Kontrola logu, BSOD (wink32.sys)..vir HaxDoor

[M4RTY]

Zdravím, ani snad ne před týdnem jsem si tady dělal preventivku, a dneska si prohlížím stránky zive.cz, technet atd. a najednou na mě vybafne modrá smrt s chybou STOP 0x00000050 ; wink32.sys. Na Microsoftu jsem se dozvěděl, že to je většinou vir HaxDoor, proto píši sem , než se to nějak rozroste...Takže HJT, a zachvíli dám MbaM


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:44:42, on 11.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Martin.MARTIN-PC\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin.MARTIN-PC\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin.MARTIN-PC\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin.MARTIN-PC\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Martin.MARTIN-PC\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Martin.MARTIN-PC\Data aplikací\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all by FlashGet3 - C:\Documents and Settings\Martin.MARTIN-PC\Data aplikací\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\Martin.MARTIN-PC\Data aplikací\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\StreamingStar\HiDownload\hidownload.exe (HKCU)
O15 - Trusted Zone: http://software.kuaiche.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{46F288FA-1A35-4FA6-AFC1-24F703C2B251}: NameServer = 10.10.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 9004 bytes

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.4.2010 9:54:38
mbam-log-2010-04-11 (09-54-38).txt

Typ skenu: Rychlý sken
Skenované objekty: 157527
Uplynulý čas: 7 minuta(y), 54 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Reklama]

[alenka_v_říši_divů]

Odpoj se od netu, vypni případně IE a fixni:

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)

O15 - Trusted Zone: http://software.kuaiche.com


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.


(zároveň prověř paměti Memtestem)

[M4RTY]

MbAM už jsem dal..
IE nepoužívám..
v HJT jsem fixl, ale potom se mi něco ukázalo..viz. screen

[alenka_v_říši_divů]

Máš zavřít IE a všechna aktivní okna.

[M4RTY]

Nic jsem neměl otevřeného...Potom jsem se podíval na HJT, a už to tam, ale nebylo...

[alenka_v_říši_divů]

Někdy něco zavřeš a ještě to chvíli doznívá (ukončuje se) a ty ten dozvuk nevidíš, ale HJT ano.

Předpokládám, že ti MBAM nic nenašel. Zkus ten Memtest zatím, připojoval si teď někdy nějaké nové HW zařízení?

[M4RTY]

MBAM je nahoře...
Memtest, ok, mám 2GB RAM, to mám otestovat půlku paměti , ne ? 1000MB...A mám to nechat do 100%, že ? Minule jsem to nechal do 1000%
Nic jsem nepřipojoval...

[alenka_v_říši_divů]

Jo.. ten MBAM si tam dal dodatečně.. proto sem si nevšiml :)

Memtest byl měl jet déle... 100% je málo, někdo doporučuje i dvě hoďky.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[M4RTY]

Nechal jsem to na 500% => 1 hodina...Nic to nenašlo
Teď jdu na Combofix

[M4RTY]

ComboFix 10-04-10.02 - Martin 11.04.2010 12:39:58.20.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1609 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin.MARTIN-PC\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Martin.MARTIN-PC\Dokumenty\cc_20100404_211711.reg

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-11 do 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-06 16:59 . 2010-04-06 16:59 -------- d-----w- c:\program files\KONAMI
2010-04-04 08:40 . 2010-04-04 19:17 -------- d-----w- c:\program files\trend micro
2010-04-03 17:38 . 2010-04-11 10:37 -------- d-----w- c:\program files\Common Files\Akamai
2010-03-31 17:11 . 2010-03-31 17:11 -------- d-----w- C:\Nexon
2010-03-31 17:11 . 2010-03-31 17:11 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2010-03-31 16:28 . 2010-03-31 16:48 -------- d-----w- C:\hidownload
2010-03-30 11:59 . 2010-03-30 11:59 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-29 13:21 . 2010-02-03 13:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-03-28 18:27 . 2010-04-02 20:47 -------- d-----w- c:\program files\SpeedFan
2010-03-28 14:20 . 1996-04-03 19:33 5248 ----a-w- c:\windows\system32\drivers\giveio.sys
2010-03-28 14:20 . 2010-03-28 14:20 -------- d-----w- c:\program files\SensorsView
2010-03-27 14:41 . 2010-03-27 14:41 -------- d-----w- c:\program files\Clarus
2010-03-27 13:19 . 2010-03-27 13:19 -------- d-----w- c:\program files\A4Tech
2010-03-27 13:07 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-22 13:41 . 2009-09-29 16:56 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-03-21 20:28 . 2010-03-21 20:28 -------- d-----w- c:\program files\Stardock
2010-03-21 08:45 . 2010-03-27 19:19 305 ----a-w- c:\windows\system32\secushr.dat
2010-03-18 18:48 . 2010-03-18 18:48 -------- d-----w- c:\program files\Runtime Software
2010-03-17 18:15 . 2009-10-16 10:19 872448 ----a-w- c:\windows\system32\rapture3d_oal.dll
2010-03-17 18:15 . 2009-07-13 18:04 839680 ----a-w- c:\windows\system32\mkl_vml_p4.dll
2010-03-17 18:15 . 2009-07-13 18:04 532480 ----a-w- c:\windows\system32\mkl_vml_p3.dll
2010-03-17 18:15 . 2009-07-13 18:04 512000 ----a-w- c:\windows\system32\mkl_vml_def.dll
2010-03-17 18:15 . 2009-07-13 18:04 3485696 ----a-w- c:\windows\system32\mkl_p4.dll
2010-03-17 18:15 . 2009-07-13 18:04 2793472 ----a-w- c:\windows\system32\mkl_p3.dll
2010-03-17 18:15 . 2009-07-13 18:04 2441216 ----a-w- c:\windows\system32\mkl_def.dll
2010-03-17 18:15 . 2009-07-13 18:04 2174976 ----a-w- c:\windows\system32\mkl_lapack32.dll
2010-03-17 18:15 . 2009-07-13 18:04 2125824 ----a-w- c:\windows\system32\mkl_lapack64.dll
2010-03-17 18:15 . 2009-07-13 18:04 184320 ----a-w- c:\windows\system32\libguide40.dll
2010-03-17 18:15 . 2010-03-17 18:15 -------- d-----w- c:\program files\BRS
2010-03-17 18:14 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-17 18:14 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-17 18:14 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-17 18:14 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-17 18:14 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-14 20:30 . 2010-02-12 19:34 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-03-14 20:30 . 2010-02-12 19:34 41680 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-03-14 11:08 . 2010-03-14 11:10 -------- d--h--r- c:\program files\rnamfler
2010-03-12 11:52 . 2010-04-07 14:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\CyberLink
2010-03-12 11:48 . 2010-03-12 11:49 -------- d-----w- c:\program files\QuickTime
2010-03-12 11:48 . 2010-03-12 11:48 -------- d-----w- c:\program files\Apple Software Update
2010-03-12 11:48 . 2010-03-12 11:48 -------- d-----w- c:\documents and settings\NeaPhetyx\Plocha
2010-03-12 11:48 . 2010-03-12 11:48 -------- d-----w- c:\documents and settings\NeaPhetyx\Nabídka Start
2010-03-12 11:48 . 2010-03-12 11:48 -------- d-----w- c:\documents and settings\MARTIN~1~MAR\Plocha
2010-03-12 11:48 . 2010-03-12 11:48 -------- d-----w- c:\documents and settings\MARTIN~1~MAR\Nabídka Start
2010-03-12 11:46 . 2010-03-12 11:47 -------- d-----w- c:\program files\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 06:45 . 2009-07-28 18:01 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-11 06:45 . 2009-07-28 18:00 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-10 15:53 . 2010-02-21 12:12 -------- d-----w- c:\program files\RocketDock
2010-04-06 17:19 . 2009-07-29 12:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-06 17:19 . 2009-07-29 12:32 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-05 18:10 . 2009-07-28 17:31 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-04 15:50 . 2008-04-14 12:00 430694 ----a-w- c:\windows\system32\perfh005.dat
2010-04-04 15:50 . 2008-04-14 12:00 78746 ----a-w- c:\windows\system32\perfc005.dat
2010-04-04 09:13 . 2009-10-29 20:11 -------- d-----w- c:\program files\Xi
2010-04-04 09:10 . 2009-07-28 14:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-04 08:24 . 2010-01-24 09:48 -------- d-----w- c:\program files\Google
2010-04-03 13:38 . 2008-04-14 12:00 6656 ----a-w- c:\windows\system32\lpcio.dll
2010-04-03 11:34 . 2009-08-05 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 22:46 . 2009-08-05 21:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-08-05 21:10 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 17:35 . 2010-02-01 16:56 -------- d-----w- c:\program files\OpenAL
2010-03-27 19:55 . 2009-08-08 20:05 -------- d-----w- c:\program files\Common Files\Real
2010-03-27 09:17 . 2010-01-17 21:08 -------- d-----w- c:\program files\ICQ7.0
2010-03-17 18:14 . 2010-02-01 16:56 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-03-17 18:14 . 2010-02-01 16:56 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-03-16 01:37 . 2010-03-16 01:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-12 18:07 . 2009-07-28 16:49 -------- d-----w- c:\program files\uTorrent
2010-03-12 09:26 . 2009-07-28 16:08 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-11 17:30 . 2010-03-11 17:27 -------- d-----w- c:\program files\Pinnacle
2010-03-10 19:06 . 2010-03-10 19:06 -------- d-----w- c:\program files\MSECache
2010-03-10 14:32 . 2009-08-22 09:20 -------- d-----w- c:\program files\Common Files\Nero
2010-03-05 18:23 . 2009-08-25 11:04 -------- d-----w- c:\program files\VibrateGameDeviceDriver
2010-03-02 16:33 . 2010-03-02 16:17 -------- d-----w- c:\program files\YouTube HD Transfer
2010-03-01 20:38 . 2010-03-01 20:38 -------- d-----w- c:\program files\Sonic Foundry
2010-03-01 20:38 . 2010-03-01 20:38 -------- d-----w- c:\program files\Pure Motion
2010-03-01 20:38 . 2010-03-01 20:38 -------- d-----w- c:\program files\DebugMode
2010-02-28 12:21 . 2010-01-31 10:03 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-25 06:18 . 2008-04-14 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-24 15:56 . 2010-02-24 15:54 -------- d-----w- c:\program files\BitComet
2010-02-22 16:57 . 2010-03-11 19:01 358944 ----a-w- c:\windows\vncutil.exe
2010-02-22 16:57 . 2009-07-28 16:10 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-02-22 16:57 . 2009-07-28 16:10 1833504 ----a-w- c:\windows\SkyTel.exe
2010-02-22 16:57 . 2009-07-28 16:10 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-02-22 16:56 . 2010-03-11 19:01 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-02-22 16:56 . 2010-03-11 19:01 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-02-22 16:56 . 2009-07-28 16:09 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-02-22 16:56 . 2009-07-28 16:09 18791456 ----a-w- c:\windows\RTHDCPL.EXE
2010-02-22 16:56 . 2009-07-28 16:09 2177568 ----a-w- c:\windows\MicCal.exe
2010-02-22 16:56 . 2009-07-28 16:09 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-02-22 16:28 . 2009-07-28 16:09 5862432 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-02-22 15:02 . 2010-02-22 14:55 -------- d-----w- c:\program files\WhoCrashed
2010-02-22 13:44 . 2009-11-06 20:55 -------- d-----w- c:\program files\Miranda IM
2010-02-21 15:21 . 2009-07-30 10:25 -------- d-----w- c:\program files\OEdit
2010-02-19 16:59 . 2010-02-19 16:59 477 ----a-w- c:\windows\eReg.dat
2010-02-14 15:47 . 2010-02-14 15:47 -------- d-----w- c:\program files\Moddingway
2010-02-14 14:45 . 2010-02-14 14:45 -------- d-----w- c:\program files\Cucusoft
2010-02-12 20:10 . 2009-08-01 14:08 -------- d-----w- c:\program files\Fifa Master
2010-02-12 18:02 . 2009-07-28 16:09 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-11 20:08 . 2010-02-07 20:23 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-02-10 20:20 . 2009-12-05 17:06 -------- d-----w- c:\program files\FIFAMANIA
2010-02-10 16:54 . 2009-08-09 15:07 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-10 16:23 . 2010-02-10 16:23 -------- d-----w- c:\program files\AliveMedia
2010-02-10 12:54 . 2010-02-10 12:44 -------- d-----w- c:\program files\Opera 10.50 Beta
2010-02-02 18:39 . 2010-02-02 18:39 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-02 18:39 . 2010-02-02 18:39 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-01-29 15:44 . 2010-01-29 15:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-17 1800464]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe" [2009-03-08 147456]
"RTHDCPL"="RTHDCPL.EXE" [2010-02-22 18791456]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Martin.MARTIN-PC^Nabídka Start^Programy^Po spuštění^Yahoo! Widgets.lnk]
path=c:\documents and settings\Martin.MARTIN-PC\Nabídka Start\Programy\Po spuštění\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PlayMovie"="e:\program files\CyberLink\PlayMovie\PMVService.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Martin\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Martin\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Martin\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Martin\\EA Sports\\FIFA 08\\FIFA08.exe"=
"c:\\Program Files\\QIP Infium30\\infium.exe"=
"c:\\Martin\\Opera\\opera.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 10\\pes2010.exe.exe"=
"c:\\Python25\\pythonw.exe"=
"e:\\Program Files\\VirtualDJ\\virtualdj_trial.exe"=
"e:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"e:\\Program Files\\2K Sports\\NBA 2K10\\nba2k10.exe"=
"e:\\Counter-Strike Source\\hl2.exe"=
"e:\\Program Files\\EA Sports\\FIFA 10\\FIFA10.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Data aplikací\\NexonUS\\NGM\\NGM.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\pes6.exe"=
"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6ONLINEvn\\CODE\\GoalServer6.exe"=
"e:\\Valve\\hl.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Martin\\KONAMI\\Pro Evolution Soccer 10\\GamingAccess.exe"=
"e:\\Valve\\hlds.exe"=
"e:\\Program Files\\SEGA\\Vancouver 2010\\Vancouver.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"e:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Documents and Settings\\Martin.MARTIN-PC\\Plocha\\Miranda\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"e:\\Valve\\hltv.exe"=
"e:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Martin\\Opera10.51\\opera.exe"=
"e:\\Grid\\GRID.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\CSP2009.exe"=
"e:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"c:\\Documents and Settings\\Martin.MARTIN-PC\\Plocha\\Metin2_Server_Hack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56118:TCP"= 56118:TCP:Pando Media Booster
"56118:UDP"= 56118:UDP:Pando Media Booster
"22232:TCP"= 22232:TCP:BitComet 22232 TCP
"22232:UDP"= 22232:UDP:BitComet 22232 UDP
"1127:TCP"= 1127:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [29.10.2009 12:09 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [29.10.2009 12:09 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.8.2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.8.2009 16:06 74480]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 14:00 14336]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [7.11.2007 20:15 12928]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [22.10.2009 20:35 27632]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.7.2009 19:31 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.3.2010 21:01 1691480]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [27.11.2009 17:54 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [27.11.2009 17:54 8456]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [22.10.2009 20:35 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [22.10.2009 20:35 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [22.10.2009 20:35 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [22.10.2009 20:35 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [22.10.2009 20:35 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [22.10.2009 20:35 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [22.10.2009 20:35 115752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.8.2009 16:06 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
IE: Download all by FlashGet3 - c:\documents and settings\Martin.MARTIN-PC\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Martin.MARTIN-PC\Data aplikací\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
LSP: c:\windows\system32\imon.dll
TCP: {46F288FA-1A35-4FA6-AFC1-24F703C2B251} = 10.10.10.1
FF - ProfilePath - c:\documents and settings\Martin.MARTIN-PC\Data aplikací\Mozilla\Firefox\Profiles\bder680s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\martin\Opera10.51\program\plugins\npdsplay.dll
FF - plugin: c:\martin\Opera10.51\program\plugins\nppl3260.dll
FF - plugin: c:\martin\Opera10.51\program\plugins\nprjplug.dll
FF - plugin: c:\martin\Opera10.51\program\plugins\nprpjplug.dll
FF - plugin: c:\martin\Opera10.51\program\plugins\NPSWF32.dll
FF - plugin: c:\martin\Opera10.51\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 12:47
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-448539723-926492609-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-448539723-926492609-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:80,49,04,83,b4,8d,32,de,a7,b7,f9,a2,25,98,36,0c,d8,19,01,6c,51,
72,5f,ca,13,dd,ae,75,c9,12,02,61,44,98,46,24,17,58,37,af,05,f8,ca,02,e9,8c,\
"rkeysecu"=hex:91,b5,4f,1c,d7,73,a5,b1,98,ee,3c,16,2c,2d,cf,aa
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1512)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1728)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-04-11 12:49:15
ComboFix-quarantined-files.txt 2010-04-11 10:49

Před spuštěním: Volných bajtů: 22 187 024 384
Po spuštění: Volných bajtů: 22 174 224 384

- - End Of File - - 44393727B6ED7AA9E46EF173CF372AE8

[alenka_v_říši_divů]

Zřejmě to nákazou nebude.... stalo se ti to jen jednou?

[M4RTY]

Ano, jen jednou...při tom prohlížení
Ještě, že to není tou nákazou, když sem si ten pc před chvílí kontroloval..Ale doufám, že to není ani hardwarem..
Mám to teda čisté ?