Problém s pc

mEEEgy · Příspěvekod **mEEEgy** » 16 bře 2011 17:06

Ahoj, poslední dobou mam docela dost problém s kompem, strašně se seká, nevim co s tim, v hrách mi padají fps, prosím poradte, díkky :)

zde log z hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:29:16, on 15.3.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe
C:\windows\system32\Rundll32.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\system32\LGScsiCommandService.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
D:\Documents and Settings\cip\Local Settings\Data aplikací\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\HLSW\hlsw.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\windows\system32\PnkBstrB.exe
D:\Program Files\Xfire\Xfire.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\cip\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: XfireXO Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe2.dll (file missing)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\cip\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: XfireXO Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe2.dll (file missing)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: XfireXO Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe2.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SystemExplorer] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate1c9b80a215723f4) (gupdate1c9b80a215723f4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LG SCSI command service (LGScsiCommandService) - Mobile Leader Co.,Ltd. - C:\windows\system32\LGScsiCommandService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe

--
End of file - 16125 bytes

Reklama

Příspěvekod **Žbeky** » 16 bře 2011 18:15

Taky to máš zapráskané vším možným. To já se divím, že ti to vůbec jede... :roll:

Odinstaluj:
Winamp Toolbar
Easy-WebPrint toolbar
XfireXO Toolbar
Ask Toolbar
BearShare MediaBar
ICQToolBar
DAEMON Tools Toolbar
Google Toolbar
Spybot S&D
McAfee Security Scan
uTorrent nebo Bitcomet - k čemu ti jsou oba najednou

V HJT fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\cip\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: XfireXO Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe2.dll (file missing)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\cip\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: XfireXO Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe2.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: XfireXO Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe2.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfi2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SystemExplorer] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

mEEEgy · Příspěvekod **mEEEgy** » 16 bře 2011 21:05

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6078

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

16.3.2011 19:39:50
mbam-log-2011-03-16 (19-39-44).txt

Typ kontroly: Rychlý test
Testované objekty: 156894
Uplynulý čas: 8 minut, 36 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 1
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836} (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\program files\winupdates (Worm.P2P) -> No action taken.

Infikované soubory:
c:\update.exe (Trojan.Agent) -> No action taken.
c:\program files\winupdates\klog.dat (Worm.P2P) -> No action taken.

Tak tu to je, co dále heled? :)

Příspěvekod **Žbeky** » 16 bře 2011 21:13

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Máš AVG, tak tě to možná vyzve, ať ho odinstaluješ.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

mEEEgy · Příspěvekod **mEEEgy** » 17 bře 2011 15:33

ComboFix 11-03-16.04 - cip 17.03.2011 15:14:10.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.619 [GMT 1:00]
Spuštěný z: c:\documents and settings\cip\Dokumenty\Downloads\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\tmp.tmp.tmp1
.
c:\windows\regedit.exe . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PROTECTOR
-------\Service_NPF
-------\Service_protector
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-17 do 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 13:59 . 2011-03-17 13:59 -------- d-----w- c:\windows\LastGood.Tmp
2011-03-16 17:53 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 17:53 . 2011-03-16 17:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-16 17:53 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 16:51 . 2011-03-15 16:51 -------- d-----w- C:\$AVG
2011-03-15 15:02 . 2011-03-15 15:02 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-03-15 15:00 . 2011-03-17 13:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-03-15 14:59 . 2011-03-15 14:59 -------- d-----w- c:\program files\AVG
2011-03-15 06:55 . 2011-03-15 14:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-03-12 12:59 . 2011-03-17 06:02 -------- d-----w- c:\documents and settings\cip\Local Settings\Data aplikací\ESL Wire Game Client
2011-03-12 12:59 . 2010-12-08 10:53 841912 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2011-03-12 12:58 . 2010-12-08 10:53 24504 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2011-03-12 12:58 . 2011-03-12 12:59 -------- d-----w- c:\program files\EslWire
2011-03-12 12:58 . 2011-03-12 12:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESL Wire
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 07:13 . 2009-04-02 13:45 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-17 07:13 . 2009-04-02 17:17 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-17 07:13 . 2009-04-02 13:45 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-17 07:06 . 2009-04-02 13:45 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-29 18:26 . 2009-04-12 09:41 682280 ----a-w- c:\windows\system32\pbsvc.exe
.
.
------- Sigcheck -------
.
[-] 2008-05-26 18:12 . B585787BA6DE8EEAD48D1ED5B40DB3CD . 1536000 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[7] 2004-08-17 13:49 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2004-08-17 . DC0447EDA50475E6EB9AA14C308EFD9B . 100864 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-17 . DC0447EDA50475E6EB9AA14C308EFD9B . 100864 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2006-08-25 . EE92170C908801FE0F364EDC73BF7D14 . 689152 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2004-08-17 . F76B3003366A205E05AFC0D034C7D3E9 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2007-08-13 . 1B70DB042A98B52BBBFEA5CBF8AF3FD2 . 3851264 . . [7.00.5730.13] . . c:\windows\system32\mshtml.dll
[-] 2007-08-13 . 1B70DB042A98B52BBBFEA5CBF8AF3FD2 . 3851264 . . [7.00.5730.13] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll
.
[-] 2007-08-13 . F284A6225A3057A1E19985E1D4B47ADA . 809472 . . [7.00.5730.13] . . c:\windows\system32\wininet.dll
[-] 2007-08-13 . F284A6225A3057A1E19985E1D4B47ADA . 809472 . . [7.00.5730.13] . . c:\windows\system32\dllcache\wininet.dll
[7] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
[-] 2007-06-13 . 74998A0669C3DE7A053E6EDE7AE7C54B . 1501696 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-05-26 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2011-01-26 2577408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"P17Helper"="P17.dll" [2005-05-03 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-05-26 40448]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"Firewalboverride"=dword:00000004
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\steamapps\\rekvb\\condition zero\\hl.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\rekvb\\counter-strike\\hl.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12195:TCP"= 12195:TCP:BitComet 12195 TCP
"12195:UDP"= 12195:UDP:BitComet 12195 UDP
"56362:TCP"= 56362:TCP:Pando Media Booster
"56362:UDP"= 56362:UDP:Pando Media Booster
"1071:TCP"= 1071:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.4.2010 15:27 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17.8.2004 14:49 14336]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [28.5.2009 17:37 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [28.5.2009 17:37 234888]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [12.3.2011 13:59 841912]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.7.2009 18:12 222968]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [24.12.2010 20:12 47616]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [12.3.2011 13:58 24504]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [17.7.2009 19:37 127496]
S2 gupdate1c9b80a215723f4;Služba Google Update (gupdate1c9b80a215723f4);c:\program files\Google\Update\GoogleUpdate.exe [8.4.2009 06:23 133104]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2009-04-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 17:35]
.
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f9b586fdd32.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 05:23]
.
2010-03-17 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-03-17 18:30]
.
2009-04-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-04-02 16:15]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.bearshare.com/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu
IE: Stáhnout všechna videa s použitím BitCometu
IE: Stáhnout všechny odkazy s použitím BitCometu
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - %profile%\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{A33FA729-D155-4B23-842B-2C665ECABDB6} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
AddRemove-4StoryCZ_is1 - c:\program files\Gameforge4D\4Story\unins000.exe
AddRemove-CoD 2 čeština_is1 - c:\program files\Activision\Call of Duty 2\main\unins000.exe
AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-Hamachi - d:\program files\Hamachi\uninstall.exe
AddRemove-LAME for Audacity_is1 - c:\program files\Lame for Audacity\unins000.exe
AddRemove-QIP 2005_is1 - c:\program files\QIP\unins000.exe
AddRemove-R.Y.L FactorY_is1 - d:\r.y.l factory\unins000.exe
AddRemove-{259C0ABB-A3B2-4D70-008F-BF7EE491B70B} - c:\program files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files\Pando Networks\Media Booster\uninst.exe
AddRemove-{C13E90B0-4E1C-11DB-6784-0152EAA218BE} - d:\program files\Activision\Call of Duty 2\Uninst_Call of Duty(R) 2 Patch 1.3.exe
AddRemove-QIP 2005 - c:\program files\QIP\unins001.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 15:20
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(3264)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\Amhooker.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-03-17 15:25:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-17 14:25
.
Před spuštěním: Volných bajtů: 58 302 652 416
Po spuštění: Volných bajtů: 58 177 605 632
.
- - End Of File - - 653F9BDBE0DD166A4D86388F96E6ABF3

Tady je ten log, co dál? :)

Příspěvekod **Žbeky** » 17 bře 2011 16:36

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"Firewalboverride"=dword:00000000

Driver::
ICQ Service
GGSAFERDriver
McComponentHostService
npggsvc
ASKService
ASKUpgrade

Folder::
c:\program files\ICQ6Toolbar
c:\windows\LastGood.Tmp
c:\program files\McAfee Security Scan
c:\program files\AskBarDis

File::
c:\program files\Garena\plugins\UI\safedrv.sys
c:\windows\system32\GameMon.des
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f9b586fdd32.job

DDS::
uStart Page = hxxp://search.bearshare.com/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

Firefox::
FF - ProfilePath - c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Příspěvekod **memphisto** » 17 bře 2011 16:42

To je bordel ....

Opět vypni rezidentní ochrany antiviru a firewallu a dále:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\program files\AskBarDis
c:\program files\ICQ6Toolbar
c:\program files\McAfee Security Scan

File::
c:\program files\Garena\plugins\UI\safedrv.sys
c:\windows\system32\GameMon.des
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f9b586fdd32.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f9b586fdd32.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"Firewalboverride"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

Driver::
ASKService
ASKUpgrade
ICQ Service
GGSAFERDriver
McComponentHostService
npggsvc

DDS::
uStart Page = hxxp://search.bearshare.com/
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

Firefox::
FF - ProfilePath - c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

mEEEgy · Příspěvekod **mEEEgy** » 17 bře 2011 20:47

ComboFix 11-03-16.06 - cip 17.03.2011 20:30:31.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.732 [GMT 1:00]
Spuštěný z: c:\documents and settings\cip\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\cip\Plocha\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
FILE ::
"c:\program files\Garena\plugins\UI\safedrv.sys"
"c:\windows\system32\GameMon.des"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f9b586fdd32.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\cip\Data aplikací\Mikrotik
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\advtool.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\advtool.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\dhcp.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\dhcp.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\hotspot.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\hotspot.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\ipv6.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\ipv6.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\ntp.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\ntp.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\pim.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\pim.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\ppp.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\ppp.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\roteros.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\roteros.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\roting2.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\roting2.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\secure.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\secure.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\system.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\system.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\ups.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\ups.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\wlan2.crc
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\3.30-1002800881\wlan2.dll
c:\documents and settings\cip\Data aplikací\Mikrotik\Winbox\winbox.cfg
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\ConduitAutoCompleteSearch.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\ConduitAutoCompleteSearch.xpt
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\ConduitToolbar.idl
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\ConduitToolbar.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\ConduitToolbar.xpt
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.xpt
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.xpt
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults\default_radio_skin.xml
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults\fbAlert.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome.manifest
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome\xfirexo.jar
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\install.rdf
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\lib\xpcom.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF\manifest.mf
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF\zigbert.rsa
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF\zigbert.sf
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin\conduit.gif
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin\conduit.ico
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin\conduit.PNG
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin\conduit.src
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin\conduit.xml
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\version.txt
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.gif
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.src
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\config.dat.bak
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\contents.rdf
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\snipit.js
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest.dev
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome\ajtoolbar.jar
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.bak
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.de-DE
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.es-ES
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.fr-FR
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\install.rdf.it-IT
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\manifest.mf
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.rsa
c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF\zigbert.sf
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\AskSplash.exe
c:\program files\AskBarDis\bar\bin\AskTBApp.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Cache\00A6DE33
c:\program files\AskBarDis\bar\Cache\00A6E3F0.bin
c:\program files\AskBarDis\bar\Cache\00A6E95E.bin
c:\program files\AskBarDis\bar\Cache\00A6ED37.bin
c:\program files\AskBarDis\bar\Cache\00A6F0F0.bin
c:\program files\AskBarDis\bar\Cache\00A6F46A.bin
c:\program files\AskBarDis\bar\Cache\00A6F852.bin
c:\program files\AskBarDis\bar\Cache\00A6FAD3.bin
c:\program files\AskBarDis\bar\Cache\02568187
c:\program files\AskBarDis\bar\Cache\files.ini
c:\program files\AskBarDis\bar\History\search
c:\program files\AskBarDis\bar\Settings\AskLogo.ico
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\bar\Settings\prevcfg.htm
c:\program files\AskBarDis\bar\Settings\prevCfg2.htm
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\icqtoolbar.jar
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\windows\system32\GameMon.des
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6f9b586fdd32.job
.
c:\windows\regedit.exe . . . je infikován!!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Legacy_GGSAFERDRIVER
-------\Legacy_ICQ_SERVICE
-------\Legacy_MCCOMPONENTHOSTSERVICE
-------\Service_ASKService
-------\Service_ASKUpgrade
-------\Service_GGSAFERDriver
-------\Service_ICQ Service
-------\Service_McComponentHostService
-------\Service_npggsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-02-17 do 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-16 17:54 . 2011-03-16 17:54 -------- d-----w- c:\documents and settings\cip\Data aplikací\Malwarebytes
2011-03-16 17:53 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-16 17:53 . 2011-03-16 17:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-03-16 17:53 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-15 16:51 . 2011-03-15 16:51 -------- d-----w- C:\$AVG
2011-03-15 15:07 . 2011-03-15 15:07 388096 ----a-r- c:\documents and settings\cip\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-15 15:04 . 2011-03-15 15:04 -------- d-----w- c:\documents and settings\cip\Data aplikací\AVG10
2011-03-15 15:02 . 2011-03-15 15:02 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2011-03-15 15:00 . 2011-03-17 13:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG10
2011-03-15 14:59 . 2011-03-15 14:59 -------- d-----w- c:\program files\AVG
2011-03-15 06:55 . 2011-03-15 14:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2011-03-12 12:59 . 2011-03-17 14:22 -------- d-----w- c:\documents and settings\cip\Local Settings\Data aplikací\ESL Wire Game Client
2011-03-12 12:59 . 2010-12-08 10:53 841912 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2011-03-12 12:58 . 2010-12-08 10:53 24504 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2011-03-12 12:58 . 2011-03-12 12:59 -------- d-----w- c:\program files\EslWire
2011-03-12 12:58 . 2011-03-12 12:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESL Wire
2011-02-26 01:19 . 2011-02-26 01:19 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 18:48 . 2009-04-02 13:45 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-17 18:48 . 2009-04-02 17:17 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-17 18:48 . 2009-04-02 13:45 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-17 18:15 . 2009-04-02 13:45 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-29 18:26 . 2009-04-02 13:45 22328 ----a-w- c:\documents and settings\cip\Data aplikací\PnkBstrK.sys
2011-01-29 18:26 . 2009-04-12 09:41 682280 ----a-w- c:\windows\system32\pbsvc.exe
.
.
------- Sigcheck -------
.
[-] 2008-05-26 18:12 . B585787BA6DE8EEAD48D1ED5B40DB3CD . 1536000 . . [2001.12.4414.258] . . c:\windows\system32\comres.dll
[7] 2004-08-17 13:49 . B44F68274AB7B8A54E9AD74AFF0EFAAC . 806912 . . [2001.12.4414.258] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2004-08-17 . DC0447EDA50475E6EB9AA14C308EFD9B . 100864 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-17 . DC0447EDA50475E6EB9AA14C308EFD9B . 100864 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe
.
[-] 2006-08-25 . EE92170C908801FE0F364EDC73BF7D14 . 689152 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2004-08-17 . F76B3003366A205E05AFC0D034C7D3E9 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
.
[-] 2007-08-13 . 1B70DB042A98B52BBBFEA5CBF8AF3FD2 . 3851264 . . [7.00.5730.13] . . c:\windows\system32\mshtml.dll
[-] 2007-08-13 . 1B70DB042A98B52BBBFEA5CBF8AF3FD2 . 3851264 . . [7.00.5730.13] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\ie7\mshtml.dll
.
[-] 2007-08-13 . F284A6225A3057A1E19985E1D4B47ADA . 809472 . . [7.00.5730.13] . . c:\windows\system32\wininet.dll
[-] 2007-08-13 . F284A6225A3057A1E19985E1D4B47ADA . 809472 . . [7.00.5730.13] . . c:\windows\system32\dllcache\wininet.dll
[7] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\ie7\wininet.dll
.
[-] 2007-06-13 . 74998A0669C3DE7A053E6EDE7AE7C54B . 1501696 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-05-26 . 82B0ED1EE0F3552290749FB80C074835 . 40448 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe
.
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-11-17 1242448]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2010-11-16 172856]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2011-01-26 2577408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"P17Helper"="P17.dll" [2005-05-03 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-05-26 40448]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\steamapps\\rekvb\\condition zero\\hl.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\rekvb\\counter-strike\\hl.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12195:TCP"= 12195:TCP:BitComet 12195 TCP
"12195:UDP"= 12195:UDP:BitComet 12195 UDP
"56362:TCP"= 56362:TCP:Pando Media Booster
"56362:UDP"= 56362:UDP:Pando Media Booster
"1081:TCP"= 1081:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11.4.2010 15:27 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [17.8.2004 14:49 14336]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [12.3.2011 13:59 841912]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29.10.2009 12:27 1074568]
R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [24.12.2010 20:12 47616]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [12.3.2011 13:58 24504]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [17.7.2009 19:37 127496]
S2 gupdate1c9b80a215723f4;Služba Google Update (gupdate1c9b80a215723f4);c:\program files\Google\Update\GoogleUpdate.exe [8.4.2009 06:23 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2009-04-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 17:35]
.
2011-03-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-08 05:22]
.
.
------- Doplňkový sken -------
.
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu
IE: Stáhnout všechna videa s použitím BitCometu
IE: Stáhnout všechny odkazy s použitím BitCometu
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\cip\Data aplikací\Mozilla\Firefox\Profiles\l4peqha8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Aquatint Black: {7694c49c-9fbd-11dc-8314-0800200c9a66} - %profile%\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Virtus Search Opt-in: extension@virtusdesigns.com - %profile%\extensions\extension@virtusdesigns.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 20:36
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\cscui.dll
.
- - - - - - - > 'explorer.exe'(420)
c:\program files\EslWire\inGame32.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\EslWire\inGame32.exe
c:\program files\EslWire\dbus-daemon.exe
.
**************************************************************************
.
Celkový čas: 2011-03-17 20:42:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-03-17 19:42
ComboFix2.txt 2011-03-17 14:25
.
Před spuštěním: Volných bajtů: 58 136 088 576
Po spuštění: Volných bajtů: 58 130 079 744
.
- - End Of File - - A0BBDC1E6EF08FA01263CDC1AC681217

_Tu to je tak co dál?

Příspěvekod **memphisto** » 17 bře 2011 20:57

Nejsou problémy se sítí či internetem?

mEEEgy · Příspěvekod **mEEEgy** » 17 bře 2011 21:14

No, akorát u toho prvního logu mi to blblo a ted je to ok :)

Příspěvekod **memphisto** » 17 bře 2011 21:24

Používáš Mikrotik Winbox? Combofix jej smazal, tak jestli obnovovat či nechat tak ...

mEEEgy · Příspěvekod **mEEEgy** » 17 bře 2011 23:21

Ne, nepoužívám :)

Problém s pc

Problém s pc

Re: Problém s pc

Re: Problém s pc

Re: Problém s pc

Re: Problém s pc

Re: Problém s pc

Re: Problém s pc

Re: Problém s pc

Re: Problém s pc

Re: Problém s pc

Re: Problém s pc

Re: Problém s pc

Kdo je online