Prosím o kontrolu logu

[shorty1963]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:23, on 4.2.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Kerio\VPN Client\kvpncgui.exe
C:\notes\NLNOTES.EXE
C:\notes\ntaskldr.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\ICQ7.4\ICQ.exe
C:\Users\KratkyJ\Downloads\PC-udrzba\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kompas.hzap.local/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Notes Link - - (no file)
O1 - Hosts: 172.16.0.22 ntsf01
O1 - Hosts: 172.16.0.41 kiosky.hzap.local
O1 - Hosts: 172.16.0.41 pproi
O1 - Hosts: 172.16.0.24 ntsi01
O1 - Hosts: 172.16.0.24 kompas.hzap.local
O1 - Hosts: 172.16.0.25 HZP01
O1 - Hosts: 172.16.0.26 ntsd02
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.11.9.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATUpdatePBA.ltp] C:\Windows\system32\ATUpdatePBA.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O15 - Trusted Zone: http://*.pproi
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\Windows\CWBRXD.EXE
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Kerio VPN Client Service (KVPNCSvc) - Kerio Technologies Inc. - C:\Program Files\Kerio\VPN Client\kvpncsvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Program Files\NetTime\NeTmSvNT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSI357.tmp
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Aplikace Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Aplikace Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 9576 bytes

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole muzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[shorty1963]

alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5679

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

4.2.2011 22:30:02
mbam-log-2011-02-04 (22-30-02).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 123389
Uplynulý čas: 50 minut, 7 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[memphisto]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[shorty1963]

ComboFix 11-01-31.02 - KratkyJ 05.02.2011 8:31.8.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3070.1874 [GMT 1:00]
Spuštěný z: c:\users\KratkyJ\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Aplikace Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{E6BEC86E-DCA9-4510-975F-E2DC68D3E5D7}\setup.msi

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-05 do 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 07:16 . 2011-02-05 07:16 -------- d-----w- c:\users\KratkyJ\AppData\Roaming\smkits
2011-02-04 17:36 . 2011-02-04 17:36 -------- d-----w- c:\users\KratkyJ\DoctorWeb
2011-02-04 06:26 . 2011-02-04 06:33 -------- d-----w- c:\users\KratkyJ\AppData\Roaming\FTWeak
2011-02-03 09:41 . 2011-02-03 09:41 -------- d-----w- c:\program files\CodeStuff
2011-02-03 09:16 . 2011-02-03 12:42 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-02-03 09:03 . 2011-02-03 09:03 -------- d-----w- c:\program files\SlimDrivers
2011-01-31 08:55 . 2011-01-31 08:55 -------- d-----w- c:\users\KratkyJ\{a980405f-da84-4631-90c9-1b552d3dd353}
2011-01-31 05:52 . 2011-01-31 05:52 -------- d-----w- C:\AuthLog
2011-01-30 07:15 . 2011-01-30 07:15 -------- d-----w- c:\program files\ICQ6Toolbar
2011-01-30 07:14 . 2011-01-30 07:15 -------- d-----w- c:\program files\ICQ7.4
2011-01-29 15:16 . 2008-04-21 14:26 43008 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-01-29 15:16 . 2008-02-15 17:01 46592 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-01-29 08:00 . 2011-01-29 08:00 -------- d-----w- c:\users\KratkyJ\{73221dc0-9d28-4cce-98af-eae7249d324c}
2011-01-29 07:58 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-01-29 07:58 . 2011-01-29 07:58 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-21 16:32 . 2000-01-01 00:00 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
2011-01-21 16:32 . 2000-01-01 00:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-21 16:32 . 2000-01-01 00:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-16 10:49 . 2011-01-16 10:55 -------- d-----w- c:\users\KratkyJ\AppData\Roaming\GlarySoft
2011-01-15 10:45 . 2010-09-07 20:09 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-01-15 10:45 . 2010-09-07 20:08 123496 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-01-15 10:45 . 2010-09-07 20:09 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-01-15 09:26 . 2009-12-08 13:11 31680 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-01-15 09:26 . 2011-01-15 09:26 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2011-01-15 09:24 . 2011-01-15 09:24 -------- d-----w- c:\users\KratkyJ\AppData\Roaming\CachedFiles
2011-01-15 09:12 . 2011-01-15 09:12 -------- d-----w- c:\program files\SRS Labs
2011-01-15 09:11 . 2011-01-31 08:47 -------- d-----w- c:\windows\system32\RTCOM
2011-01-15 08:33 . 2000-01-01 00:00 236136 ----a-w- c:\windows\system32\nvcod1923.dll
2011-01-15 07:51 . 2011-01-15 07:51 -------- d-----w- c:\users\KratkyJ\AppData\Local\SlimWare Utilities Inc
2011-01-13 06:00 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-13 06:00 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-13 06:00 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-13 06:00 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-13 06:00 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-13 06:00 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-13 06:00 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-10 05:08 . 2011-02-03 09:50 5644 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-01-09 09:31 . 2011-01-09 09:31 -------- d-----w- c:\program files\SuperCleaner
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-31 08:48 . 2010-05-09 15:06 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-01-26 04:58 . 2010-11-29 10:46 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-01-15 09:09 . 2008-09-18 07:39 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-01-05 06:12 . 2011-01-05 06:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-23 20:00 . 2010-12-23 20:00 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2010-12-23 20:00 . 2010-12-23 20:00 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-12-23 17:03 . 2010-12-23 17:03 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-23 10:09 . 2008-09-18 07:22 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-12-23 07:24 . 2010-12-23 07:24 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-12-20 17:09 . 2010-12-12 20:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-12 20:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 10:45 . 2010-11-29 10:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-26 12:45 . 2010-11-26 12:45 53248 ----a-r- c:\users\KratkyJ\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-11-25 10:54 . 2010-11-25 10:54 89600 ----a-w- c:\windows\system32\atl71.dll
2010-11-25 10:54 . 2010-11-25 10:54 87368 ----a-w- c:\windows\system32\FwsVpn.dll
2010-11-25 10:54 . 2010-11-25 10:54 43336 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys
2010-11-25 10:54 . 2010-11-25 10:54 353608 ----a-w- c:\windows\system32\sysfer.dll
2010-11-25 10:54 . 2010-11-25 10:54 107848 ----a-w- c:\windows\system32\SymVPN.dll
2010-11-25 10:54 . 2010-11-25 10:54 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-11-25 10:54 . 2010-11-25 10:54 320944 ----a-w- c:\windows\system32\drivers\srtspl.sys
2010-11-25 10:54 . 2010-11-25 10:54 283184 ----a-w- c:\windows\system32\drivers\srtsp.sys
2010-11-25 10:54 . 2010-11-29 10:45 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-11-25 10:54 . 2010-11-25 10:54 67472 ----a-w- c:\windows\system32\drivers\Teefer2.sys
2010-11-25 10:54 . 2010-11-25 10:54 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys
2010-11-25 10:54 . 2010-11-25 10:54 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys
2010-11-25 10:54 . 2010-11-25 10:54 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-11-25 10:54 . 2010-11-25 10:54 39856 ----a-w- c:\windows\system32\drivers\symids.sys
2010-11-25 10:54 . 2010-11-25 10:54 145968 ----a-w- c:\windows\system32\drivers\symfw.sys
2010-11-25 10:54 . 2010-11-25 10:54 12720 ----a-w- c:\windows\system32\drivers\symdns.sys
2010-11-25 10:54 . 2010-11-25 10:54 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
2010-11-11 20:57 . 2010-12-12 16:16 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-11-11 20:57 . 2010-12-12 16:16 305256 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-11-11 20:57 . 2009-08-15 09:00 100968 ----a-w- c:\windows\system32\RTNUninst32.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2005-06-09 20530]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2005-06-09 45106]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2005-06-09 20480]
"Client Access PC5250 Sound"="c:\program files\IBM\Client Access\Emulator\pcssnd.exe" [2005-06-09 40960]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-11-25 115560]
"ATUpdatePBA.ltp"="c:\windows\system32\ATUpdatePBA.exe" [2010-02-05 226624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
backup=c:\windows\pss\SRS Premium Sound.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-09-19 72808]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-02-05 106496]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2010-11-25 23888]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-12-23 23456]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-02-03 2853904]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-02-05 1824064]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-02-05 98304]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 KVPNCSvc;Kerio VPN Client Service;c:\program files\Kerio\VPN Client\kvpncsvc.exe [2009-10-26 972648]
S2 NetTimeSvc;NetTime;c:\program files\NetTime\NeTmSvNT.exe [2003-01-30 452096]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI357.tmp [2010-01-22 189696]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-02-05 661448]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2008-10-20 138920]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-01-15 102448]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2008-10-20 21544]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\DRIVERS\kvnet.sys [2009-03-23 26624]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-08-24 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-08-24 10448]
S3 NETwNv32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [2010-10-18 6959616]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2008-10-20 13224]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://kompas.hzap.local/
mStart Page =
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: WikiKomentáře Google...
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: pproi
FF - ProfilePath - c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.8&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Open In RegEdit: openinregedit@firefox - %profile%\extensions\openinregedit@firefox
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI357.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17739CC8-1062-40F7-1C3862585ABD2CDA}\{84278681-95F8-776A-6C175249145B2CFC}\{113E55B4-CE67-C34A-F065E12B6143C7DD}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,74,a9,89,
b6,26,d8,25,c3,2c,e3,fb,34,96,55,46,18,b9,7c,0c,53,46,b4,a1,86,9d,a2,13,21,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{210BD7C7-47ED-BBE9-95D0F9FAA3BD0E97}\{C5D4C247-F1D1-D183-A63FC2DFAAC29AA3}\{B55B3474-A2E6-F6F7-4AD088E6434601A2}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3024A848-7C77-6F90-8B14B36A94BB61F2}\{6CDD5654-07A8-13D8-C2EB636328E10F29}\{AF593ADC-BF32-7E11-B704756686EE805B}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C314B03-F43E-BA89-952BA1DFD2D5EFE8}\{7539A87C-0FED-33C5-609B84E8BF01550C}\{B9902A55-37BA-35DE-AA3E0A7380F9249D}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,74,a9,89,
b6,26,d8,25,c3,2c,e3,fb,34,96,55,46,18,b9,7c,0c,53,46,b4,a1,86,9d,a2,13,21,\
.
Celkový čas: 2011-02-05 08:46:35
ComboFix-quarantined-files.txt 2011-02-05 07:46

Před spuštěním: Volných bajtů: 56 932 610 048
Po spuštění: Volných bajtů: 56 874 196 992

- - End Of File - - DDB7E903802E2C35AA549F11A4B6671F

[memphisto]

Máš tam nějaké zmatky. CO používáš? Kerio Firewall a nebo Symantec firewall?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\program files\Emsisoft Anti-Malware
c:\program files\ICQ6Toolbar

DirLook::
c:\users\KratkyJ\{a980405f-da84-4631-90c9-1b552d3dd353}
c:\users\KratkyJ\{73221dc0-9d28-4cce-98af-eae7249d324c}¨

File::
c:\windows\system32\PerfStringBackup.TMP

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

Driver::
a2acc
a2AntiMalware

DDS::
uStart Page = hxxp://kompas.hzap.local/
mStart Page =
Trusted Zone: pproi

Firefox::
FF - ProfilePath - c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.8&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[shorty1963]

Používám Symantec, ten je na podnikovém serveru, Kerio VPN Client mám pro připojení na pracovní server z domu.
PPROI je IS používaný v práci a kompas.hzap.local je hlavní přihlašovací stránka i intranetu v práci.
Emsisoft Anti-Malware používám k občasnému scanu a to samé Superantispyware Free.
Mám vše co je ve scriptu teda použít?

[memphisto]

Dobře, tak to upravíme. Ten antimalware nepotřebuješ, máš kompletní řešení od Symantecu. Zbytečně se jejich štíty bijí a vytěžují paměť. Klidně jej můžeš odinstalovat. Ty firewally, no, budiž. Ty stránky tedy vynecháme. Skript bude potom kratší

Kód: Vybrat vše

KillAll::
Folder::
c:\program files\ICQ6Toolbar

DirLook::
c:\users\KratkyJ\{a980405f-da84-4631-90c9-1b552d3dd353}
c:\users\KratkyJ\{73221dc0-9d28-4cce-98af-eae7249d324c}¨

File::
c:\windows\system32\PerfStringBackup.TMP

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

Firefox::
FF - ProfilePath - c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.8&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[shorty1963]

omboFix 11-01-31.02 - KratkyJ 05.02.2011 11:04:08.9.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1250.420.1029.18.3070.1555 [GMT 1:00]
Spuštěný z: c:\users\KratkyJ\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\KratkyJ\Desktop\CFScript.txt.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Aplikace Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\PerfStringBackup.TMP"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\windows\system32\PerfStringBackup.TMP

.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-05 do 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 10:13 . 2011-02-05 10:17 -------- d-----w- c:\users\KratkyJ\AppData\Local\temp
2011-02-05 10:13 . 2011-02-05 10:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-02-05 10:13 . 2011-02-05 10:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-05 07:29 . 2011-02-05 07:29 -------- d-----w- c:\users\KratkyJ\AppData\Local\Adobe
2011-02-05 07:16 . 2011-02-05 07:16 -------- d-----w- c:\users\KratkyJ\AppData\Roaming\smkits
2011-02-04 17:36 . 2011-02-04 17:36 -------- d-----w- c:\users\KratkyJ\DoctorWeb
2011-02-04 06:26 . 2011-02-04 06:33 -------- d-----w- c:\users\KratkyJ\AppData\Roaming\FTWeak
2011-02-03 09:41 . 2011-02-03 09:41 -------- d-----w- c:\program files\CodeStuff
2011-02-03 09:16 . 2011-02-03 12:42 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-02-03 09:03 . 2011-02-03 09:03 -------- d-----w- c:\program files\SlimDrivers
2011-01-31 05:52 . 2011-01-31 05:52 -------- d-----w- C:\AuthLog
2011-01-30 07:14 . 2011-01-30 07:15 -------- d-----w- c:\program files\ICQ7.4
2011-01-29 15:16 . 2008-04-21 14:26 43008 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-01-29 15:16 . 2008-02-15 17:01 46592 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2011-01-29 07:58 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-01-29 07:58 . 2011-01-29 07:58 -------- d-----w- c:\program files\PC Connectivity Solution
2011-01-21 16:32 . 2000-01-01 00:00 837224 ----a-w- c:\windows\system32\nvgenco32hda.dll
2011-01-21 16:32 . 2000-01-01 00:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-21 16:32 . 2000-01-01 00:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-16 10:49 . 2011-01-16 10:55 -------- d-----w- c:\users\KratkyJ\AppData\Roaming\GlarySoft
2011-01-15 10:45 . 2010-09-07 20:09 26216 ----a-w- c:\windows\system32\nvhdap32.dll
2011-01-15 10:45 . 2010-09-07 20:08 123496 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2011-01-15 10:45 . 2010-09-07 20:09 65640 ----a-w- c:\windows\system32\nvapo32v.dll
2011-01-15 09:26 . 2009-12-08 13:11 31680 ----a-w- c:\windows\system32\drivers\psadd.sys
2011-01-15 09:26 . 2011-01-15 09:26 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2011-01-15 09:24 . 2011-01-15 09:24 -------- d-----w- c:\users\KratkyJ\AppData\Roaming\CachedFiles
2011-01-15 09:12 . 2011-01-15 09:12 -------- d-----w- c:\program files\SRS Labs
2011-01-15 09:11 . 2011-01-31 08:47 -------- d-----w- c:\windows\system32\RTCOM
2011-01-15 08:33 . 2000-01-01 00:00 236136 ----a-w- c:\windows\system32\nvcod1923.dll
2011-01-15 07:51 . 2011-01-15 07:51 -------- d-----w- c:\users\KratkyJ\AppData\Local\SlimWare Utilities Inc
2011-01-13 06:00 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-13 06:00 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-13 06:00 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-13 06:00 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-13 06:00 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-13 06:00 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-13 06:00 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-09 09:31 . 2011-01-09 09:31 -------- d-----w- c:\program files\SuperCleaner
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-31 08:48 . 2010-05-09 15:06 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-01-26 04:58 . 2010-11-29 10:46 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-01-15 09:09 . 2008-09-18 07:39 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-01-05 06:12 . 2011-01-05 06:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-23 20:00 . 2010-12-23 20:00 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2010-12-23 20:00 . 2010-12-23 20:00 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-12-23 17:03 . 2010-12-23 17:03 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-23 10:09 . 2008-09-18 07:22 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-12-23 07:24 . 2010-12-23 07:24 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-12-20 17:09 . 2010-12-12 20:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-12 20:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-29 10:45 . 2010-11-29 10:45 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-11-26 12:45 . 2010-11-26 12:45 53248 ----a-r- c:\users\KratkyJ\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-11-25 10:54 . 2010-11-25 10:54 89600 ----a-w- c:\windows\system32\atl71.dll
2010-11-25 10:54 . 2010-11-25 10:54 87368 ----a-w- c:\windows\system32\FwsVpn.dll
2010-11-25 10:54 . 2010-11-25 10:54 43336 ----a-w- c:\windows\system32\drivers\WPSDRVnt.sys
2010-11-25 10:54 . 2010-11-25 10:54 353608 ----a-w- c:\windows\system32\sysfer.dll
2010-11-25 10:54 . 2010-11-25 10:54 107848 ----a-w- c:\windows\system32\SymVPN.dll
2010-11-25 10:54 . 2010-11-25 10:54 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-11-25 10:54 . 2010-11-25 10:54 320944 ----a-w- c:\windows\system32\drivers\srtspl.sys
2010-11-25 10:54 . 2010-11-25 10:54 283184 ----a-w- c:\windows\system32\drivers\srtsp.sys
2010-11-25 10:54 . 2010-11-29 10:45 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-11-25 10:54 . 2010-11-25 10:54 67472 ----a-w- c:\windows\system32\drivers\Teefer2.sys
2010-11-25 10:54 . 2010-11-25 10:54 38448 ----a-w- c:\windows\system32\drivers\symndisv.sys
2010-11-25 10:54 . 2010-11-25 10:54 26416 ----a-w- c:\windows\system32\drivers\symredrv.sys
2010-11-25 10:54 . 2010-11-25 10:54 188080 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-11-25 10:54 . 2010-11-25 10:54 39856 ----a-w- c:\windows\system32\drivers\symids.sys
2010-11-25 10:54 . 2010-11-25 10:54 145968 ----a-w- c:\windows\system32\drivers\symfw.sys
2010-11-25 10:54 . 2010-11-25 10:54 12720 ----a-w- c:\windows\system32\drivers\symdns.sys
2010-11-25 10:54 . 2010-11-25 10:54 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
2010-11-11 20:57 . 2010-12-12 16:16 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-11-11 20:57 . 2010-12-12 16:16 305256 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-11-11 20:57 . 2009-08-15 09:00 100968 ----a-w- c:\windows\system32\RTNUninst32.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\KratkyJ\{73221dc0-9d28-4cce-98af-eae7249d324c}¨ ----


---- Directory of c:\users\KratkyJ\{a980405f-da84-4631-90c9-1b552d3dd353} ----



(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-16 1029416]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2005-06-09 20530]
"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2005-06-09 45106]
"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2005-06-09 20480]
"Client Access PC5250 Sound"="c:\program files\IBM\Client Access\Emulator\pcssnd.exe" [2005-06-09 40960]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-11-25 115560]
"ATUpdatePBA.ltp"="c:\windows\system32\ATUpdatePBA.exe" [2010-02-05 226624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
backup=c:\windows\pss\SRS Premium Sound.lnk.CommonStartup
backupExtension=.CommonStartup

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-09-19 72808]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-02-05 106496]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2010-11-25 23888]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-12-23 23456]
R3 NETw5v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-02-03 2853904]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-02-05 1824064]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-02-05 98304]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 KVPNCSvc;Kerio VPN Client Service;c:\program files\Kerio\VPN Client\kvpncsvc.exe [2009-10-26 972648]
S2 NetTimeSvc;NetTime;c:\program files\NetTime\NeTmSvNT.exe [2003-01-30 452096]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI357.tmp [2010-01-22 189696]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-02-05 661448]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2008-10-20 138920]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-01-15 102448]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2008-10-20 21544]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\DRIVERS\kvnet.sys [2009-03-23 26624]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-08-24 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-08-24 10448]
S3 NETwNv32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [2010-10-18 6959616]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2008-10-20 13224]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 15:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://kompas.hzap.local/
mStart Page =
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: WikiKomentáře Google...
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: pproi
FF - ProfilePath - c:\users\KratkyJ\AppData\Roaming\Mozilla\Firefox\Profiles\iq10jbgw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Open In RegEdit: openinregedit@firefox - %profile%\extensions\openinregedit@firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI357.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17739CC8-1062-40F7-1C3862585ABD2CDA}\{84278681-95F8-776A-6C175249145B2CFC}\{113E55B4-CE67-C34A-F065E12B6143C7DD}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,74,a9,89,
b6,26,d8,25,c3,2c,e3,fb,34,96,55,46,18,b9,7c,0c,53,46,b4,a1,86,9d,a2,13,21,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{210BD7C7-47ED-BBE9-95D0F9FAA3BD0E97}\{C5D4C247-F1D1-D183-A63FC2DFAAC29AA3}\{B55B3474-A2E6-F6F7-4AD088E6434601A2}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3024A848-7C77-6F90-8B14B36A94BB61F2}\{6CDD5654-07A8-13D8-C2EB636328E10F29}\{AF593ADC-BF32-7E11-B704756686EE805B}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C314B03-F43E-BA89-952BA1DFD2D5EFE8}\{7539A87C-0FED-33C5-609B84E8BF01550C}\{B9902A55-37BA-35DE-AA3E0A7380F9249D}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,74,a9,89,
b6,26,d8,25,c3,2c,e3,fb,34,96,55,46,18,b9,7c,0c,53,46,b4,a1,86,9d,a2,13,21,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(3360)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\notes\ntmulti.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Synaptics\SynTP\SynAsus.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\system32\WUDFHost.exe
.
**************************************************************************
.
Celkový čas: 2011-02-05 11:22:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-05 10:22
ComboFix2.txt 2011-02-05 07:46

Před spuštěním: Volných bajtů: 58 614 366 208
Po spuštění: Volných bajtů: 58 353 106 944

- - End Of File - - 8EB5FF030EA173B1BF92384CE68FC93B

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+HJT

Jak je na tom PC?

[shorty1963]

PC se chová zdá se normálně, uvidíme jestli zase zatuhne.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:28, on 5.2.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynAsus.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Users\KratkyJ\Downloads\PC-udrzba\hijackthis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Symantec\LiveUpdate\luall.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kompas.hzap.local/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Notes Link - - (no file)
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.11.9.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATUpdatePBA.ltp] C:\Windows\system32\ATUpdatePBA.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O15 - Trusted Zone: http://*.pproi
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\Windows\CWBRXD.EXE
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Kerio VPN Client Service (KVPNCSvc) - Kerio Technologies Inc. - C:\Program Files\Kerio\VPN Client\kvpncsvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Program Files\NetTime\NeTmSvNT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSI357.tmp
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Aplikace Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Aplikace Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 9644 bytes

[memphisto]

To zatuhování může mít na svědomí i ta přemíra ochran.
V logu fixni:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Notes Link - - (no file)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Případně vyzkoušej defragmentaci disku