PC-HELP.CZ

Prosím o kontrolu logu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:14, on 9.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\Program Files\OpenOffice.org 3\program\scalc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Přizpůsobit Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Nástrojová lišta - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Uložit formuláře - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9556 bytes

Předem děkuji za kontrolu.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (file missing)
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

sc config Kaspersky Anti-Virus (AVP) start= disabled
sc config avp start= disabled
sc stop Kaspersky Anti-Virus (AVP)
sc stop avp
sc delete Kaspersky Anti-Virus (AVP)
sc delete avp

ulož si ho na plochu jako-název remove.bat a ulož ho jako typ všechny soubory , najdi na ploše tento soubor , spusť ho poklepáním.
Otevře se Dosovské okno a zavře. Restartuj comp.
****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2584
Windows 5.1.2600 Service Pack 3

9.8.2009 13:54:53
mbam-log-2009-08-09 (13-54-34).txt

Typ skenu: Rychlý sken
Objektu skenováno: 82262
Uplynulý cas: 4 minute(s), 17 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2584
Windows 5.1.2600 Service Pack 3

9.8.2009 14:27:29
mbam-log-2009-08-09 (14-27-29).txt

Typ skenu: Rychlý sken
Objektu skenováno: 82190
Uplynulý cas: 3 minute(s), 23 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 2
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

ComboFix 09-08-08.04 - Ivana 09.08.2009 14:38.3.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.232 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ivana\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ivana\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Ashampoo AntiSpyWare 2.lnk
c:\windows\Installer\4f89d4.msi

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-09 do 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-08 12:46 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 12:46 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-08 12:46 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-08 12:46 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-08 12:46 . 2009-08-08 12:46 -------- d-----w- c:\program files\Avira
2009-08-08 12:10 . 2009-08-08 12:10 96645 ----a-w- c:\windows\system32\drivers\klin.dat
2009-08-08 12:10 . 2009-08-08 12:10 87941 ----a-w- c:\windows\system32\drivers\klick.dat
2009-08-08 12:10 . 2009-08-09 11:41 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-08 12:10 . 2009-08-09 11:41 122912 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-06 17:02 . 2009-08-06 17:02 -------- d-----w- c:\program files\Siber Systems
2009-08-05 01:53 . 2000-11-06 14:53 192984 ----a-w- c:\windows\system32\qpl.dll
2009-08-05 01:53 . 2000-11-06 14:53 215000 ----a-w- c:\windows\system32\LpCom.dll
2009-08-05 01:26 . 2009-08-05 01:43 -------- d-----w- c:\program files\SIM
2009-08-04 17:29 . 2009-08-04 17:39 -------- d-----w- c:\program files\TVPlayerClassic
2009-07-31 04:03 . 2009-07-31 04:03 -------- d-----w- c:\program files\Alwil Software
2009-07-31 03:56 . 2009-07-31 03:56 0 ----a-w- c:\windows\system32\cid_store.dat
2009-07-29 03:28 . 2009-07-29 03:28 -------- d-----w- c:\program files\Psi+
2009-07-27 21:48 . 2009-07-27 21:48 -------- d-----w- c:\documents and settings\Ivana\.smplayer
2009-07-27 10:33 . 2009-07-27 10:29 737280 ----a-w- c:\windows\iun6002.exe
2009-07-27 10:33 . 2009-07-27 10:33 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-07-26 19:31 . 2009-07-26 19:31 -------- d-----w- c:\program files\IObit
2009-07-25 18:30 . 2009-07-25 18:30 -------- d-----w- c:\windows\Sun
2009-07-25 18:28 . 2009-07-25 18:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-25 18:27 . 2009-07-25 18:27 -------- d-----w- c:\program files\Java
2009-07-25 18:25 . 2009-07-26 11:54 -------- d--h--w- c:\program files\InstallJammer Registry
2009-07-22 15:13 . 2009-07-22 15:13 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-22 09:09 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 09:09 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 09:09 . 2009-08-09 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 00:11 . 2009-07-22 00:11 -------- d-----w- c:\program files\Seznam
2009-07-21 23:12 . 2009-07-21 23:12 -------- d-----w- c:\program files\Trend Micro
2009-07-21 12:53 . 2009-07-21 12:53 -------- d-----w- c:\program files\Google
2009-07-21 10:13 . 2009-07-21 10:13 -------- d-----w- c:\program files\VoipDiscount.com
2009-07-20 21:18 . 2009-07-20 21:27 -------- d-----w- C:\Download
2009-07-20 09:55 . 2009-07-21 03:36 -------- d-----w- c:\program files\Star Downloader
2009-07-19 18:34 . 2009-07-19 18:34 -------- d-----w- c:\program files\Jabbim
2009-07-19 17:49 . 2009-07-19 17:49 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-19 17:10 . 2006-03-02 12:00 81280 ----a-w- c:\windows\system32\HAL(2).DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 11:41 . 2009-08-08 12:10 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-09 11:41 . 2009-08-08 12:10 1500 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-08 12:34 . 2004-12-31 23:21 -------- d-----w- c:\program files\Ashampoo
2009-08-05 01:12 . 2009-07-06 18:10 -------- d-----w- c:\program files\Miranda
2009-07-31 11:38 . 2009-06-30 12:54 -------- d-----w- c:\program files\Maxthon2
2009-07-31 11:29 . 2007-10-29 12:00 78164 ----a-w- c:\windows\system32\perfc005.dat
2009-07-31 11:29 . 2007-10-29 12:00 429352 ----a-w- c:\windows\system32\perfh005.dat
2009-07-22 13:01 . 2009-07-01 15:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-19 18:02 . 2009-07-06 20:32 -------- d-----w- c:\program files\Opera 10 Beta
2009-07-19 17:49 . 2009-07-07 05:51 -------- d-----w- c:\program files\jwDuplFiles
2009-07-19 17:48 . 2009-07-03 06:46 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-07 06:26 . 2009-07-09 13:52 -------- d-----w- c:\program files\Psi+JE
2009-07-06 17:53 . 2009-07-06 17:53 -------- d-----w- c:\program files\VideoLAN
2009-07-04 13:41 . 2009-07-04 13:41 8 ----a-w- c:\windows\system32\nvModes.dat
2009-07-04 11:20 . 2009-07-03 08:08 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-07-03 08:08 . 2009-07-03 08:08 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-07-03 07:30 . 2009-07-03 07:30 -------- d-----w- c:\program files\Windows Defender
2009-07-03 07:27 . 2009-07-03 07:27 98304 ----a-w- c:\windows\system32\qttask.exe
2009-07-03 07:26 . 2009-07-03 07:24 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2009-07-03 07:22 . 2009-07-03 07:22 -------- d-----w- c:\program files\MSECache
2009-07-03 07:21 . 2009-07-03 07:21 -------- d-----w- c:\program files\TeamViewer3
2009-07-03 07:19 . 2009-07-03 07:19 -------- d-----w- c:\program files\VS Revo Group
2009-07-03 05:58 . 2009-06-30 11:55 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-03 05:58 . 2009-06-30 11:55 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-07-03 05:45 . 2009-07-03 05:45 -------- d-----w- c:\program files\MSXML 6.0
2009-07-03 05:38 . 2009-06-30 12:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 16:03 . 2009-07-02 16:03 -------- d-----w- c:\program files\Common Files\GTK
2009-07-02 15:03 . 2009-07-02 15:03 -------- d-----w- c:\program files\MSBuild
2009-07-02 14:59 . 2009-07-02 14:59 -------- d-----w- c:\program files\Reference Assemblies
2009-07-02 13:53 . 2009-07-02 13:53 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-02 11:50 . 2009-07-02 11:50 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-01 21:05 . 2009-07-01 21:05 -------- d-----w- c:\program files\MSXML 4.0
2009-06-30 15:54 . 2009-06-30 15:54 -------- d-----w- c:\program files\Common Files\Skype
2009-06-30 15:54 . 2009-06-30 15:54 -------- d-----r- c:\program files\Skype
2009-06-30 15:51 . 2009-06-30 15:51 -------- d-----w- c:\program files\CCleaner
2009-06-30 14:19 . 2009-06-30 14:19 -------- d-----w- c:\program files\linguatec
2009-06-30 14:17 . 2009-06-30 14:16 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-30 14:15 . 2009-06-30 14:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-30 13:35 . 2009-06-30 13:35 -------- d-----w- c:\program files\7-Zip
2009-06-30 13:32 . 2009-06-30 13:32 -------- d-----w- c:\program files\CDex_150
2009-06-30 13:30 . 2009-06-30 13:30 -------- d-----w- c:\program files\Softinterface, Inc
2009-06-30 13:27 . 2009-06-30 13:27 -------- d-----w- c:\program files\A-PDF Text Extractor
2009-06-30 13:24 . 2009-06-30 13:24 -------- d-----w- c:\program files\Opera
2009-06-30 12:44 . 2009-06-30 12:43 -------- d-----w- c:\program files\Lexmark 2300 Series
2009-06-30 12:39 . 2009-06-30 12:39 -------- d-----w- c:\program files\Realtek Sound Manager
2009-06-30 12:39 . 2009-06-30 12:39 -------- d-----w- c:\program files\AvRack
2009-06-30 12:39 . 2009-06-30 12:27 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-30 12:38 . 2009-06-30 12:38 -------- d-----w- c:\program files\AMD
2009-06-30 12:32 . 2009-06-30 12:32 -------- d-----w- c:\program files\My Company Name
2009-06-30 12:30 . 2009-06-30 12:30 -------- d-----w- c:\program files\ASUS
2009-06-30 12:01 . 2009-06-30 11:55 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-06-30 11:56 . 2009-06-30 11:56 -------- d-----w- c:\program files\microsoft frontpage
2009-06-29 16:00 . 2007-10-29 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:59 . 2007-10-29 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2007-10-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2007-10-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2007-10-29 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:11 . 2007-10-29 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-22_12.32.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-08-09 11:42 . 2009-08-09 11:42 16384 c:\windows\temp\Perflib_Perfdata_304.dat
+ 2006-11-02 15:10 . 2006-11-02 15:10 80912 c:\windows\system32\sherlock2.exe
+ 2004-08-10 05:52 . 2004-08-10 05:52 49221 c:\windows\system32\rv40.dll
+ 2004-08-10 05:52 . 2004-08-10 05:52 49221 c:\windows\system32\rv30.dll
+ 2004-08-10 05:51 . 2004-08-10 05:51 57411 c:\windows\system32\rv20.dll
+ 2004-08-10 05:50 . 2004-08-10 05:50 49216 c:\windows\system32\rv10.dll
+ 2007-10-29 12:00 . 2009-06-29 16:00 44544 c:\windows\system32\pngfilt.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 44544 c:\windows\system32\pngfilt.dll
+ 2007-10-29 12:00 . 2009-07-31 11:29 67564 c:\windows\system32\perfc009.dat
+ 2005-10-14 09:56 . 2002-10-04 21:04 45056 c:\windows\system32\ogg.dll
+ 2007-08-13 16:54 . 2009-06-29 16:00 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 16:54 . 2009-04-29 04:47 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-10-29 12:00 . 2009-06-29 16:00 27648 c:\windows\system32\jsproxy.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 16:39 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 16:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2007-10-29 12:00 . 2009-06-29 16:00 44544 c:\windows\system32\iernonce.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 44544 c:\windows\system32\iernonce.dll
- 2007-10-29 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
+ 2007-10-29 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 16:36 . 2009-04-29 04:47 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 16:36 . 2009-06-29 15:59 63488 c:\windows\system32\icardie.dll
+ 2008-12-17 16:22 . 2008-12-17 16:22 93184 c:\windows\system32\ff_wmv9.dll
+ 2008-12-17 16:22 . 2008-12-17 16:22 57344 c:\windows\system32\ff_vfw.dll
+ 2009-08-08 12:46 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-04-25 16:21 . 2008-04-25 16:21 26964 c:\windows\system32\drivers\klopp.dat
+ 2008-03-25 18:07 . 2008-03-25 18:07 24592 c:\windows\system32\drivers\klim5.sys
+ 2008-01-29 16:29 . 2008-01-29 16:29 32784 c:\windows\system32\drivers\klbg.sys
+ 2007-08-13 16:36 . 2009-06-29 16:00 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-13 16:36 . 2009-04-29 04:47 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-07-03 06:18 . 2009-04-29 04:47 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-07-03 06:18 . 2009-06-29 16:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 16:54 . 2009-04-29 04:47 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 16:54 . 2009-06-29 16:00 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-07-03 06:18 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-07-03 06:18 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-08-13 16:39 . 2009-06-29 16:00 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-13 16:39 . 2009-04-29 04:47 44544 c:\windows\system32\dllcache\iernonce.dll
- 2009-04-29 04:35 . 2009-04-29 04:47 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-04-29 04:35 . 2009-06-29 15:59 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-13 16:39 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 16:39 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-07-03 06:18 . 2009-06-29 15:59 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-07-03 06:18 . 2009-04-29 04:47 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-13 16:42 . 2007-08-13 16:42 17408 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 16:42 . 2009-06-29 15:59 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-10 05:50 . 2004-08-10 05:50 65602 c:\windows\system32\cook.dll
+ 2004-08-10 05:50 . 2004-08-10 05:50 77889 c:\windows\system32\atrc.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-07-28 22:27 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-07-28 22:27 . 2009-04-29 04:47 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-07-28 22:28 . 2009-04-29 04:47 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-07-28 22:27 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-07-28 22:27 . 2009-04-29 04:47 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-07-28 22:27 . 2008-04-14 03:21 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2005-10-14 09:56 . 2005-12-30 18:10 761856 c:\windows\system32\xvidcore.dll
- 2009-06-30 12:30 . 2004-10-30 13:39 761856 c:\windows\system32\xvidcore.dll
+ 2005-10-14 09:56 . 2004-02-10 09:15 344064 c:\windows\system32\xvid.dll
+ 2007-10-29 12:00 . 2009-06-29 16:00 233472 c:\windows\system32\webcheck.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 233472 c:\windows\system32\webcheck.dll
+ 2008-11-29 19:26 . 2008-11-29 19:26 991232 c:\windows\system32\VSFilter.dll
+ 2005-10-14 09:56 . 2002-10-04 21:04 921600 c:\windows\system32\VorbisEnc.dll
+ 2005-10-14 09:56 . 2002-10-04 21:04 188416 c:\windows\system32\vorbis.dll
+ 2007-10-29 12:00 . 2009-06-29 16:00 105984 c:\windows\system32\url.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 105984 c:\windows\system32\url.dll
+ 2005-10-14 09:56 . 2003-04-29 08:13 155136 c:\windows\system32\unrar.dll
+ 2004-08-10 05:50 . 2004-08-10 05:50 106561 c:\windows\system32\sipr.dll
+ 2003-11-25 22:32 . 2003-11-25 22:32 123392 c:\windows\system32\pncrt.dll
+ 2007-10-29 12:00 . 2009-07-31 11:29 432800 c:\windows\system32\perfh009.dat
+ 2004-04-20 21:00 . 2004-04-20 21:00 172032 c:\windows\system32\OptimFROG.dll
+ 2005-10-14 09:56 . 2002-10-06 16:42 237568 c:\windows\system32\OggDS.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 102912 c:\windows\system32\occache.dll
+ 2007-10-29 12:00 . 2009-06-29 16:00 102912 c:\windows\system32\occache.dll
+ 2007-10-29 12:00 . 2009-06-29 16:00 671232 c:\windows\system32\mstime.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 671232 c:\windows\system32\mstime.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 193024 c:\windows\system32\msrating.dll
+ 2007-10-29 12:00 . 2009-06-29 16:00 193024 c:\windows\system32\msrating.dll
+ 2007-10-29 12:00 . 2009-06-29 16:00 477696 c:\windows\system32\mshtmled.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 16:54 . 2009-04-29 04:47 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 16:54 . 2009-06-29 16:00 459264 c:\windows\system32\msfeeds.dll
+ 2008-12-17 15:59 . 2008-12-17 15:59 560802 c:\windows\system32\libmplayer.dll
+ 2008-04-25 16:22 . 2008-04-25 16:22 206088 c:\windows\system32\klogon.dll
+ 2009-07-25 18:28 . 2009-07-25 18:27 148888 c:\windows\system32\javaws.exe
+ 2009-07-25 18:28 . 2009-07-25 18:27 144792 c:\windows\system32\javaw.exe
+ 2009-07-25 18:28 . 2009-07-25 18:27 144792 c:\windows\system32\java.exe
+ 2007-08-13 16:34 . 2009-06-29 16:00 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 16:34 . 2009-04-29 04:47 268288 c:\windows\system32\iertutil.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 385024 c:\windows\system32\iedkcs32.dll
+ 2007-10-29 12:00 . 2009-06-29 15:59 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 10:27 . 2009-06-29 15:59 380928 c:\windows\system32\ieapfltr.dll
- 2007-10-29 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
+ 2007-10-29 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 230400 c:\windows\system32\ieaksie.dll
+ 2007-10-29 12:00 . 2009-06-29 15:59 230400 c:\windows\system32\ieaksie.dll
+ 2007-10-29 12:00 . 2009-06-29 15:59 153088 c:\windows\system32\ieakeng.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-10 05:52 . 2004-08-10 05:52 241723 c:\windows\system32\hxltcolor.dll
+ 2008-12-17 16:41 . 2008-12-17 16:41 884237 c:\windows\system32\ff_x264.dll
+ 2008-12-17 16:17 . 2008-12-17 16:17 239247 c:\windows\system32\ff_theora.dll
+ 2004-10-03 16:50 . 2004-10-03 16:50 129024 c:\windows\system32\ff_mpeg2enc.dll
+ 2007-10-29 12:00 . 2009-06-29 15:59 133120 c:\windows\system32\extmgr.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 133120 c:\windows\system32\extmgr.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 214528 c:\windows\system32\dxtrans.dll
+ 2007-10-29 12:00 . 2009-06-29 15:59 214528 c:\windows\system32\dxtrans.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 347136 c:\windows\system32\dxtmsft.dll
+ 2007-10-29 12:00 . 2009-06-29 15:59 347136 c:\windows\system32\dxtmsft.dll
+ 2004-11-24 18:25 . 2004-11-24 18:25 335872 c:\windows\system32\drvc.dll
+ 2004-08-10 05:51 . 2004-08-10 05:51 176195 c:\windows\system32\drv2.dll
+ 2004-08-10 05:50 . 2004-08-10 05:50 102464 c:\windows\system32\drv1.dll
- 2009-06-30 12:30 . 2009-07-22 07:47 196608 c:\windows\system32\drivers\nStandard.bin
+ 2009-06-30 12:30 . 2000-08-07 18:27 196608 c:\windows\system32\drivers\nStandard.bin
+ 2009-08-08 12:09 . 2009-08-08 12:09 187408 c:\windows\system32\drivers\klif.sys
+ 2008-04-16 12:23 . 2008-04-16 12:23 112144 c:\windows\system32\drivers\kl1.sys
+ 2009-04-29 04:35 . 2009-06-29 16:00 827392 c:\windows\system32\dllcache\wininet.dll
- 2009-04-29 04:35 . 2009-04-29 04:47 827392 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 16:54 . 2009-06-29 16:00 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 16:54 . 2009-04-29 04:47 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-13 16:44 . 2009-04-29 04:47 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-13 16:44 . 2009-06-29 16:00 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 16:44 . 2009-04-29 04:47 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 16:44 . 2009-06-29 16:00 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 16:54 . 2009-06-29 16:00 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-13 16:54 . 2009-04-29 04:47 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 16:44 . 2009-06-29 16:00 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-08-13 16:44 . 2009-04-29 04:47 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 16:54 . 2009-06-29 16:00 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-08-13 16:54 . 2009-04-29 04:47 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-07-03 06:18 . 2009-06-29 16:00 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-07-03 06:18 . 2009-04-29 04:47 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-08-13 16:43 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
- 2009-07-03 06:18 . 2009-04-29 04:47 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2009-07-03 06:18 . 2009-06-29 16:00 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-08-13 16:39 . 2009-04-29 04:47 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39 . 2009-06-29 15:59 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-07-03 06:18 . 2009-06-29 15:59 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-10-29 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-10-29 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 16:39 . 2009-06-29 15:59 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-13 16:39 . 2009-04-29 04:47 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 16:39 . 2009-06-29 15:59 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2007-08-13 16:39 . 2009-04-29 04:47 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 16:54 . 2009-06-29 15:59 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-13 16:54 . 2009-04-29 04:47 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-13 16:35 . 2009-04-29 04:47 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 16:35 . 2009-06-29 15:59 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-13 16:35 . 2009-04-29 04:47 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 16:35 . 2009-06-29 15:59 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 16:39 . 2009-06-29 15:59 124928 c:\windows\system32\dllcache\advpack.dll
- 2007-08-13 16:39 . 2009-04-29 04:47 124928 c:\windows\system32\dllcache\advpack.dll
+ 2005-10-14 09:56 . 2005-11-23 03:00 778240 c:\windows\system32\DivXsm.exe
+ 2005-12-19 05:23 . 2005-12-07 16:05 663552 c:\windows\system32\divx_xx11.dll
+ 2005-12-19 05:23 . 2005-12-07 16:05 679936 c:\windows\system32\divx_xx0c.dll
+ 2005-12-19 05:23 . 2005-12-07 16:05 679936 c:\windows\system32\divx_xx07.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 124928 c:\windows\system32\advpack.dll
+ 2007-10-29 12:00 . 2009-06-29 15:59 124928 c:\windows\system32\advpack.dll
+ 2009-03-30 20:08 . 2008-05-07 14:03 303616 c:\windows\SetACL.exe
+ 2009-07-29 03:28 . 2009-07-29 03:28 228352 c:\windows\Installer\82af9.msi
+ 2009-07-25 18:27 . 2009-07-25 18:27 536576 c:\windows\Installer\33019c4.msi
+ 2009-07-22 13:02 . 2009-07-22 13:02 802304 c:\windows\Installer\1b26af.msi
+ 2009-07-22 13:02 . 2009-07-22 13:02 295606 c:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
+ 2009-07-28 22:27 . 2009-04-29 04:47 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-07-28 22:28 . 2009-05-26 11:40 391032 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-07-28 22:28 . 2008-07-08 12:59 233848 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-07-28 22:27 . 2009-04-29 04:47 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-07-28 22:27 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-07-28 22:27 . 2009-04-29 04:47 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-07-28 22:27 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-07-28 22:28 . 2009-04-29 04:47 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2007-10-29 12:00 . 2009-04-29 04:47 1159680 c:\windows\system32\urlmon.dll
+ 2007-10-29 12:00 . 2009-06-29 16:00 1159680 c:\windows\system32\urlmon.dll
+ 2005-10-14 09:56 . 2005-08-09 21:12 3596288 c:\windows\system32\qt-dx331.dll
+ 2007-10-29 12:00 . 2009-07-19 13:31 3597824 c:\windows\system32\mshtml.dll
+ 2008-12-19 14:15 . 2008-12-19 14:15 4338246 c:\windows\system32\libavcodec.dll
+ 2007-08-13 16:54 . 2009-07-19 13:31 6067200 c:\windows\system32\ieframe.dll
- 2009-04-29 04:35 . 2009-04-29 04:47 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2009-04-29 04:35 . 2009-06-29 16:00 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2009-04-29 04:35 . 2009-07-19 13:31 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2009-07-03 06:18 . 2009-07-19 13:31 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-29 08:33 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-07-22 13:02 . 2009-07-22 13:02 3946496 c:\windows\Installer\1b26a6.msi
+ 2009-07-28 22:27 . 2009-04-29 04:47 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-07-28 22:27 . 2009-04-29 04:47 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-21 39408]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-06 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-21 122368]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-07-02 2453264]
"'Ashampoo AntiSpyWare 2 Guard'"="c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2009-07-15 2376536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-22 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Instalace\\Portable\\Skype 3.0.0.190 CZ (Portable)\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Psi+JE\\psi.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.1.2008 18:29 32784]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [8.8.2009 14:34 749912]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.8.2009 14:46 108289]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25.3.2008 20:07 24592]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'

2009-08-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-08-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-26 07:22]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-AVP - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
FF - ProfilePath - c:\documents and settings\Ivana\Data aplikací\Mozilla\Firefox\Profiles\bylcflg3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstar.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Beta\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 14:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1096)
c:\windows\system32\klogon.dll
.
Celkový čas: 2009-08-09 14:44
ComboFix-quarantined-files.txt 2009-08-09 12:44
ComboFix2.txt 2009-07-22 13:44
ComboFix3.txt 2009-07-22 12:35

Před spuštěním: Volných bajtů: 15 839 531 008
Po spuštění: Volných bajtů: 15 820 361 728

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
484 --- E O F --- 2009-08-04 02:57

Kasperskyho si odinstalovala?

Ano, ale stále se mi zobrazuje jak by ještě někde byl.

Tak ho taky pošleme do věčných lovišť i s avastem, předpokládám, že máš Aviru. Je to jediný spuštěný antivir.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\drivers\klin.dat
c:\windows\system32\drivers\klick.dat
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox2.dat
c:\windows\system32\drivers\klopp.dat
c:\windows\system32\drivers\klim5.sys
c:\windows\system32\drivers\klbg.sys
c:\windows\system32\drivers\klif.sys
c:\windows\system32\drivers\kl1.sys
c:\windows\system32\ezsidmv.dat
c:\windows\system32\drivers\fidbox.idx
c:\windows\system32\drivers\fidbox2.idx
c:\windows\system32\klogon.dll

Folder::
c:\program files\Alwil Software

Driver::
fidbox
fidbox2
klim5
klbg
klif
kl1

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Log co jsem tu měla vložit po ComboFix neposílám, asi se zrušil. Po automatickém restartu který se spustil po ComboFixu, se kompletně zablokoval počítač - nepustil internet.

Posílám nový log z HJT.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:48, on 9.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: ['Ashampoo AntiSpyWare 2 Guard'] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Přizpůsobit Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Nástrojová lišta - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Uložit formuláře - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8774 bytes

Zkus ho najít v C:\ComboFix.txt nebo ve složce C:\Combofix. Pokud jich tam bude víc, tak ten poslední podle času vytvoření.
Výpadek způsobilo odstranění souborů po Kasperskym. Pokud ti net nejde, nakonfiguruj si znova připojení.

ComboFix 09-08-08.04 - Ivana 09.08.2009 16:12.4.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.227 [GMT 2:00]
Spuštěný z: c:\documents and settings\Ivana\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Ivana\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\system32\drivers\fidbox.dat"
"c:\windows\system32\drivers\fidbox.idx"
"c:\windows\system32\drivers\fidbox2.dat"
"c:\windows\system32\drivers\fidbox2.idx"
"c:\windows\system32\drivers\kl1.sys"
"c:\windows\system32\drivers\klbg.sys"
"c:\windows\system32\drivers\klick.dat"
"c:\windows\system32\drivers\klif.sys"
"c:\windows\system32\drivers\klim5.sys"
"c:\windows\system32\drivers\klin.dat"
"c:\windows\system32\drivers\klopp.dat"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\klogon.dll"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Alwil Software
c:\program files\Alwil Software\Avast4\Setup\setup.ini
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox.idx
c:\windows\system32\drivers\fidbox2.dat
c:\windows\system32\drivers\fidbox2.idx
c:\windows\system32\drivers\kl1.sys
c:\windows\system32\drivers\klbg.sys
c:\windows\system32\drivers\klick.dat
c:\windows\system32\drivers\klif.sys
c:\windows\system32\drivers\klim5.sys
c:\windows\system32\drivers\klin.dat
c:\windows\system32\drivers\klopp.dat
c:\windows\system32\ezsidmv.dat
c:\windows\system32\klogon.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KL1
-------\Legacy_KLBG
-------\Legacy_KLIF
-------\Service_kl1
-------\Service_klbg
-------\Service_KLIF
-------\Service_klim5

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-09 do 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-08 12:46 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-08 12:46 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-08 12:46 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-08 12:46 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-08 12:46 . 2009-08-08 12:46 -------- d-----w- c:\program files\Avira
2009-08-06 17:02 . 2009-08-06 17:02 -------- d-----w- c:\program files\Siber Systems
2009-08-05 01:53 . 2000-11-06 14:53 192984 ----a-w- c:\windows\system32\qpl.dll
2009-08-05 01:53 . 2000-11-06 14:53 215000 ----a-w- c:\windows\system32\LpCom.dll
2009-08-05 01:26 . 2009-08-05 01:43 -------- d-----w- c:\program files\SIM
2009-08-04 17:29 . 2009-08-04 17:39 -------- d-----w- c:\program files\TVPlayerClassic
2009-07-31 03:56 . 2009-07-31 03:56 0 ----a-w- c:\windows\system32\cid_store.dat
2009-07-29 03:28 . 2009-07-29 03:28 -------- d-----w- c:\program files\Psi+
2009-07-27 21:48 . 2009-07-27 21:48 -------- d-----w- c:\documents and settings\Ivana\.smplayer
2009-07-27 10:33 . 2009-07-27 10:29 737280 ----a-w- c:\windows\iun6002.exe
2009-07-27 10:33 . 2009-07-27 10:33 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-07-26 19:31 . 2009-07-26 19:31 -------- d-----w- c:\program files\IObit
2009-07-25 18:30 . 2009-07-25 18:30 -------- d-----w- c:\windows\Sun
2009-07-25 18:28 . 2009-07-25 18:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-25 18:27 . 2009-07-25 18:27 -------- d-----w- c:\program files\Java
2009-07-25 18:25 . 2009-07-26 11:54 -------- d--h--w- c:\program files\InstallJammer Registry
2009-07-22 09:09 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 09:09 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 09:09 . 2009-08-09 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 00:11 . 2009-07-22 00:11 -------- d-----w- c:\program files\Seznam
2009-07-21 23:12 . 2009-07-21 23:12 -------- d-----w- c:\program files\Trend Micro
2009-07-21 12:53 . 2009-07-21 12:53 -------- d-----w- c:\program files\Google
2009-07-21 10:13 . 2009-07-21 10:13 -------- d-----w- c:\program files\VoipDiscount.com
2009-07-20 21:18 . 2009-07-20 21:27 -------- d-----w- C:\Download
2009-07-20 09:55 . 2009-07-21 03:36 -------- d-----w- c:\program files\Star Downloader
2009-07-19 18:34 . 2009-07-19 18:34 -------- d-----w- c:\program files\Jabbim
2009-07-19 17:49 . 2009-07-19 17:49 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-19 17:10 . 2006-03-02 12:00 81280 ----a-w- c:\windows\system32\HAL(2).DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 12:34 . 2004-12-31 23:21 -------- d-----w- c:\program files\Ashampoo
2009-08-05 01:12 . 2009-07-06 18:10 -------- d-----w- c:\program files\Miranda
2009-07-31 11:38 . 2009-06-30 12:54 -------- d-----w- c:\program files\Maxthon2
2009-07-31 11:29 . 2007-10-29 12:00 78164 ----a-w- c:\windows\system32\perfc005.dat
2009-07-31 11:29 . 2007-10-29 12:00 429352 ----a-w- c:\windows\system32\perfh005.dat
2009-07-22 13:01 . 2009-07-01 15:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-19 18:02 . 2009-07-06 20:32 -------- d-----w- c:\program files\Opera 10 Beta
2009-07-19 17:49 . 2009-07-07 05:51 -------- d-----w- c:\program files\jwDuplFiles
2009-07-19 17:48 . 2009-07-03 06:46 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-07 06:26 . 2009-07-09 13:52 -------- d-----w- c:\program files\Psi+JE
2009-07-06 17:53 . 2009-07-06 17:53 -------- d-----w- c:\program files\VideoLAN
2009-07-04 13:41 . 2009-07-04 13:41 8 ----a-w- c:\windows\system32\nvModes.dat
2009-07-04 11:20 . 2009-07-03 08:08 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-07-03 08:08 . 2009-07-03 08:08 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-07-03 07:30 . 2009-07-03 07:30 -------- d-----w- c:\program files\Windows Defender
2009-07-03 07:27 . 2009-07-03 07:27 98304 ----a-w- c:\windows\system32\qttask.exe
2009-07-03 07:26 . 2009-07-03 07:24 -------- d-----w- c:\program files\ACE Mega CoDecS Pack
2009-07-03 07:22 . 2009-07-03 07:22 -------- d-----w- c:\program files\MSECache
2009-07-03 07:21 . 2009-07-03 07:21 -------- d-----w- c:\program files\TeamViewer3
2009-07-03 07:19 . 2009-07-03 07:19 -------- d-----w- c:\program files\VS Revo Group
2009-07-03 05:58 . 2009-06-30 11:55 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-03 05:58 . 2009-06-30 11:55 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2009-07-03 05:45 . 2009-07-03 05:45 -------- d-----w- c:\program files\MSXML 6.0
2009-07-03 05:38 . 2009-06-30 12:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 16:03 . 2009-07-02 16:03 -------- d-----w- c:\program files\Common Files\GTK
2009-07-02 15:03 . 2009-07-02 15:03 -------- d-----w- c:\program files\MSBuild
2009-07-02 14:59 . 2009-07-02 14:59 -------- d-----w- c:\program files\Reference Assemblies
2009-07-02 13:53 . 2009-07-02 13:53 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-02 11:50 . 2009-07-02 11:50 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-01 21:05 . 2009-07-01 21:05 -------- d-----w- c:\program files\MSXML 4.0
2009-06-30 15:54 . 2009-06-30 15:54 -------- d-----w- c:\program files\Common Files\Skype
2009-06-30 15:54 . 2009-06-30 15:54 -------- d-----r- c:\program files\Skype
2009-06-30 15:51 . 2009-06-30 15:51 -------- d-----w- c:\program files\CCleaner
2009-06-30 14:19 . 2009-06-30 14:19 -------- d-----w- c:\program files\linguatec
2009-06-30 14:17 . 2009-06-30 14:16 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-30 14:15 . 2009-06-30 14:15 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-30 13:35 . 2009-06-30 13:35 -------- d-----w- c:\program files\7-Zip
2009-06-30 13:32 . 2009-06-30 13:32 -------- d-----w- c:\program files\CDex_150
2009-06-30 13:30 . 2009-06-30 13:30 -------- d-----w- c:\program files\Softinterface, Inc
2009-06-30 13:27 . 2009-06-30 13:27 -------- d-----w- c:\program files\A-PDF Text Extractor
2009-06-30 13:24 . 2009-06-30 13:24 -------- d-----w- c:\program files\Opera
2009-06-30 12:44 . 2009-06-30 12:43 -------- d-----w- c:\program files\Lexmark 2300 Series
2009-06-30 12:39 . 2009-06-30 12:39 -------- d-----w- c:\program files\Realtek Sound Manager
2009-06-30 12:39 . 2009-06-30 12:39 -------- d-----w- c:\program files\AvRack
2009-06-30 12:39 . 2009-06-30 12:27 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-30 12:38 . 2009-06-30 12:38 -------- d-----w- c:\program files\AMD
2009-06-30 12:32 . 2009-06-30 12:32 -------- d-----w- c:\program files\My Company Name
2009-06-30 12:30 . 2009-06-30 12:30 -------- d-----w- c:\program files\ASUS
2009-06-30 12:01 . 2009-06-30 11:55 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-06-30 11:56 . 2009-06-30 11:56 -------- d-----w- c:\program files\microsoft frontpage
2009-06-29 16:00 . 2007-10-29 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:59 . 2007-10-29 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:59 . 2007-10-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2007-10-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2007-10-29 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:11 . 2007-10-29 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-09_12.43.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-09 14:18 . 2009-08-09 14:18 16384 c:\windows\temp\Perflib_Perfdata_654.dat
+ 2009-08-09 14:16 . 2009-08-09 14:16 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-09 14:16 . 2009-08-09 14:16 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-09 14:16 . 2009-08-09 14:16 208896 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-09 14:16 . 2009-08-09 14:16 229376 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-09 14:16 . 2009-08-09 14:16 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-09 14:16 . 2009-08-09 14:16 3715072 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-21 39408]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-06 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-12 380928]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-21 122368]
"SMail"="c:\program files\Seznam\Postak\Postak.exe" [2006-05-18 450560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-07-02 2453264]
"'Ashampoo AntiSpyWare 2 Guard'"="c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2009-07-15 2376536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-22 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Instalace\\Portable\\Skype 3.0.0.190 CZ (Portable)\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"c:\\Program Files\\Psi+JE\\psi.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [8.8.2009 14:34 749912]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8.8.2009 14:46 108289]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - mchInjDrv
.
Obsah adresáře 'Naplánované úlohy'

2009-08-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-08-09 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-26 07:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
FF - ProfilePath - c:\documents and settings\Ivana\Data aplikací\Mozilla\Firefox\Profiles\bylcflg3.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 16:19
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(404)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll

- - - - - - - > 'lsass.exe'(460)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll

- - - - - - - > 'explorer.exe'(2508)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'csrss.exe'(380)
c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\Guard.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2009-08-09 16:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-09 14:23
ComboFix2.txt 2009-08-09 12:44
ComboFix3.txt 2009-07-22 13:44
ComboFix4.txt 2009-07-22 12:35

Před spuštěním: Volných bajtů: 15 844 810 752
Po spuštění: Volných bajtů: 15 795 687 424

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
307 --- E O F --- 2009-08-04 02:57

PC-HELP.CZ

Prosím o kontrolu logu.

Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.