HJT kontrola Vyřešeno

[jaro3]

Ještě se podívej , možná si to nezkopíroval celý..

Jinak udělej nový sken Combofixem ( bez scriptu). a vlož sem log z něj. vypracování logu někdy trvá dlouho , je třeba vyčkat konce!!

[Reklama]

[Psenda15]

CF log.:


ComboFix 11-09-16.01 - Vaclav 17.09.2011 11:33:00.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.649 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vaclav\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Plugin Manager\SkypePM.exe
c:\windows\msmqinst.log
.
---- Předchozí spuštění -------
.
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Application Updater\config.ini
c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APPLICATION_UPDATER
-------\Legacy_EAGLEXNT
-------\Legacy_FIREBIRDSERVERMAGIXINSTANCE
-------\Legacy_SETUPNTGLM7X
-------\Legacy_SPTD
-------\Service_Application Updater
-------\Service_EagleXNt
-------\Service_FirebirdServerMAGIXInstance
-------\Service_SetupNTGLM7X
-------\Service_sptd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-17 do 2011-09-17 )))))))))))))))))))))))))))))))
.
.
2011-09-15 16:31 . 2011-09-15 16:35 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-14 12:53 . 2011-09-14 12:53 -------- d-----w- c:\documents and settings\Vaclav\Data aplikací\Malwarebytes
2011-09-14 12:53 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-14 12:53 . 2011-09-14 12:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-09-14 12:53 . 2011-09-14 12:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-14 12:53 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-09 09:58 . 2011-09-09 09:58 388096 ----a-r- c:\documents and settings\Vaclav\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-09 09:14 . 2011-09-09 09:14 -------- d-----w- c:\program files\Trend Micro
2011-09-08 21:12 . 2011-09-08 21:12 -------- d-----w- c:\program files\abgx360
2011-09-07 18:43 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-09-07 18:43 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-09-07 18:37 . 2011-09-09 04:52 -------- d-----w- c:\program files\Microsoft Works
2011-09-07 18:31 . 2011-09-07 18:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-07 18:30 . 2011-09-07 18:30 -------- d-----w- c:\documents and settings\Vaclav\Local Settings\Data aplikací\Microsoft Help
2011-09-07 18:30 . 2011-09-15 20:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2011-09-07 18:28 . 2011-09-07 18:28 -------- d-----r- C:\MSOCache
2011-09-07 17:04 . 2011-09-07 17:04 -------- d-----w- c:\program files\Adobe Media Player
2011-09-05 18:48 . 2011-09-05 18:50 -------- d-----w- c:\program files\DesetiPrsty
2011-08-25 08:58 . 2011-08-25 09:06 -------- d-----w- c:\program files\Playboy - The Mansion
2011-08-25 08:25 . 2011-08-25 08:25 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-25 08:25 . 2011-08-25 08:25 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-25 08:23 . 2011-08-25 08:23 -------- d-----w- c:\program files\Symulator Jazdy 2
2011-08-24 18:23 . 2011-08-24 18:23 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2011-08-24 18:23 . 2011-08-24 18:23 17212 ----a-w- c:\windows\system32\SIntf32.dll
2011-08-24 18:23 . 2011-08-24 18:23 12067 ----a-w- c:\windows\system32\SIntf16.dll
2011-08-24 17:26 . 2011-08-24 18:24 -------- d-----w- C:\TGiant
2011-08-24 16:58 . 2011-08-24 16:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Buena Vista Games
2011-08-24 16:43 . 2011-08-24 16:43 -------- d-----w- C:\hollywood2
2011-08-24 16:26 . 2011-08-24 16:26 -------- d-----w- c:\program files\Paradox Interactive
2011-08-24 14:12 . 2011-08-24 14:12 -------- d-----w- c:\documents and settings\Vaclav\Local Settings\Data aplikací\Xara
2011-08-24 14:11 . 2011-08-24 14:12 -------- d-----w- c:\program files\Common Files\Xara
2011-08-24 14:11 . 2011-08-24 14:11 -------- d-----w- c:\program files\Xara
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-08-25 09:01 . 2011-03-24 17:37 188928 ----a-w- c:\windows\system32\vbuzip10.DLL
2011-08-01 13:45 . 2011-05-15 10:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 22:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-10-25 14:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:31 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-05-17 18:25 . 2011-04-03 16:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-29 . B054BB152547F33685D19F3343F444D0 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-09-14_15.25.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-18 12:00 . 2011-09-17 04:59 80676 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2011-09-09 05:25 80676 c:\windows\system32\perfc009.dat
- 2004-08-18 12:00 . 2011-09-09 05:25 93748 c:\windows\system32\perfc005.dat
+ 2004-08-18 12:00 . 2011-09-17 04:59 93748 c:\windows\system32\perfc005.dat
- 2011-06-16 20:37 . 2011-06-16 20:37 49936 c:\windows\Installer\{95120000-00AF-0405-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-09-15 20:16 . 2011-09-15 20:16 49936 c:\windows\Installer\{95120000-00AF-0405-0000-0000000FF1CE}\ppvwicon.exe
+ 2011-09-07 18:43 . 2011-09-15 20:16 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-09-07 18:43 . 2011-09-15 20:16 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-09-07 18:43 . 2011-09-15 20:16 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-06-16 20:37 . 2011-06-16 20:37 38240 c:\windows\Installer\{90120000-0020-0405-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-09-15 20:15 . 2011-09-15 20:15 38240 c:\windows\Installer\{90120000-0020-0405-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2004-08-18 12:00 . 2011-09-17 04:59 484280 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2011-09-09 05:25 484280 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2011-09-09 05:25 479912 c:\windows\system32\perfh005.dat
+ 2004-08-18 12:00 . 2011-09-17 04:59 479912 c:\windows\system32\perfh005.dat
+ 2011-09-15 16:35 . 2011-09-15 16:35 218688 c:\windows\system32\DRVSTORE\dtsoftbus0_AD332A68C56C9C184A01C895333186ADC9235B60\dtsoftbus01.sys
+ 2010-08-03 13:23 . 2011-05-27 17:05 134480 c:\windows\system32\drivers\AVGIDSDriver.sys
- 2010-08-03 13:23 . 2011-04-14 19:28 134480 c:\windows\system32\drivers\AVGIDSDriver.sys
- 2008-04-14 06:51 . 2011-09-03 10:17 602112 c:\windows\system32\dllcache\crypt32.dll
+ 2008-04-14 06:51 . 2011-09-09 09:12 602112 c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-07 18:43 . 2011-09-15 20:16 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-09-07 18:43 . 2011-09-15 20:16 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-09-07 18:43 . 2011-09-15 20:16 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-09-07 18:43 . 2011-09-15 20:16 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-09-07 18:43 . 2011-09-15 20:16 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-09-07 18:43 . 2011-09-15 20:16 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-09-07 18:43 . 2011-09-15 20:16 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-01-14 05:10 . 2011-01-14 05:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 05:10 . 2011-01-14 05:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2011-08-10 15:43 . 2011-08-10 15:43 3795968 c:\windows\Installer\c60911.msp
+ 2011-09-06 19:46 . 2011-09-06 19:46 9006080 c:\windows\Installer\c60908.msp
+ 2011-06-21 09:59 . 2011-06-21 09:59 1764352 c:\windows\Installer\c608f1.msp
+ 2011-08-24 04:37 . 2011-08-24 04:37 4985856 c:\windows\Installer\c608d9.msp
+ 2011-08-10 15:42 . 2011-08-10 15:42 7070208 c:\windows\Installer\c608ad.msp
+ 2011-07-21 10:34 . 2011-07-21 10:34 3456000 c:\windows\Installer\c608a5.msp
+ 2011-09-06 19:48 . 2011-09-06 19:48 8181248 c:\windows\Installer\c60884.msp
+ 2011-07-27 05:39 . 2011-07-27 05:39 9892352 c:\windows\Installer\c60841.msp
+ 2011-09-15 07:10 . 2011-09-15 07:10 3504640 c:\windows\Installer\79e38.msi
+ 2011-09-07 18:43 . 2011-09-15 20:16 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-09-07 18:43 . 2011-09-09 19:25 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-09-07 18:43 . 2011-09-15 20:16 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-01-14 05:10 . 2011-01-14 05:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 05:10 . 2011-01-14 05:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 05:10 . 2011-01-14 05:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2006-10-26 17:42 . 2006-10-26 17:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002159FA0050400000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2009-04-03 17:21 . 2009-04-03 17:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002109020050400000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2009-10-25 15:04 . 2011-09-15 20:11 46249416 c:\windows\system32\MRT.exe
+ 2011-07-27 05:37 . 2011-07-27 05:37 11592192 c:\windows\Installer\c6087b.msp
+ 2009-04-03 16:21 . 2009-04-03 16:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002159FA0050400000000000F01FEC\12.0.6425\OART.DLL
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 06:11 2471240 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-04-05 119608]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-04-12 2937528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Trans"="c:\program files\Trans\trans.exe" [2011-01-10 2895240]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2009-10-25 25214]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2010-3-26 2637680]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Vaclav^Nabídka Start^Programy^Po spuštění^Samsung Auto Backup Guage.lnk]
path=c:\documents and settings\Vaclav\Nabídka Start\Programy\Po spuštění\Samsung Auto Backup Guage.lnk
backup=c:\windows\pss\Samsung Auto Backup Guage.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Vaclav^Nabídka Start^Programy^Po spuštění^Samsung Auto Backup Real-Time Daemon.lnk]
path=c:\documents and settings\Vaclav\Nabídka Start\Programy\Po spuštění\Samsung Auto Backup Real-Time Daemon.lnk
backup=c:\windows\pss\Samsung Auto Backup Real-Time Daemon.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Vaclav^Nabídka Start^Programy^Po spuštění^Samsung Auto Backup Scheduler.lnk]
path=c:\documents and settings\Vaclav\Nabídka Start\Programy\Po spuštění\Samsung Auto Backup Scheduler.lnk
backup=c:\windows\pss\Samsung Auto Backup Scheduler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 00:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 16:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
2009-10-25 16:22 26624 ----a-w- c:\windows\OETRN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57624:TCP"= 57624:TCP:Pando Media Booster
"57624:UDP"= 57624:UDP:Pando Media Booster
"56413:TCP"= 56413:TCP:Pando Media Booster
"56413:UDP"= 56413:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 15:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8.12.2010 4:12 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12.11.2010 13:19 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.9.2011 18:31 218688]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [5.1.2011 14:24 12800]
R1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [5.1.2011 14:24 64000]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [6.9.2010 3:19 169408]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [6.3.2010 13:24 164992]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.8.2011 1:33 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33 269520]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [6.3.2010 13:24 12544]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3.8.2010 15:23 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [3.8.2010 15:23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [3.8.2010 15:23 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12.3.2009 18:36 86016]
S2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [5.1.2011 14:24 114688]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [14.4.2011 18:32 947528]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [14.9.2011 14:53 41272]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [5.7.2010 11:18 32377]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-17 c:\windows\Tasks\User_Feed_Synchronization-{85035588-1CAE-4B1A-9700-D79C1B65CA41}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download Image Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_img.htm
IE: Download Page Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_all.htm
IE: Download Selection Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_sel.htm
IE: Download Target Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_file.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Show Page Links Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_link.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - {05926058-0C40-4092-8521-78D9D281B457} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 10.0.0.138
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Vaclav\Data aplikací\Mozilla\Firefox\Profiles\5zt6rj2p.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =966134&p=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-17 11:46
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Background Task Scheduler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="URL Shortcut PropSetStorage Mapping"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\Instance]
"CLSID"="{942bc614-676c-464e-b384-d3202aaa02da}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft BrowserBand"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Fade Task"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE OrderListExport"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Desk Bar"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shared Task Scheduler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="TravelLog"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Subscribe Dialog"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Navigation Bar"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDataObjectWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Site"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Band"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Document"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\ProgID]
@="xmlfile"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Tasks"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories cache daemon"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft History AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Tracking Shell Menu"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE BandProxy"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Private Profile Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDropSourceWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Executable"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}\InProcServer32]
@DACL=(02 0010)
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="INI Property Set Storage Handler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE MRU AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Folder"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\ShellFolder]
"Attributes"=dword:a0000000
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Shell Folder AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Thread Handshake"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Thread State"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Bands"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}\InProcServer32]
@DACL=(02 0010)
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS FeedFolder Tasks"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Shell Name Space ListView"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Multiple AutoComplete List Container"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Microsoft Browser Architecture"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\ShellFolder]
"Attributes"=dword:a0000050
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Rebar BandSite"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Docking Bar Property Bag"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32]
@="c:\\Program Files\\Internet Explorer\\ieproxy.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories conditional cache daemon"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Application State"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Band Site Menu"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ProtectedModeAPI"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="&Links"
"MenuTextPUI"="@c:\\WINDOWS\\system32\\ieframe.dll.mui,-13138"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Registry Tree Options Utility"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE User Assist"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft CommBand"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Custom MRU AutoCompleted List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Moniker"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IBrowserFrame"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\NumMethods]
@="16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabBrowserService"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\NumMethods]
@="6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindow"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\NumMethods]
@="28"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindowManager"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\NumMethods]
@="17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2011-09-17 11:53:46
ComboFix-quarantined-files.txt 2011-09-17 09:53
ComboFix2.txt 2011-09-14 15:31
.
Před spuštěním: Volných bajtů: 70 918 606 848
Po spuštění: Volných bajtů: 71 037 612 032
.
- - End Of File - - C4A37577DD1A479F0131238953FAEF08

[Psenda15]

Tak co s tím??

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\perfc009.dat
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh009.dat
c:\windows\system32\perfh005.dat

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"=-

Firefox::
F - ProfilePath - c:\documents and settings\Vaclav\Data aplikací\Mozilla\Firefox\Profiles\5zt6rj2p.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =966134&p


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

---

Toto otestuj na Virustotal
c:\windows\system32\sfcfiles.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

[Psenda15]

Tohle je ten odkaz:

http://www.virustotal.com/file-scan/rep ... 1316441039

A tady cf log.:


ComboFix 11-09-19.01 - Vaclav 19.09.2011 15:26:05.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.777 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vaclav\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Vaclav\Plocha\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfc009.dat"
"c:\windows\system32\perfh005.dat"
"c:\windows\system32\perfh009.dat"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-08-19 do 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-19 13:40 . 2011-09-19 13:40 6272 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-09-15 16:31 . 2011-09-15 16:35 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-14 12:53 . 2011-09-14 12:53 -------- d-----w- c:\documents and settings\Vaclav\Data aplikací\Malwarebytes
2011-09-14 12:53 . 2011-07-08 05:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-14 12:53 . 2011-09-14 12:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-09-14 12:53 . 2011-09-14 12:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-14 12:53 . 2011-07-08 05:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-09 09:58 . 2011-09-09 09:58 388096 ----a-r- c:\documents and settings\Vaclav\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-09 09:14 . 2011-09-09 09:14 -------- d-----w- c:\program files\Trend Micro
2011-09-08 21:12 . 2011-09-08 21:12 -------- d-----w- c:\program files\abgx360
2011-09-07 18:43 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-09-07 18:43 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-09-07 18:37 . 2011-09-09 04:52 -------- d-----w- c:\program files\Microsoft Works
2011-09-07 18:31 . 2011-09-07 18:31 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-07 18:30 . 2011-09-07 18:30 -------- d-----w- c:\documents and settings\Vaclav\Local Settings\Data aplikací\Microsoft Help
2011-09-07 18:30 . 2011-09-15 20:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2011-09-07 18:28 . 2011-09-07 18:28 -------- d-----r- C:\MSOCache
2011-09-07 17:04 . 2011-09-07 17:04 -------- d-----w- c:\program files\Adobe Media Player
2011-09-05 18:48 . 2011-09-05 18:50 -------- d-----w- c:\program files\DesetiPrsty
2011-08-25 08:58 . 2011-08-25 09:06 -------- d-----w- c:\program files\Playboy - The Mansion
2011-08-25 08:25 . 2011-08-25 08:25 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-25 08:25 . 2011-08-25 08:25 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-25 08:23 . 2011-08-25 08:23 -------- d-----w- c:\program files\Symulator Jazdy 2
2011-08-24 18:23 . 2011-08-24 18:23 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2011-08-24 18:23 . 2011-08-24 18:23 17212 ----a-w- c:\windows\system32\SIntf32.dll
2011-08-24 18:23 . 2011-08-24 18:23 12067 ----a-w- c:\windows\system32\SIntf16.dll
2011-08-24 17:26 . 2011-08-24 18:24 -------- d-----w- C:\TGiant
2011-08-24 16:58 . 2011-08-24 16:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Buena Vista Games
2011-08-24 16:43 . 2011-08-24 16:43 -------- d-----w- C:\hollywood2
2011-08-24 16:26 . 2011-08-24 16:26 -------- d-----w- c:\program files\Paradox Interactive
2011-08-24 14:12 . 2011-08-24 14:12 -------- d-----w- c:\documents and settings\Vaclav\Local Settings\Data aplikací\Xara
2011-08-24 14:11 . 2011-08-24 14:12 -------- d-----w- c:\program files\Common Files\Xara
2011-08-24 14:11 . 2011-08-24 14:11 -------- d-----w- c:\program files\Xara
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2008-04-14 06:51 602112 ----a-w- c:\windows\system32\crypt32.dll
2011-08-25 09:01 . 2011-03-24 17:37 188928 ----a-w- c:\windows\system32\vbuzip10.DLL
2011-08-01 13:45 . 2011-05-15 10:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2008-04-13 22:47 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-13 22:27 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-10-25 14:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:31 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:31 . 2008-04-14 06:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 18:31 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 12:05 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2011-05-17 18:25 . 2011-04-03 16:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-29 . B054BB152547F33685D19F3343F444D0 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2011-09-17_09.46.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-18 12:00 . 2011-09-17 04:59 80676 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2011-09-19 13:45 80676 c:\windows\system32\perfc009.dat
+ 2004-08-18 12:00 . 2011-09-19 13:45 484280 c:\windows\system32\perfh009.dat
- 2004-08-18 12:00 . 2011-09-17 04:59 484280 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 06:11 2471240 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-04-05 119608]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-04-12 2937528]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Trans"="c:\program files\Trans\trans.exe" [2011-01-10 2895240]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2009-10-25 25214]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2010-3-26 2637680]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Vaclav^Nabídka Start^Programy^Po spuštění^Samsung Auto Backup Guage.lnk]
path=c:\documents and settings\Vaclav\Nabídka Start\Programy\Po spuštění\Samsung Auto Backup Guage.lnk
backup=c:\windows\pss\Samsung Auto Backup Guage.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Vaclav^Nabídka Start^Programy^Po spuštění^Samsung Auto Backup Real-Time Daemon.lnk]
path=c:\documents and settings\Vaclav\Nabídka Start\Programy\Po spuštění\Samsung Auto Backup Real-Time Daemon.lnk
backup=c:\windows\pss\Samsung Auto Backup Real-Time Daemon.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Vaclav^Nabídka Start^Programy^Po spuštění^Samsung Auto Backup Scheduler.lnk]
path=c:\documents and settings\Vaclav\Nabídka Start\Programy\Po spuštění\Samsung Auto Backup Scheduler.lnk
backup=c:\windows\pss\Samsung Auto Backup Scheduler.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 00:25 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 16:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 16:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
2009-10-25 16:22 26624 ----a-w- c:\windows\OETRN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57624:TCP"= 57624:TCP:Pando Media Booster
"57624:UDP"= 57624:UDP:Pando Media Booster
"56413:TCP"= 56413:TCP:Pando Media Booster
"56413:UDP"= 56413:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.9.2010 15:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7.9.2010 3:48 32592]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8.12.2010 4:12 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12.11.2010 13:19 297168]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.9.2011 18:31 218688]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [5.1.2011 14:24 12800]
R1 mvd20;mvd20;c:\program files\Clarus\Samsung SecretZone\mvd20.sys [5.1.2011 14:24 64000]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [6.9.2010 3:19 169408]
R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [6.3.2010 13:24 164992]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.8.2011 1:33 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8.2.2011 5:33 269520]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [6.3.2010 13:24 12544]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12.3.2009 18:36 86016]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [5.1.2011 14:24 114688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3.8.2010 15:23 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [3.8.2010 15:23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [3.8.2010 15:23 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 14:16 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [14.4.2011 18:32 947528]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [14.9.2011 14:53 41272]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [5.7.2010 11:18 32377]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 14:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2011-09-19 c:\windows\Tasks\User_Feed_Synchronization-{85035588-1CAE-4B1A-9700-D79C1B65CA41}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: Download all links with IDM
IE: Download FLV video content with IDM
IE: Download Image Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_img.htm
IE: Download Page Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_all.htm
IE: Download Selection Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_sel.htm
IE: Download Target Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_file.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Show Page Links Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_link.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{7FCA7BD7-8F4D-4a81-BE72-A470F4E517D5} - {05926058-0C40-4092-8521-78D9D281B457} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 10.0.0.138
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Vaclav\Data aplikací\Mozilla\Firefox\Profiles\5zt6rj2p.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=green ... =966134&p=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-19 15:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 946 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Background Task Scheduler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05BDC38E-5493-487a-A7FF-8CF2246ABC13}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="URL Shortcut PropSetStorage Mapping"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06EEE834-461C-42c2-8DCF-1502B527B1F9}\Instance]
"CLSID"="{942bc614-676c-464e-b384-d3202aaa02da}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft BrowserBand"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{07C45BB1-4A8C-4642-A1F5-237E7215FF66}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Fade Task"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1C1EDB47-CE22-4bbb-B608-77B48F83C823}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE OrderListExport"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1D1F0730-0748-4b5f-81DF-865694BD07AC}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Desk Bar"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{205D7A97-F16D-4691-86EF-F3075DCCA57D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shared Task Scheduler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2183DACA-D0BF-4a31-97F7-B87618A81955}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="TravelLog"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{34a3d570-67d9-4265-a9ee-8c3fa3dfeccf}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Subscribe Dialog"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e71f26d-136f-4545-813f-35276024b705}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Navigation Bar"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{43886CD5-6529-41c4-A707-7B3C92C05E68}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDataObjectWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{447EDBE5-0080-4036-A0BB-7B84C58C604F}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Site"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44C76ECD-F7FA-411c-9929-1B77BA77F524}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Menu Band"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4B78D326-D922-44f9-AF2A-07805C2A3560}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Document"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{528d46b3-3a4b-4b13-bf74-d9cbd7306e07}\ProgID]
@="xmlfile"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Tasks"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{53510d24-57eb-4713-9afb-e6e60530b87e}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories cache daemon"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft History AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6038EF75-ABFC-4e59-AB6F-12D397F6568D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Tracking Shell Menu"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}]
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6CF48EF8-44CD-45d2-8832-A16EA016311B}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE BandProxy"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73CFD649-CD48-4fd8-A272-2070EA56526B}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Private Profile Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{75847177-f077-4171-bd2c-a6bb2164fbd0}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IEDropSourceWrapper"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8E989135-2736-4767-8160-EA3613F69D24}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Executable"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9271516F-F860-4a02-8F0C-BDAF8A5D13A4}\InProcServer32]
@DACL=(02 0010)
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="INI Property Set Storage Handler"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{942bc614-676c-464e-b384-d3202aaa02da}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE MRU AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS Feeds Folder"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9a096bb5-9dc3-4d1c-8526-c3cbf991ea4e}\ShellFolder]
"Attributes"=dword:a0000000
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Shell Folder AutoComplete List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Thread Handshake"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9FAE1230-74AC-4e33-B59C-4051BBEB0803}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Thread State"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A6B222AB-A5EA-4899-B230-084657EDDC7D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Toolbar Extension for Bands"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AA0AF823-B0D0-40c7-AE77-F13B14D9FFAE}\InProcServer32]
@DACL=(02 0010)
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE RSS FeedFolder Tasks"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AAC2B978-266D-48ae-AA28-60A3EBB872D0}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Shell Name Space ListView"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ACE52D03-E5CD-4b20-82FF-E71B11BEAE1D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Multiple AutoComplete List Container"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B31C5FAE-961F-415b-BAF0-E697A5178B94}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Microsoft Browser Architecture"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}\ShellFolder]
"Attributes"=dword:a0000050
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Rebar BandSite"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft Docking Bar Property Bag"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C21B45B8-5D76-4575-BA27-54823098C491}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="PSFactoryBuffer"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InProcServer32]
@="c:\\Program Files\\Internet Explorer\\ieproxy.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Component Categories conditional cache daemon"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="Browser Application State"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Shell Band Site Menu"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E6EE9AAC-F76B-4947-8260-A9F136138E11}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ProtectedModeAPI"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ed72f0d2-b701-4c53-adc3-f2fb59946dd8}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="&Links"
"MenuTextPUI"="@c:\\WINDOWS\\system32\\ieframe.dll.mui,-13138"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2CF5485-4E02-4f68-819C-B92DE9277049}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Registry Tree Options Utility"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE User Assist"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}\InProcServer32]
@="ieframe.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Microsoft CommBand"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FADE020C-B6CB-400b-B794-5A51C9A5F6D0}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IE Custom MRU AutoCompleted List"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="XML Feed Moniker"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ffd90217-f7c2-4434-9ee1-6f1b530db20f}\InProcServer32]
@="c:\\WINDOWS\\system32\\ieframe.dll"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="IBrowserFrame"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\NumMethods]
@="16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{13162E4E-D40C-4A6D-8340-CCE73E87A38A}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabBrowserService"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\NumMethods]
@="6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{83E7A2AB-486C-466D-AF9C-652713DBBFB2}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindow"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\NumMethods]
@="28"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{9BAB3405-EE3F-4040-8836-25AA9C2D408E}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}]
@DACL=(02 0010)
@Denied: (A) (PowerUsers)
@Denied: (A) (Administrators)
@="ITabWindowManager"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\NumMethods]
@="17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CAE57FE7-5E06-4804-A285-A985E76708CD}\ProxyStubClsid32]
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(1980)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\DCPFLICS\dcpflics.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2011-09-19 15:49:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-09-19 13:49
ComboFix2.txt 2011-09-17 09:53
ComboFix3.txt 2011-09-14 15:31
.
Před spuštěním: Volných bajtů: 70 436 061 184
Po spuštění: Volných bajtů: 70 605 230 080
.
- - End Of File - - F371C48E5B249F6C13ADFC73F0A38BE4

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
http://www.edisk.cz/stahni/29485/T-Clea ... 8.5KB.html

smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


jak to vypadá?

[Psenda15]

Nevim no,možná to jde trochu rychlejc.Víc se asi udělat nedá...děkuji vám za snahu