules Database Version: 1468
Scan type : Complete Scan
Total Scan Time : 00:29:22
Memory items scanned : 402
Memory threats detected : 0
Registry items scanned : 5419
Registry threats detected : 0
File items scanned : 15043
File threats detected : 533
Adware.Tracking Cookie
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.allrealityxxxpass[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.wz[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@anime[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.fantasypromotion[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@chokertraffic[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@partygaming.122.2o7[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@indextools[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xren_cj[8].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi-bin[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@dtr[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.us.e-planning[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.cartoonsexx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi-bin[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.disneysex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.anime-porn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.torrent-finder[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@free.cartoonsxxxworld[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adult-toon[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@zoo-toons.xxxtopsex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gaytoonsplanet.porn-host[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tds.traffic-drive[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cumpornvideo[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@topanime[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-incest.porn-host[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@image.masterstats[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@mediacoder.sourceforge[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tds2.bdsmbook[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[13].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tribalfusion[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@video.pornohelp[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.tbn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi-bin[8].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicktorrent[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.comicsadult[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@megawarez[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[48].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@traffic-trade[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cartoon-bdsm[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porntube[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexx-pictures[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3d-porn-thumbs[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@crazysex3dworld[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.roberts-comics[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.bdsmartwork[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@top[11].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@k.iinfo[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xiti[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@dtr[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@incestarthouse.just-a-porn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@specificclick[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@allrealityxxxpass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@myfuckinwife[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexandsubmission[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultcomicsbook[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hotloliconsex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@G420c79e9[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fullpornlinks[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@shockingxxxmovies[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[49].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@devart.adbureau[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexforpain[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.disney-xxx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@top.disneyporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3dsexclub[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@torrent-finder[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultcomicsclub[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@spylog[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.bdsm-thumbnails[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.dragonball-xxx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@idrawporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@load[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toplist[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hornypharaoh[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.disney-sex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@slnxd[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@usenext[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ass-fucking-sluts.nichepass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.teenextremesex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.text-ent.tbn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultrevenueservice[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@asstraffic[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultforums[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@focalex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sex4000[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@findology[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@list[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@reduxads.valuead[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@paypal.112.2o7[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornbb[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.femalecelebrities[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@kontera[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[56].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.filthyadserver[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clickaider[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.cashengines[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad1.clickhype[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.warezator[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.vba[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3D[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@crazyxxxworld[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@archives[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toplist[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@s1[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vip.clickzs[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@df[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@yadro[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cz6.clickzs[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.allporntoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@metacafe.122.2o7[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.megaporntv[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.viewmyporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porno.dreammovies[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.precisecounter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@eadultgames[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@atdmt[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fullreleases[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@incestsextoons[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@free[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gostats[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fpctraffic2[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.tns-counter[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adclickstats[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.myfuckinwife[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.adfox[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.warezator[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ttt[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@rawtoonsex[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adult-empire[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@1072386779[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.warezquality[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hotlog[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxxcounter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fuckmoregirls[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vhost.oddcast[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@galleries.adult-empire[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@filthymatureporn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hit.stat[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@warezator[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporncomics[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fuckedandbound[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-xxx[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vipsextoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@1055339791[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[55].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@partypoker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@count.rbc[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hentaicounter[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[53].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@azjmp[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ero-advertising[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[7].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.analfuckthrills[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.interracialsexhouse[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adrenaline[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bdsmvideos[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@easy-hit-counters[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gotsex[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[7].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@715[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bigcocksex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@secure.pornaccess[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@rambler[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@audiag.112.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@animexxx.nichepass[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.easyad[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@euros4click[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3dtoonfucking[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.realtechnetwork[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vipxxxcartoons[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toplist[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@trafficmp[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.forcedsexscenes[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@signup[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3dpornpic[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porninspector[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@weborama[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexreactor[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultadworld[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@soundtrack[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[57].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@server.iad.liveperson[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter.cnw[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.rapeporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.opensubtitles[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adopt.euroclick[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@server.cpmstar[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@scanner.online-guard-adv[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fhg.best-sex-galleries[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adsys.internet-media[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dpornpic[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.zanox[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@topsexart[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@upspiral[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[18].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@estat[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicksor[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@galleries.forcedsexscenes[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@crazyxxx3dworld[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@easyadservice[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@revsci[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@servedby.adxpower[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@publishers.clickbooth[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@1055339551[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gggsexbox[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.beastplayers[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dpornbabes[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornaccess[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@realmedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.pornbb[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.gamesbannernet[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xren_cj[6].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[10].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fetishsexpics[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adultcomicsonly[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.clicksor[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@teenanal.nichepass[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[67].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.i4b[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adulttraffsale[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@elektromedia[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@34368978[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexybits[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.jointheporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fucked-in-space.nichepass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.pornstar[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.incestsexsite[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@83842527[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@crazyxxx3dworld[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@paycounter[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.upspiral[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dpornlinks[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporndir[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-porn-links[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.a1media[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@myroitracking[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@videoegg.adbureau[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[11].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@advertising[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adultrealitypass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@jizdnirady.idnes[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi-bin[26].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.payserve[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[12].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-porn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@richmedia.yahoo[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@full3dporn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@windowsmedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@usenext[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@mobilnihry.idnes[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultrealitypass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bestforcedsex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@jp[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@1062268926[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.rapexxx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.clubdogsex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.couplesseduceteens[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@dpfuckfest[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[68].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hypertracker[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.incestsex-3d[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.zoosextoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@galleries.incestsex-3d[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.cruelfuckers[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adrenalinesk[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi-bin[20].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.sexandsubmission[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bdsm.kinkest[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.elektromedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@free[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@optimize.indieclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediacoder.sourceforge[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
.mediacoder.sourceforge.net [ C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\d0c3yn2t.default\cookies.txt ]
.mediacoder.sourceforge.net [ C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\d0c3yn2t.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\d0c3yn2t.default\cookies.txt ]
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@azjmp[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@easy-hit-counters[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adbrite[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@statcounter[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@atdmt[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fastclick[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@banned3dsex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d.cartoonsxxxworld[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fastclick[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@free3dsexpalace[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@azjmp[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hitbox[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.zanox[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.zanox[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@atdmt[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fastclick[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@azjmp[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ocxxx[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@server.cpmstar[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicksor[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicksor[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicksor[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@stats[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fastclick[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@msnportalbeetoffice2007.112.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.easyad[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornstars[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@findsubtitles[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.ebdsm[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.easyad[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adrevolver[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@rawtoonsex[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@rawtoonsex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.extreme-erotic-encounters[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornstars[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.insanebdsm[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter7.sextracker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter3.sextracker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@drawn-bdsm[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.originalporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.warezquality[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sex-pornlist[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornstars[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@mefuckyoulongtime[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter5.sextracker[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.easyad[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hentaicounter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.adbrite[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter.cnw[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter15.sextracker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporndir[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@smileycentral[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.adbrite[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.fenopy[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.jointheporn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adrevolver[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adrevolver[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter.cnw[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hentaisexsites[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@mediaplex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ehg-foxmovies.hitbox[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.adbrite[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@mediaplex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@windowsmedia[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.atxxx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter.cnw[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@smileycentral[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toplist[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter.hitslink[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toplist[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@paycounter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pacificpoker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@media.adrevolver[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@traffic.el-ladies[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@extreme-erotic-encounters[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@partygaming.122.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fhg.best-sex-galleries[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d.porn-host[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexandsubmission[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ehg-upcchellomedia.hitbox[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicktorrent[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicktorrent[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicktorrent[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@partypoker[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@allporncomics[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.brutal-fuck[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@paypal.112.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@findlinks[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornaccess[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornaccess[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bdsmvideos[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@advertising[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@zedo[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d.porn-host[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vipxxxcartoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@frathousefuckfest[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.torrent-finder[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.torrent-finder[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.torrent-finder[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@zedo[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@zedo[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@zedo[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fetishsexpics[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.claxonmedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@a.websponsors[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@questionmarket[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@stats.ahacafe[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.gamesbannernet[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.pornomotion[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.fantasypromotion[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porncomicbook[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@comix.cartoonxxx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@studenti.adbureau[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bdsm-tgp[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad1.soundpedia[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad1.soundpedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.text.tbn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-porn-toons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.burstnet[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[6].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@casalemedia[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxxcumcash[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxxcumcash[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sextracker[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sextracker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@allbdsm[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.fantasypromotion[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.rudebdsmart[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[6].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tacoda[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tacoda[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@free3dsex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@audit.median[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@casalemedia[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@aff.sexandsubmission[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.adfox[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.ezytrack[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@casalemedia[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@revsci[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porntoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bilbo.counted[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dpornlinks[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cz5.clickzs[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cz5.clickzs[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.pornbb[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@2.adbrite[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporno[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporno[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@2.adbrite[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hardinterracialporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@secure.rawtoonsex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cz5.clickzs[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@blogstats[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.free-sex-guide[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@blogstats[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@eas.apm.emediate[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porninspector[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bdsm-harvest[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.ez-tracks[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.adreactor[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tracker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@crazyxxx3dworld[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porninspector[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.bdsmheat[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@server.iad.liveperson[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.tns-counter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vipxxxpass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@eas.apm.emediate[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3.adbrite[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.iconadserver[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@femalecelebrities[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@server.iad.liveperson[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@burstnet[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3.adbrite[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultlounge[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@shytoons.porno-cartoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3.adbrite[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@atlas.fixionmedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bestserials[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.realtechnetwork[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxxbilder.dl[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fuckedandbound[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.anime-adult[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@apmebf[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@advertise[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@revenue[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.filthymatureporn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adult-empire[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@livesexlist[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@nastytoons.pornanimated[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@revenue[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.sfxxxplace[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultadworld[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxx-animatrix[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hornymatches[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.agava.tbn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-shock.porn-host[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.opensubtitles[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.us.e-planning[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporncomics[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tribalfusion[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@the3dporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@torrent-finder[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adv.surinter[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxx-animatrix[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad1.clickhype[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@doubleclick[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clickaider[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bridesonblacks.tastyporn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@metacafe.122.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gotquestions[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@login.tracking101[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toonsporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.blacksfuckwhites[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.blacksfuckwhites[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.blacksfuckwhites[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tribalfusion[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tribalfusion[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gotsex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-animated-incest.orporno[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.pornsitejourney[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@msnportal.112.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ez-tracks[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adultcomicsonly[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.free-adult-anime[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@expectating-fuckers.nichepass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.glispa[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cz11.clickzs[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@yadro[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.scanmedios[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adecn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@yadro[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@usenext[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adult3dcomics[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adecn[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@usenext[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fuckinpublic[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hotlog[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@yadro[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@yadro[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.103092804[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@usenext[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornbb[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adecn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexandsubmission[2].txt
.hdpornpass.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.hdpornpass.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.hdpornpass.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
www4.addfreestats.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.bravenet.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.paycounter.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
mediamgr.ugo.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
antispyspider.us [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.antispyspider.us [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.antispyspider.us [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.ad2.bbmedia.cz [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.ad2.bbmedia.cz [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.ad2.billboard.cz [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adidnes2.bbmedia.cz [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.blogforadults.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.blogforadults.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.clickaider.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.members.elitedollars.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.members.elitedollars.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.paypal.112.2o7.net [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.porntelecast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.porntelecast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.porntelecast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.sex-superstore.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.sex-superstore.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.sex-superstore.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.tittiefuckers.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.tittiefuckers.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.tittiefuckers.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.torrent-finder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
extreme-erotic-encounters.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
extreme-erotic-encounters.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
torrent-finder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
torrent-finder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
www.3dstats.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
www.blogforadults.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
www.extreme-erotic-encounters.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
Adware.webHancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AE03BAD3-9B71-4FC6-99CC-A85B6EF84B44}\RP285\A0059237.EXE
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/08/2008 at 09:43 PM
Application Version : 4.15.1000
Core Rules Database Version : 3477
Trace Rules Database Version: 1468
Scan type : Complete Scan
Total Scan Time : 00:29:22
Memory items scanned : 402
Memory threats detected : 0
Registry items scanned : 5419
Registry threats detected : 0
File items scanned : 15043
File threats detected : 533
Adware.Tracking Cookie
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.allrealityxxxpass[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.wz[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@anime[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.fantasypromotion[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@chokertraffic[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@partygaming.122.2o7[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@indextools[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xren_cj[8].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi-bin[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@dtr[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.us.e-planning[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.cartoonsexx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi-bin[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.disneysex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.anime-porn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.torrent-finder[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@free.cartoonsxxxworld[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adult-toon[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@zoo-toons.xxxtopsex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gaytoonsplanet.porn-host[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tds.traffic-drive[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cumpornvideo[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@topanime[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-incest.porn-host[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@image.masterstats[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@mediacoder.sourceforge[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tds2.bdsmbook[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[13].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tribalfusion[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@video.pornohelp[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.tbn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi-bin[8].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicktorrent[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.comicsadult[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@megawarez[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[48].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@traffic-trade[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cartoon-bdsm[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porntube[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexx-pictures[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3d-porn-thumbs[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@crazysex3dworld[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.roberts-comics[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.bdsmartwork[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@top[11].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@k.iinfo[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xiti[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@dtr[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@incestarthouse.just-a-porn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@specificclick[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@allrealityxxxpass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@myfuckinwife[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexandsubmission[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultcomicsbook[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hotloliconsex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@G420c79e9[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fullpornlinks[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@shockingxxxmovies[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[49].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@devart.adbureau[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexforpain[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.disney-xxx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@top.disneyporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3dsexclub[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@torrent-finder[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultcomicsclub[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@spylog[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.bdsm-thumbnails[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.dragonball-xxx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@idrawporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@load[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toplist[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hornypharaoh[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.disney-sex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@slnxd[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@usenext[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ass-fucking-sluts.nichepass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.teenextremesex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.text-ent.tbn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultrevenueservice[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@asstraffic[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultforums[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@focalex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sex4000[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@findology[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@list[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@reduxads.valuead[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@paypal.112.2o7[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornbb[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.femalecelebrities[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@kontera[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[56].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.filthyadserver[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clickaider[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.cashengines[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad1.clickhype[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.warezator[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.vba[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3D[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@crazyxxxworld[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@archives[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toplist[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@s1[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vip.clickzs[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@df[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@yadro[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cz6.clickzs[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.allporntoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@metacafe.122.2o7[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.megaporntv[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.viewmyporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porno.dreammovies[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.precisecounter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@eadultgames[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@atdmt[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fullreleases[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@incestsextoons[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@free[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gostats[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fpctraffic2[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.tns-counter[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adclickstats[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.myfuckinwife[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.adfox[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.warezator[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ttt[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@rawtoonsex[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adult-empire[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@1072386779[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.warezquality[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hotlog[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxxcounter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fuckmoregirls[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vhost.oddcast[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@galleries.adult-empire[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@filthymatureporn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hit.stat[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@warezator[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporncomics[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fuckedandbound[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-xxx[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vipsextoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@1055339791[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[55].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@partypoker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@count.rbc[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hentaicounter[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[53].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@azjmp[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ero-advertising[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[7].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.analfuckthrills[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.interracialsexhouse[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adrenaline[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bdsmvideos[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@easy-hit-counters[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gotsex[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[7].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@715[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bigcocksex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@secure.pornaccess[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@rambler[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@audiag.112.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@animexxx.nichepass[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.easyad[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@euros4click[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3dtoonfucking[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.realtechnetwork[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vipxxxcartoons[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toplist[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@trafficmp[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.forcedsexscenes[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@signup[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3dpornpic[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porninspector[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@weborama[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexreactor[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultadworld[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@soundtrack[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[57].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@server.iad.liveperson[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter.cnw[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.rapeporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.opensubtitles[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adopt.euroclick[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@server.cpmstar[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@scanner.online-guard-adv[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fhg.best-sex-galleries[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adsys.internet-media[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dpornpic[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.zanox[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@topsexart[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@upspiral[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[18].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@estat[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicksor[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@galleries.forcedsexscenes[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@crazyxxx3dworld[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@easyadservice[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@revsci[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@servedby.adxpower[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@publishers.clickbooth[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@1055339551[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gggsexbox[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.beastplayers[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dpornbabes[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornaccess[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@realmedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.pornbb[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.gamesbannernet[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xren_cj[6].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[10].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fetishsexpics[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adultcomicsonly[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.clicksor[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@teenanal.nichepass[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[67].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.i4b[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adulttraffsale[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@elektromedia[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@34368978[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexybits[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.jointheporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fucked-in-space.nichepass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.pornstar[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.incestsexsite[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@83842527[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@crazyxxx3dworld[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@paycounter[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.upspiral[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dpornlinks[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporndir[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-porn-links[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.a1media[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@myroitracking[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@videoegg.adbureau[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[11].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@advertising[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adultrealitypass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@jizdnirady.idnes[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi-bin[26].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.payserve[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@please[12].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-porn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@richmedia.yahoo[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@full3dporn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@windowsmedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@usenext[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@mobilnihry.idnes[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultrealitypass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bestforcedsex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@jp[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@1062268926[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.rapexxx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.clubdogsex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.couplesseduceteens[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@dpfuckfest[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@st[68].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hypertracker[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.incestsex-3d[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.zoosextoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@galleries.incestsex-3d[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.cruelfuckers[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adrenalinesk[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cgi-bin[20].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.sexandsubmission[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bdsm.kinkest[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.elektromedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@free[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@optimize.indieclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediacoder.sourceforge[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
.mediacoder.sourceforge.net [ C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\d0c3yn2t.default\cookies.txt ]
.mediacoder.sourceforge.net [ C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\d0c3yn2t.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\d0c3yn2t.default\cookies.txt ]
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@azjmp[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@easy-hit-counters[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adbrite[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@statcounter[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@atdmt[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fastclick[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@banned3dsex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d.cartoonsxxxworld[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fastclick[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@free3dsexpalace[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@azjmp[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hitbox[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.zanox[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.zanox[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@atdmt[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fastclick[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@azjmp[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ocxxx[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@server.cpmstar[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicksor[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicksor[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicksor[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@stats[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fastclick[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@msnportalbeetoffice2007.112.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.easyad[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornstars[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@findsubtitles[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.ebdsm[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.easyad[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adrevolver[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@rawtoonsex[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@rawtoonsex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.extreme-erotic-encounters[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornstars[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.insanebdsm[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter7.sextracker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter3.sextracker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@drawn-bdsm[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.originalporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.warezquality[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sex-pornlist[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornstars[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@mefuckyoulongtime[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter5.sextracker[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.easyad[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hentaicounter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.adbrite[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter.cnw[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter15.sextracker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporndir[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@smileycentral[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.adbrite[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.fenopy[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.jointheporn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adrevolver[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adrevolver[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter.cnw[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hentaisexsites[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@mediaplex[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ehg-foxmovies.hitbox[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.adbrite[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@mediaplex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@windowsmedia[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.atxxx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter.cnw[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@smileycentral[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toplist[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter.hitslink[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toplist[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@paycounter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pacificpoker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@media.adrevolver[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@traffic.el-ladies[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@extreme-erotic-encounters[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@partygaming.122.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fhg.best-sex-galleries[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d.porn-host[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexandsubmission[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ehg-upcchellomedia.hitbox[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicktorrent[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicktorrent[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clicktorrent[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@partypoker[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@allporncomics[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.brutal-fuck[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@paypal.112.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@findlinks[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornaccess[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornaccess[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bdsmvideos[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@advertising[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@zedo[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d.porn-host[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vipxxxcartoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@frathousefuckfest[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.torrent-finder[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.torrent-finder[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.torrent-finder[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@zedo[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@zedo[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@zedo[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.fetishsexpics[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.claxonmedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@a.websponsors[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@questionmarket[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@stats.ahacafe[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.gamesbannernet[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@counter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.pornomotion[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.fantasypromotion[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porncomicbook[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@comix.cartoonxxx[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@studenti.adbureau[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bdsm-tgp[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad1.soundpedia[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad1.soundpedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.text.tbn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-porn-toons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.burstnet[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[6].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@casalemedia[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxxcumcash[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxxcumcash[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sextracker[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sextracker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@allbdsm[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@click.fantasypromotion[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.rudebdsmart[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[6].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tacoda[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tacoda[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@free3dsex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@audit.median[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@casalemedia[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@aff.sexandsubmission[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.adfox[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.yieldmanager[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adbrite[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.ezytrack[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@casalemedia[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@revsci[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porntoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bilbo.counted[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dpornlinks[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cz5.clickzs[4].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cz5.clickzs[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.pornbb[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@2.adbrite[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporno[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporno[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@2.adbrite[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hardinterracialporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@secure.rawtoonsex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cz5.clickzs[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@blogstats[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.free-sex-guide[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@blogstats[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@eas.apm.emediate[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porninspector[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bdsm-harvest[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.ez-tracks[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adserver.adreactor[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tracker[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@crazyxxx3dworld[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@porninspector[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.bdsmheat[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@server.iad.liveperson[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.tns-counter[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@vipxxxpass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@eas.apm.emediate[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3.adbrite[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.iconadserver[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@femalecelebrities[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@server.iad.liveperson[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@burstnet[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3.adbrite[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultlounge[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@shytoons.porno-cartoons[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3.adbrite[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@atlas.fixionmedia[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bestserials[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.realtechnetwork[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxxbilder.dl[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fuckedandbound[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.anime-adult[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@apmebf[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@advertise[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@revenue[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.filthymatureporn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adult-empire[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@livesexlist[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@nastytoons.pornanimated[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@revenue[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.sfxxxplace[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adultadworld[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxx-animatrix[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hornymatches[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.agava.tbn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-shock.porn-host[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.opensubtitles[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.us.e-planning[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.3dporncomics[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tribalfusion[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@the3dporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@torrent-finder[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adv.surinter[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@xxx-animatrix[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad1.clickhype[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@doubleclick[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@clickaider[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@bridesonblacks.tastyporn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@metacafe.122.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gotquestions[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@login.tracking101[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@toonsporn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.blacksfuckwhites[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.blacksfuckwhites[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.blacksfuckwhites[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tribalfusion[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@tribalfusion[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@gotsex[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@3d-animated-incest.orporno[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.pornsitejourney[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@msnportal.112.2o7[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ez-tracks[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.adultcomicsonly[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@www.free-adult-anime[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@expectating-fuckers.nichepass[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ads.glispa[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@cz11.clickzs[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@yadro[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.scanmedios[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adecn[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@yadro[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@usenext[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adult3dcomics[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adecn[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@usenext[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@fuckinpublic[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@hotlog[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@yadro[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@yadro[5].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@ad.103092804[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@usenext[3].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@pornbb[2].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@adecn[1].txt
C:\Documents and Settings\Fridrichovský\Cookies\fridrichovský@sexandsubmission[2].txt
.hdpornpass.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.hdpornpass.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.hdpornpass.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adultfriendfinder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
www4.addfreestats.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.bravenet.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.paycounter.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
vhost.oddcast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
mediamgr.ugo.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
antispyspider.us [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.antispyspider.us [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.antispyspider.us [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.ad2.bbmedia.cz [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.ad2.bbmedia.cz [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.ad2.billboard.cz [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.adidnes2.bbmedia.cz [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.blogforadults.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.blogforadults.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.clickaider.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.members.elitedollars.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.members.elitedollars.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.paypal.112.2o7.net [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.porntelecast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.porntelecast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.porntelecast.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.sex-superstore.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.sex-superstore.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.sex-superstore.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.tittiefuckers.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.tittiefuckers.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.tittiefuckers.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.torrent-finder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
.usenext.de [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
extreme-erotic-encounters.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
extreme-erotic-encounters.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
server.iad.liveperson.net [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
torrent-finder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
torrent-finder.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
www.3dstats.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
www.blogforadults.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
www.extreme-erotic-encounters.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Fridrichovský\Data aplikací\Mozilla\Firefox\Profiles\cke87c4o.default\cookies.txt ]
Adware.webHancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AE03BAD3-9B71-4FC6-99CC-A85B6EF84B44}\RP285\A0059237.EXE
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Kontrola HJT - AntiSpy Spider
Stáhni si Suspicious File Packer
Rozbal ho a spusť ho (soubor sfp.exe)
Do okna, které se ti zobrazí, zkopíruj a vlož tento tučně označený text:
C:\WINDOWS\portsv.exe
pak klikni na tlačítko Continue
Program se ti přepne do druhého okna Step2: Create archive
Zavři program.
Na ploše se ti vytvoří soubor requested-files[2007-07-30_HH_MM].cab (místo 2007-07-30 budeš mít aktuální datum a kde HH - hodina a MM minuty) Budeš pak muset u vytvořeného archivu přejmenovat příponu souboru z cab na zip nebo rar, nebo celý soubor pak znovu zabal (rarem, zipem) a vlož ho sem jako přílohu.
Poznámka: Je možné že už dané soubory nebudeš mít na disku, takže se ti nemusí vytvořit archiv.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vytvoř si nový CFScript a použij ho stejným způsobem jako ten předchozí, ale s tím rozdílem že do něho tentokrát vlož toto:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Vlož sem pak log který se ti zobrazí po použití CF + nový log z HJT.
Rozbal ho a spusť ho (soubor sfp.exe)
Do okna, které se ti zobrazí, zkopíruj a vlož tento tučně označený text:
C:\WINDOWS\portsv.exe
pak klikni na tlačítko Continue
Program se ti přepne do druhého okna Step2: Create archive
Zavři program.
Na ploše se ti vytvoří soubor requested-files[2007-07-30_HH_MM].cab (místo 2007-07-30 budeš mít aktuální datum a kde HH - hodina a MM minuty) Budeš pak muset u vytvořeného archivu přejmenovat příponu souboru z cab na zip nebo rar, nebo celý soubor pak znovu zabal (rarem, zipem) a vlož ho sem jako přílohu.
Poznámka: Je možné že už dané soubory nebudeš mít na disku, takže se ti nemusí vytvořit archiv.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Vytvoř si nový CFScript a použij ho stejným způsobem jako ten předchozí, ale s tím rozdílem že do něho tentokrát vlož toto:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Driver::
PlugPlayRPC
File::
C:\WINDOWS\portsv.exe
C:\Temp
C:\WINDOWS\system32\3512
C:\WINDOWS\system32\zabD
C:\WINDOWS\system32\izo
C:\WINDOWS\system32\3131Vlož sem pak log který se ti zobrazí po použití CF + nový log z HJT.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Kontrola HJT - AntiSpy Spider
ComboFix 08-06-07.3 - Fridrichovský 2008-06-10 17:45:20.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.647 [GMT 2:00]
Running from: C:\Documents and Settings\Fridrichovský\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fridrichovský\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Temp
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\3131
C:\WINDOWS\system32\3512
C:\WINDOWS\system32\izo
C:\WINDOWS\system32\zabD
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PLUGPLAYRPC
-------\Service_PlugPlayRPC
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.
2008-06-10 17:39 . 2008-06-10 17:39 507 --a------ C:\SFP.zip
2008-06-08 21:10 . 2008-06-08 21:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-08 21:10 . 2008-06-08 21:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 12:23 . 2008-06-08 21:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-08 12:18 . 2008-06-10 14:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-08 12:18 . 2008-06-08 12:18 <DIR> d-------- C:\Program Files\AVG
2008-06-08 12:18 . 2008-06-08 12:18 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-08 12:18 . 2008-06-08 12:18 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-08 12:18 . 2008-06-08 12:18 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-08 11:55 . 2008-06-08 14:07 <DIR> d-------- C:\WINDOWS\system32\3131
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-08 11:21 . 2008-06-08 11:21 <DIR> d-------- C:\SDFix
2008-06-07 23:01 . 2008-06-07 23:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-07 22:17 . 2008-06-07 22:17 105 --a------ C:\WINDOWS\wininit.ini
2008-06-07 21:20 . 2008-06-08 11:47 <DIR> d-------- C:\WINDOWS\system32\3512
2008-06-07 20:20 . 2008-06-08 13:18 <DIR> d-------- C:\WINDOWS\system32\zabD
2008-06-07 20:20 . 2008-06-08 13:16 <DIR> d-------- C:\WINDOWS\system32\izo
2008-06-07 20:20 . 2008-06-08 13:20 <DIR> d-------- C:\Temp
2008-06-07 20:20 . 2008-06-07 20:20 <DIR> dr------- C:\Documents and Settings\NetworkService\Oblˇben‚ polo§ky
2008-05-29 18:35 . 2008-05-29 18:35 <DIR> d-------- C:\Program Files\Sierra
2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Pacient
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 10:40 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-29 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 16:33 --------- d-----w C:\Program Files\Electronic Arts
2008-04-24 20:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-23 11:47 --------- d-----w C:\Program Files\DAP
2008-04-23 11:38 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-04-23 11:38 --------- d-----w C:\Program Files\Google
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_11.53.37,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:46:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 15:49:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-08 19:10:22 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-06-08 19:10:22 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-06-08 10:18:19 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2006-06-26 22:09 1211176]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2004-09-29 08:39 24576]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2004-09-23 18:56 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-04-23 13:38 3053056]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-08 12:18 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PmcSettings.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\EpgSpoolerSrv.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Roger Wilco\\roger.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-08 12:18]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-08 12:18]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-08 12:18]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-08 12:18]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 12:14]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\EE2AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-10 15:50:05 C:\WINDOWS\Tasks\SpeedOptimizer Startup.job"
- c:\progra~1\speedo~1\SPO.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 17:50:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-10 17:55:24 - machine was rebooted [Fridrichovskě]
ComboFix-quarantined-files.txt 2008-06-10 15:55:20
ComboFix2.txt 2008-06-08 18:52:52
ComboFix3.txt 2008-06-08 09:53:51
Adresářů: 14, Volných bajtů: 4,958,040,064
Adres ý…: 19, Volněch bajt…: 4,885,942,272
186 --- E O F --- 2007-07-13 10:27:14
****************************************************************************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:37, on 10.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PMCS] C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe -host -clearDebug
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] C:\PROGRA~1\MICROS~2\wcescomm.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5BE6279-7EBD-4702-A1C3-D5BE028FAB97}: NameServer = 82.99.133.33,82.99.133.35
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 8322 bytes
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.647 [GMT 2:00]
Running from: C:\Documents and Settings\Fridrichovský\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fridrichovský\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Temp
C:\WINDOWS\portsv.exe
C:\WINDOWS\system32\3131
C:\WINDOWS\system32\3512
C:\WINDOWS\system32\izo
C:\WINDOWS\system32\zabD
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PLUGPLAYRPC
-------\Service_PlugPlayRPC
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.
2008-06-10 17:39 . 2008-06-10 17:39 507 --a------ C:\SFP.zip
2008-06-08 21:10 . 2008-06-08 21:10 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-08 21:10 . 2008-06-08 21:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-08 12:23 . 2008-06-08 21:32 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-08 12:18 . 2008-06-10 14:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-08 12:18 . 2008-06-08 12:18 <DIR> d-------- C:\Program Files\AVG
2008-06-08 12:18 . 2008-06-08 12:18 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-08 12:18 . 2008-06-08 12:18 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-08 12:18 . 2008-06-08 12:18 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-08 11:55 . 2008-06-08 14:07 <DIR> d-------- C:\WINDOWS\system32\3131
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-08 11:21 . 2008-06-08 11:21 <DIR> d-------- C:\SDFix
2008-06-07 23:01 . 2008-06-07 23:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-07 22:17 . 2008-06-07 22:17 105 --a------ C:\WINDOWS\wininit.ini
2008-06-07 21:20 . 2008-06-08 11:47 <DIR> d-------- C:\WINDOWS\system32\3512
2008-06-07 20:20 . 2008-06-08 13:18 <DIR> d-------- C:\WINDOWS\system32\zabD
2008-06-07 20:20 . 2008-06-08 13:16 <DIR> d-------- C:\WINDOWS\system32\izo
2008-06-07 20:20 . 2008-06-08 13:20 <DIR> d-------- C:\Temp
2008-06-07 20:20 . 2008-06-07 20:20 <DIR> dr------- C:\Documents and Settings\NetworkService\Oblˇben‚ polo§ky
2008-05-29 18:35 . 2008-05-29 18:35 <DIR> d-------- C:\Program Files\Sierra
2008-05-14 20:15 . 2008-05-14 20:15 <DIR> d-------- C:\Pacient
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 10:40 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-29 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 16:33 --------- d-----w C:\Program Files\Electronic Arts
2008-04-24 20:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-23 11:47 --------- d-----w C:\Program Files\DAP
2008-04-23 11:38 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-04-23 11:38 --------- d-----w C:\Program Files\Google
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_11.53.37,92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 09:46:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 15:49:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-08 19:10:22 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-06-08 19:10:22 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-06-08 10:18:19 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2006-12-01 20:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2006-06-26 22:09 1211176]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2004-09-29 08:39 24576]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06 406016]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2004-09-23 18:56 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-04-23 13:38 3053056]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-08 12:18 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\PmcSettings.exe"=
"C:\\Program Files\\Pinnacle\\MediaCenter\\EpgSpoolerSrv.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Roger Wilco\\roger.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Sierra\\Empire Earth II\\EE2.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-08 12:18]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-08 12:18]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-08 12:18]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-08 12:18]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 12:14]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\EE2AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-10 15:50:05 C:\WINDOWS\Tasks\SpeedOptimizer Startup.job"
- c:\progra~1\speedo~1\SPO.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 17:50:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-10 17:55:24 - machine was rebooted [Fridrichovskě]
ComboFix-quarantined-files.txt 2008-06-10 15:55:20
ComboFix2.txt 2008-06-08 18:52:52
ComboFix3.txt 2008-06-08 09:53:51
Adresářů: 14, Volných bajtů: 4,958,040,064
Adres ý…: 19, Volněch bajt…: 4,885,942,272
186 --- E O F --- 2007-07-13 10:27:14
****************************************************************************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:37, on 10.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PMCS] C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe -host -clearDebug
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [H/PC Connection Agent] C:\PROGRA~1\MICROS~2\wcescomm.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5BE6279-7EBD-4702-A1C3-D5BE028FAB97}: NameServer = 82.99.133.33,82.99.133.35
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 8322 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Kontrola HJT - AntiSpy Spider
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Smaž ručně tyto adresáře/složky označené tučně:
C:\Temp
C:\WINDOWS\system32\3512
C:\WINDOWS\system32\zabD
C:\WINDOWS\system32\izo
C:\WINDOWS\system32\3131
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pokud si tam chceš nechat na občasnou kontrolu SUPERAntiSpyware tak vypni jeho spouštění při startu.
- Spusť program a klikni na tlačítko Preferences...
- Otevře se ti nové okno kde klikni na záložku General and Startup
* na ní pod nadpisem Start-Up Options zruš zatržení(fajfku) u položky: Start SUPERAntiSpyware when Windows starts
- Pak můžeš program zavřít
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Máš ještě nějaké problémy?
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Smaž ručně tyto adresáře/složky označené tučně:
C:\Temp
C:\WINDOWS\system32\3512
C:\WINDOWS\system32\zabD
C:\WINDOWS\system32\izo
C:\WINDOWS\system32\3131
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pokud si tam chceš nechat na občasnou kontrolu SUPERAntiSpyware tak vypni jeho spouštění při startu.
- Spusť program a klikni na tlačítko Preferences...
- Otevře se ti nové okno kde klikni na záložku General and Startup
* na ní pod nadpisem Start-Up Options zruš zatržení(fajfku) u položky: Start SUPERAntiSpyware when Windows starts
- Pak můžeš program zavřít
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Máš ještě nějaké problémy?
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Kontrola HJT - AntiSpy Spider
Už asi ne, ale takto podobně to už řeším podruhé.
Asi 7 let programuji webové aplikace a poslední roky i jejaký lokální aplikace.
Zajímalo by mě, co všechno jsem tady dělal.
Je mi jasný, že se to hrabalo v registrech a ve složce Windows zejména System32.
Můžeš mi sem dát odkaz, kde bych se o tom dočetl více?
Moc díky
Asi 7 let programuji webové aplikace a poslední roky i jejaký lokální aplikace.
Zajímalo by mě, co všechno jsem tady dělal.
Je mi jasný, že se to hrabalo v registrech a ve složce Windows zejména System32.
Můžeš mi sem dát odkaz, kde bych se o tom dočetl více?
Moc díky
Kdo je online
Uživatelé prohlížející si toto fórum: Google [Bot] a 119 hostů