Prosím o kontrolu logu Vyřešeno

[Nius]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:02, on 3.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
D:\Program files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe

--
End of file - 5829 bytes

[Reklama]

[Nius]

tento soubor v mém PC neni c:\windows\system32\vbohost.exe takže ho nemůžu zkontrolovat

[jaro3]

Máš povoleno zobrazovat skryté soubory a složky (nástroje-možnosti složky-zobrazení) ?
Na VT můžeš vložit místo hledání toto:
c:\windows\system32\vbohost.exe
Tak to ještě zkus jednou.

[Nius]

zobrazovat skryté soubory a složky mám povoleno ale prostě to tam nemůžu najít nechci vypadat jako uplnej amatér ale ad dělám co dělám tak to tam nevidím

[jaro3]

Tak tam do okénka na virustotal vlož myší tu cestu.

[Nius]

já bych to tam dal ale opravdu nevím jak napsat to tam nejde a ten soubor tam opravdu neni

[jaro3]

Takže dáme ještě jeden script ( zase předtím vypni ochrany):

Kód: Vybrat vše

Suspect::
c:\windows\system32\vbohost.exe


Postup stejný, jako předtím.
Na disku C se ti vytvoří adresář/složka pojmenovaná Qoobox a v ní bude další adresář Quarantine a v ní najdeš archiv v podobném tvaru [4]-Submit a_2008-10-26@14.14.zip kde čísla za @ znamenají aktuální čas vytvoření souboru. Pošli mi ho jako přílohu přes SZ. Dík.
Dokončíme to zítra.
Ten log z CF sem dej taky.

[Nius]

jasný zatim ti moc děkuji měj se ahoj

[Nius]

ComboFix 09-02-02.04 - Musilovi 2009-02-03 22:48:40.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1635 [GMT 1:00]
Spuštěný z: c:\documents and settings\Musilovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Musilovi\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-01-03 do 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-03 20:34 . 2009-02-03 20:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 18:04 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 19:58 . 2009-02-01 19:58 <DIR> d-------- c:\windows\Puzzle Quest
2009-01-26 13:59 . 2009-01-26 15:37 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Playrix Entertainment
2009-01-26 13:35 . 2009-01-26 15:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Playrix Entertainment
2009-01-26 12:42 . 2006-07-07 13:42 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-01-24 10:38 . 2009-01-24 10:38 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\VitySoft
2009-01-11 14:05 . 2009-01-11 14:05 <DIR> d-------- c:\windows\Sun
2009-01-11 13:30 . 2009-01-11 13:30 <DIR> d-------- c:\program files\Java
2009-01-11 13:30 . 2009-02-03 20:34 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 15:58 . 2009-01-07 16:23 <DIR> d-------- c:\windows\NV40723456.TMP
2009-01-05 18:09 . 2009-01-05 18:11 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 20:45 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-03 19:39 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-03 16:53 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Skype
2009-02-03 14:21 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-03 04:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-01 18:58 --------- d-----w c:\program files\OpenAL
2009-01-29 19:10 201,352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-29 19:10 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-26 09:26 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\BSplayer PRO
2009-01-17 07:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 15:09 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\uTorrent
2009-01-13 18:02 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-13 16:42 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Azureus
2009-01-07 15:23 --------- d-----w c:\program files\AGEIA Technologies
2009-01-07 15:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-05 17:00 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\FileZilla
2008-12-22 14:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2008-12-18 19:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Razer
2008-12-18 19:32 --------- d-----w c:\program files\Razer
2008-12-18 19:32 --------- d-----w c:\program files\DIFX
2008-12-13 12:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\7Wonders2
2008-12-13 12:48 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\GameHouse
2008-12-10 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft.NET
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft Works
2008-12-07 15:08 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Leadertech
2008-12-07 08:55 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\InstallShield
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ubisoft
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2008-12-06 10:25 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Bella Sara
2008-11-24 18:07 16,608 ----a-w c:\windows\gdrv.sys
2008-10-24 05:56 22,328 ----a-w c:\documents and settings\Musilovi\Data aplikací\PnkBstrK.sys
2008-03-25 21:32 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-04-14 03:22 1,220,608 --sh--r c:\windows\system32\vbohost.exe
.

------- Sigcheck -------

2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VSPX"= vspxvfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=d:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"SDM4500P"=d:\program files\SWT2000\HCM.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program files\\Codemasters\\DiRT\\DiRT.exe"=
"d:\\Program files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program files\\CZDC++\\CZDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"e:\\Program files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"e:\\Program files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-18 12032]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-25 3584]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Musilovi\Data aplikací\Mozilla\Firefox\Profiles\14v3eh79.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 22:49:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,db,4d,db,9b,18,8f,32,6b,f9,b3,3b,0d,fd,9c,ca,3a,d9,af,cc,b0,21,97,
81,b8,d2,f6,1a,cb,92,98,b3,5e,7e,2d,f6,39,be,b2,f2,e9,5c,a1,6b,ab,54,fc,b5,\
"??"=hex:6c,25,4a,62,36,54,5c,8c,d5,63,ab,68,21,1c,e9,b1

[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:25,cb,d8,6d,a5,75,2d,e2,6d,f3,cd,b5,a4,38,43,98,24,51,b8,98,74,
62,ca,74,83,7a,5b,ae,fc,5c,a0,10,d8,c7,2a,e5,a1,7c,6a,4d,ca,47,6d,f5,d4,e7,\
"rkeysecu"=hex:b6,1c,5e,e9,42,7e,5f,aa,f0,d8,66,a0,35,db,26,3c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="496E888EE04FE2A6CDEFBBB78DA840BB5911BF5CBAB2CB18E5ACA387B7AF9C4C3E0350FDB5944EB3D1322769C501FCEC5EBB7014A954A158EA189630F3C7332B8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555C038D530D6EB3452A2D97226D213B5552F62632134ACA27DEA65381187EE31C9567A826C4C99DA825336D190BB0599548EDEFE94B2A6CE41969DF1EAD43ED8DC0598824D34C23971AFC45D81162BC25E71188369BA035AD30503CDDE434ECF5D6342116C9BBB3A3A4173BEC678AD70801187269E680B041E1D7CBBC5F1E55A18AAEAF517BFEBCD2C33E3354062B05BB2281ABFCC9C406CD9CBE0CB07410225AD19789BA9246BC5EEB32924E1970B20BFF5B14D1AF9D61A99040135A1D5D33D916F4711190E08DA7B764C15B29DC53F46BF226F456AB3F53EB61E5129983E148EF424896C86C4A79EB1C8B3D1419F1EB9CA366B201874CB8160ED9DC3385C82C072555C3FDDD52DFC9F8ECEEC918B03DE65A82B0EF467CFEEFA1B3CA9A478C119350F03BF25254C09FD01DAC95FB01BD15CAB398A349195E48742732B9394EFDB8E7D9C33B2CE4E0F92F970404568F7028665C7214EA917998B762D2AFDE310A156BFED6EA0A6DE2BA1C34A3D9BC10CB1396CAC747E9AB192103EF79CA05087D7E2E7DB5E4CB18CD0752048408300327750CFDEB8C60426AC2013830CFC74A1BE157E7201D9A7C943DD40EFDC5E98253D2C90FC376ABA1C97CD62271859248D6CCB7D606BADF7EF9FAC4F67BDD4B58544B0A147CE714599572C8FDD73BC60DB486FD37743F143B9D0B968FA9CD0B7569CC46EA16E28DF0E43D56F43E2F463031067E430C41660461ADE999BC982AE03AE5452961D9D784B07E5CB9B401499DFD2A108A4BECBD69790FA695C2C5CE356B3CE9F52F3A7B30522FDE44A7C6F23ADF6110814158865189D704F743A164F803D289AA59F5D6AD669436A5B179E5590B4AAA4E0BE06FC1181A5B541002BA1162BD77C06E09B25BB845C82FBA800B78F99E78F1246C4C3B3CA86FE421E59BB1035DA710B8F03A517EEF649FD5935071484C670D2CB041391E0007D1B49A5B4C9672E9CF291F5DF2C7745CA57E7A1356B2D4861F182CCF8227D067A1349D457851F57111E661DF827C27809A028EEE34A19F27362B16736C1AD8FB016F974226510DDD8929D664E14C84D7A1B7F8BEEC5A750283C34E1BF30D495D0B64DD14872BFCCEF77DEFEEEE355FD8A25E6A760D8086D77B7790FBF0FA6187E2546812E1B0A344999615E1F6C88CA15C66E38F9613FDB4A3506851566AE19D23BFC59EFAC1DA7C7EB74BA55675479EDA8B7773022A7B282B8EE1E4FA3C920D8F41EF5DCDD7CBE4681778FBC7183D2591979E0AB41"
.
Celkový čas: 2009-02-03 22:49:58
ComboFix-quarantined-files.txt 2009-02-03 21:49:56
ComboFix2.txt 2009-02-03 21:01:30

Před spuštěním: 6 722 772 992
Po spuštění: 6,708,686,848

171 --- E O F --- 2008-12-10 14:16:37

[Nius]

JARO ten soubor [4]-Submit_2009-02-03@22.48 je moc velkej má 1Mb a nejde poslat max. 512Kib

[jaro3]

Pošli to sem a vlož mi pouze odkaz do SZ.:
http://www.edisk.cz/
Díky , zítra.

[Nius]

máš to tam