takze ted se stalo doost veci, musel sem si to psat bokem, abych to nezapomnel-
najednou se mi tu zacal spouste IE, dokonce se pridala ikona na plochu, ale ta stara, od sestky, ne od IE7, kterou mam. zmenilo se nastaveni spodni listy-odrazka, ktera mi schovava cast panelu rychleho spusteni se nekam ztratila, panel jazyku se presunul cca do pulky a pokud sem mel otevreno nejake okno, tak na te liste to bylo cca ve dvou centimetrech nelevo od casti, kde jsou hodiny, ikona Kasperskyho atd. tohle se mi stavalo driv, kdyz sem mel v pc nejaky mensi problem s nejakym jednodussim virem. po vycisteni a restartu se to srovnalo. pak sem mel azs problem s klavesnici. jako by to furt drzelo CTRL a nepsalo to vubec zadny pismea. pak sem restartoval. Ukladani nastaveni trvalo o trochu vic, nez je obvykle, cca 2-3minuty. pak byla lista v poradku, ale zacal se znovu spoustet IE-podotykam, ze IE nempouzivam. mam ho tu. kdyz sem se snazil ukoncocvat proces iexploreru, tak se vzdycky vratil. Kaspersky se sam nezapnul. pak i zmizel z programu po spusteni. dalsi restart. vse vypadalo ok, KAS se zapnul a hlasil, ze IE se nemuze pripojit-bylo tam neco o nejake IP adrese, ale to sem nestihl zaznamenat. zkusil sem znovu blacklight, jednou se zaseknul, podruhe byl log cisty. prikladam oba- ten prvni je, kdyz se to zaseklo
06/13/07 20:16:31 [Info]: BlackLight Engine 1.0.61 initialized
06/13/07 20:16:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/13/07 20:16:32 [Note]: 7019 4
06/13/07 20:16:32 [Note]: 7005 0
06/13/07 20:18:37 [Note]: 7006 0
06/13/07 20:18:37 [Note]: 7011 1720
06/13/07 20:18:54 [Note]: 7027 5
06/13/07 20:19:04 [Error]: 6030 0
06/13/07 20:19:04 [Note]: 7027 0
06/13/07 20:19:05 [Note]: 7026 0
06/13/07 20:19:06 [Note]: 7026 0
06/13/07 20:19:15 [Note]: FSRAW library version 1.7.1021
06/13/07 20:25:13 [Note]: 2000 1012
06/13/07 20:25:13 [Note]: 2000 1012
druhy log
06/13/07 20:33:33 [Info]: BlackLight Engine 1.0.61 initialized
06/13/07 20:33:33 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/13/07 20:33:33 [Note]: 7019 4
06/13/07 20:33:33 [Note]: 7005 0
06/13/07 20:33:36 [Note]: 7006 0
06/13/07 20:33:36 [Note]: 7011 3564
06/13/07 20:34:06 [Note]: 7026 0
06/13/07 20:34:06 [Note]: 7026 0
06/13/07 20:34:15 [Note]: FSRAW library version 1.7.1021
06/13/07 20:40:04 [Note]: 2000 1012
06/13/07 20:40:04 [Note]: 2000 1012
06/13/07 20:40:18 [Note]: 7007 0
pak sem spustil Combofix. poprve se taky nejak zasekl-mel sem vypnuty KAS, podruhe sem ho uz mel zapnuty a ihned hlasil(5krat po sobe) a zase rval, ze se spousti C:\Combofix\handle.cfexe jako ta pripona mi pripada dost zahadna:-( pokazdy sem ho nechal blokovat, test se dokoncil, log je tady- tenhle log je ulozen jako ComboFix-quarantined-files. pak je tu jeste dalsi combofixlog, oddelil sem ho cervene psanym textem od tohohle prvniho logu.
Kód: Vybrat vše
2004-08-17 15:49 137216 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\TASKMGR.COM.vir
2004-08-17 15:49 147968 --a------ C:\Qoobox\Quarantine\C\WINDOWS\REGEDIT.COM.vir
2007-02-28 01:45 3652 --a------ C:\Qoobox\Quarantine\C\Program Files\install.log.vir
2007-06-13 19:35 10552 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
2007-06-13 19:35 1206 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf
2007-06-13 19:35 276 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.reg.cf
Věpis CESTY slo§ky
S‚riov‚ źˇslo svazku je 5CF0-18CD
C:\QOOBOX
\---Quarantine
+---C
| +---Program Files
| | install.log.vir
| |
| \---WINDOWS
| | REGEDIT.COM.vir
| |
| \---system32
| TASKMGR.COM.vir
|
\---Registry_backups
LEGACY_NM.reg.cf
LEGACY_NPF.reg.cf
services_nm.reg.cf
ComboFix 07-06-13.3 - C:\Documents and Settings\st_ck\Plocha\ComboFix.exe
"st_ck" - 13.06.2007 19:33:30 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\install.log
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NM
-------\LEGACY_NPF
-------\nm
((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))
2007-06-13 19:33 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-12 19:17 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2007-06-12 11:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Spyware Terminator
2007-06-12 11:37 <DIR> d-a------ C:\WINDOWS\zts2.exe
2007-06-12 11:37 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-06-12 11:37 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-06-12 11:37 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2007-06-12 11:37 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2007-06-12 11:37 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2007-06-12 11:35 147,968 --a------ C:\WINDOWS\R.COM
2007-06-12 11:35 137,216 --a------ C:\WINDOWS\system32\T.COM
2007-06-11 19:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Lavasoft
2007-06-09 15:28 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-06-09 15:28 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-06-09 15:27 54,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-09 15:27 3,894,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-09 15:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Kaspersky Lab
2007-06-07 23:03 <DIR> d-------- C:\DOCUME~1\st_ck\DATAAP~1\Tenebril
2007-06-07 22:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\DATAAP~1\Tenebril
2007-06-07 22:44 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-06-07 22:44 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-06-07 21:44 <DIR> d-------- C:\DOCUME~1\st_ck\DATAAP~1\Everest Labs
2007-06-06 18:17 85,719 --a------ C:\WINDOWS\system32\NTSpool.exe
2007-06-06 18:17 51,733 --a------ C:\WINDOWS\system32\NTSpool.dat
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-31 21:00 87,608 --a------ C:\DOCUME~1\st_ck\DATAAP~1\inst.exe
2007-05-31 21:00 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-31 21:00 47,360 --a------ C:\DOCUME~1\st_ck\DATAAP~1\pcouffin.sys
2007-05-31 21:00 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-05-31 21:00 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-05-31 21:00 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-05-31 21:00 <DIR> d-------- C:\Program Files\vso
2007-05-31 21:00 <DIR> d-------- C:\DOCUME~1\st_ck\DATAAP~1\Vso
2007-05-31 20:43 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-05-31 20:43 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-05-31 20:43 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-05-31 20:42 471,552 --a------ C:\WINDOWS\system32\Smab.dll
2007-05-24 18:12 31,744 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2007-05-22 00:26 81,920 --------- C:\WINDOWS\system32\_pdfxp.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-12 23:00:27 -------- d-----w C:\Program Files\Common Files\Agnitum Shared
2007-06-12 12:53:30 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-06-11 21:19:58 -------- d-----w C:\DOCUME~1\st_ck\DATAAP~1\Spy Emergency
2007-06-11 21:11:00 -------- d-----w C:\DOCUME~1\st_ck\DATAAP~1\MyPhoneExplorer
2007-05-13 14:41:07 -------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-05-08 16:22:51 -------- d-----w C:\Program Files\America's Army Server Manager
2007-04-26 15:19:32 83,536 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-26 15:19:09 59,984 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-26 15:16:03 26,064 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
2007-04-26 15:15:38 52,304 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-04-26 15:15:32 39,248 ----a-w C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-04-22 11:58:51 -------- d-----w C:\Program Files\Common Files\PC Tools
2007-04-18 16:15:25 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-03-25 13:19:06 74,606 ----a-w C:\WINDOWS\system32\perfc005.dat
2007-03-25 13:19:06 402,000 ----a-w C:\WINDOWS\system32\perfh005.dat
2007-03-17 13:45:10 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2006-10-30 18:17:13 131,247 --sha-r C:\WINDOWS\system32\ope13.exe
2006-10-30 18:32:36 131,145 --sha-r C:\WINDOWS\system32\ope29.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\stupids\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 06:12]
{53707962-6F74-2D53-2644-206D7942484F}=C:\stupids\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\stupids\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 03:17]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\stupids\DU Meter\DUMeter.exe" [2004-10-27 20:42]
"AVP"="C:\stupids\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
"NoLogoff"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
"NoLogoff"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^DU Meter.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\DU Meter.lnk
backup=C:\WINDOWS\pss\DU Meter.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Post-it® Software Notes Lite.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Post-it® Software Notes Lite.lnk
backup=C:\WINDOWS\pss\Post-it® Software Notes Lite.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Spyware Doctor.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Spyware Doctor.lnk
backup=C:\WINDOWS\pss\Spyware Doctor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\stupids\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
"C:\stupids\CCleaner\ccleaner.exe" /AUTO
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
C:\stupids\DU Meter\DUMeter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpcmd]
C:\WINDOWS\system32\spool\cmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\stupids\ICQLite\ICQLite.exe" -minimize
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ikiosk33]
C:\stupids\Public PC Desktop\kiosk.exe run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kcits]
c:\stupids\kcits\csrss.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KIT3]
C:\WINDOWS\system32\spool\hpprintqueue.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\stupids\Logitech\Video\ManifestEngine.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\stupids\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\stupids\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\stupids\MUSICM~2\MUSICM~1\mimboot.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGQN Agent]
C:\WINDOWS\system32\Sys32\NGQN.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NTSpool ]
C:\WINDOWS\system32\NTSpool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\stupids\QuickTime Alternative\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\stupids\Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\stupids\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startkey]
C:\WINDOWS\system32\server.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Hry\Valve\Steam\\Steam.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StrSystem]
C:\WINDOWS\strs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\stupids\Java\jre1.5.0_08\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrna3ls]
C:\Program Files\rnamfler\naomf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrv"=2 (0x2)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"LiveUpdate"=3 (0x3)
"IDriverT"=3 (0x3)
"NVSvc"=2 (0x2)
"ERSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"O&O Defrag"=2 (0x2)
"SpyEmrgSrv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a13fbc4-632f-11db-950d-000c6ea870d8}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-06-13 19:38:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
cmd.exe [2208]
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-13 19:48:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-13 19:48
--- E O F ---
jak tak koukam, tak se mu tu vytvorilo najednou nejaky Qoobox, to se mi nelibi a pak primo v cecku slozka s Combofixem, ta tam predpokladam ma bejt. uf, napsal sem toho hodne, snad vas to neprestane bavit mi pomahat. fakt zacinam bejt zoufalej:-( vypada to na reinstal WINu? cekam na radu
)