Prosím o kontrolu logu Vyřešeno

[guest]

Souvisí s tímto vláknem- viewtopic.php?f=95&t=68512 - na doporučení jara3 vkládám log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:39:44, on 7.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\HDTUNE~1\HDTune.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Timer Wizard\Timer Wizard.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\ICQ7.5\ICQ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14672&l=dis
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SystemKey] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\All Users\Data aplikací\SystemKey\SystemKey.dll" rdl
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Timer Wizard.lnk = C:\Program Files\Timer Wizard\Timer Wizard.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2848935025
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: GSService - Unknown owner - C:\WINDOWS\system32\GSService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6837 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14672&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present


O4 - HKLM\..\Run: [SystemKey] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\All Users\Data aplikací\SystemKey\SystemKey.dll" rdl

toto používáš záměrně???
To je program na zaznamenávání veškeré činnosti na počítači (keylogger) +spyware
Jestli nepoužíváš , tak taky FIX!

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\system32\mgabg.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.




Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole můzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Jdu spát..

//přejdi z Avast 5 na Avast 6..

[guest]

Provedeno vše podle rozkazu:

vše fixnuto
Virus total negativní - soubor patří ke GK
Dr. Web CureIt našel jen SystemKey - ponecháno, používám
MBAM bez nálezu
Avast upgradován na 6


CCleaner historii Opery stejně nemaže.
Jinak žádně problémy nepozoruji - před měsícem mi to kontrolovala Bledulka - viewtopic.php?f=70&t=67469&hilit=+Pro+Bledulku

[jaro3]

Tos tam ale ještě neměl ten System Key.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

[guest]

Zapoměl jsem uvést, že SystemKey mám asi 4 dny, ale CCleaner nefungoval dříve. Jdu na ComboFix.

[jaro3]

Fajn , koukal jsem že s Combofixem žádné problémy snad nemáš.
Aby Ti ho ale CF nesmazal.(System Key).

[guest]

CF ho samozřejmě smazal Žádnej problém!

ComboFix 11-06-07.03 - Administrator 08.06.2011 14:35:23.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.719 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-08 do 2011-06-08 )))))))))))))))))))))))))))))))
.
.
2011-06-08 09:37 . 2011-06-08 09:37 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2011-06-08 08:34 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-08 08:34 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-08 08:34 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-08 08:34 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-08 08:34 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-08 08:34 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-08 08:34 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-08 08:34 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-08 08:33 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-08 08:33 . 2011-06-08 08:33 -------- d-----w- c:\program files\AVAST Software
2011-06-08 08:33 . 2011-06-08 08:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-06-07 10:09 . 2011-06-07 10:10 -------- d-----w- c:\program files\CCleaner
2011-06-07 09:14 . 2011-06-08 10:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Smarty Uninstaller
2011-06-07 09:13 . 2011-04-25 08:25 4603616 ----a-w- c:\windows\system32\DevComponents.DotNetBar2.dll
2011-06-07 09:13 . 2011-06-07 09:14 -------- d-----w- c:\program files\Smarty Uninstaller
2011-06-06 08:35 . 2011-06-06 08:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SystemKey
2011-06-03 08:52 . 2011-06-03 08:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Abelssoft
2011-06-03 08:52 . 2011-06-03 08:52 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Abelssoft
2011-06-03 08:45 . 2011-05-29 09:34 28032 ----a-w- c:\windows\system32\drivers\ShredderDriver32.sys
2011-06-03 08:45 . 2011-06-03 08:45 -------- d-----w- c:\program files\FileWing
2011-06-01 16:55 . 2009-03-26 23:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2011-06-01 16:55 . 2011-06-01 16:55 -------- d-----w- c:\program files\CPUID
2011-05-31 08:28 . 2011-05-31 08:28 -------- d-----w- c:\program files\Common Files\Chameleon Manager
2011-05-30 14:46 . 2011-05-30 14:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\QuickStores
2011-05-26 18:54 . 2011-05-26 18:54 -------- d-----w- c:\documents and settings\Administrator\Qonverter
2011-05-24 07:00 . 2011-05-24 07:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 11:03 . 2011-05-10 11:07 -------- d-----w- c:\program files\ICQ7.5
2011-05-09 20:39 . 2011-06-07 13:46 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2010-09-09 15:25 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-09-09 15:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:10 . 2011-02-25 11:27 40112 ----a-w- c:\windows\avastSS.scr
2009-05-20 21:29 . 2009-05-20 21:29 1822848 ----a-w- c:\program files\instmsiw.exe
2009-05-20 21:29 . 2009-05-20 21:29 1709160 ----a-w- c:\program files\instmsia.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Matrox PowerDesk SE"="c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2010-02-11 4246784]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"HD Tune"="c:\progra~1\HDTUNE~1\HDTune.exe" [2008-02-09 401408]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"SystemKey"="c:\documents and settings\All Users\Data aplikací\SystemKey\SystemKey.dll" [2006-04-07 339968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Timer Wizard.lnk - c:\program files\Timer Wizard\Timer Wizard.exe [2005-6-5 225280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:Active@ SMART Monitor
.
R0 ShredderVolumeDriver;Helper driver for shredding volume;c:\windows\system32\drivers\ShredderDriver32.sys [3.6.2011 10:45 28032]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.6.2011 10:34 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.6.2011 10:34 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.6.2011 10:34 19544]
R2 Matrox Centering Service;Matrox Centering Service;c:\program files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [11.2.2010 16:48 1266944]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [11.2.2010 16:48 344832]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.7.2010 2:45 35088]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [19.11.2010 17:27 27632]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [18.5.2010 16:01 493032]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2.11.2010 10:07 364544]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [19.11.2010 17:25 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [19.11.2010 17:25 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [19.11.2010 17:25 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [19.11.2010 17:26 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [19.11.2010 17:25 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [19.11.2010 17:25 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [19.11.2010 17:26 115752]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWSNX
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
mSearch Bar = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 212.20.67.99
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=14672&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... YYYYYCZ&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Page Hacker: pagehacker-nico@nc - %profile%\extensions\pagehacker-nico@nc
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-08 14:56
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-1960408961-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,9a,13,6a,40,b4,94,4e,bf,cb,53,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,9a,13,6a,40,b4,94,4e,bf,cb,53,\
.
Celkový čas: 2011-06-08 15:06:52
ComboFix-quarantined-files.txt 2011-06-08 13:06
.
Před spuštěním: Volných bajtů: 131 958 599 680
Po spuštění: Volných bajtů: 131 922 087 936
.
- - End Of File - - C2061B9E7DE3C0293F5A1976D1DC60B7

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File Look::
c:\windows\system32\drivers\ShredderDriver32.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=-
"NoFileAssociate"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

Firefox::
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=14672&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... YYYYYCZ&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Page Hacker: pagehacker-nico@nc - %profile%\extensions\pagehacker-nico@nc

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\drivers\ShredderDriver32.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.


c:\windows\system32\drivers\ShredderDriver32.sys
R0 ShredderVolumeDriver;Helper driver for shredding volume;c:\windows\system32\drivers\ShredderDriver32.sys [3.6.2011 10:45 28032]
---máš představu k čemu to patří???

[guest]

Log CF:
ComboFix 11-06-07.03 - Administrator 08.06.2011 17:05:33.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.659 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.text
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-08 do 2011-06-08 )))))))))))))))))))))))))))))))
.
.
2011-06-08 14:17 . 2011-06-08 14:19 -------- d-----w- c:\program files\HomeKeylogger
2011-06-08 09:37 . 2011-06-08 09:37 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2011-06-08 08:34 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-08 08:34 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-08 08:34 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-08 08:34 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-08 08:34 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-08 08:34 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-08 08:34 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-08 08:34 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-08 08:33 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-08 08:33 . 2011-06-08 08:33 -------- d-----w- c:\program files\AVAST Software
2011-06-08 08:33 . 2011-06-08 08:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-06-07 10:09 . 2011-06-07 10:10 -------- d-----w- c:\program files\CCleaner
2011-06-07 09:14 . 2011-06-08 10:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Smarty Uninstaller
2011-06-07 09:13 . 2011-04-25 08:25 4603616 ----a-w- c:\windows\system32\DevComponents.DotNetBar2.dll
2011-06-07 09:13 . 2011-06-07 09:14 -------- d-----w- c:\program files\Smarty Uninstaller
2011-06-06 08:35 . 2011-06-06 08:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SystemKey
2011-06-03 08:52 . 2011-06-03 08:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Abelssoft
2011-06-03 08:52 . 2011-06-03 08:52 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Abelssoft
2011-06-03 08:45 . 2011-05-29 09:34 28032 ----a-w- c:\windows\system32\drivers\ShredderDriver32.sys
2011-06-03 08:45 . 2011-06-03 08:45 -------- d-----w- c:\program files\FileWing
2011-06-01 16:55 . 2009-03-26 23:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2011-06-01 16:55 . 2011-06-01 16:55 -------- d-----w- c:\program files\CPUID
2011-05-31 08:28 . 2011-05-31 08:28 -------- d-----w- c:\program files\Common Files\Chameleon Manager
2011-05-30 14:46 . 2011-05-30 14:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\QuickStores
2011-05-26 18:54 . 2011-05-26 18:54 -------- d-----w- c:\documents and settings\Administrator\Qonverter
2011-05-24 07:00 . 2011-05-24 07:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 11:03 . 2011-05-10 11:07 -------- d-----w- c:\program files\ICQ7.5
2011-05-09 20:39 . 2011-06-07 13:46 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2010-09-09 15:25 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-09-09 15:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:10 . 2011-02-25 11:27 40112 ----a-w- c:\windows\avastSS.scr
2009-05-20 21:29 . 2009-05-20 21:29 1822848 ----a-w- c:\program files\instmsiw.exe
2009-05-20 21:29 . 2009-05-20 21:29 1709160 ----a-w- c:\program files\instmsia.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Matrox PowerDesk SE"="c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2010-02-11 4246784]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"HD Tune"="c:\progra~1\HDTUNE~1\HDTune.exe" [2008-02-09 401408]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"SystemKey"="c:\documents and settings\All Users\Data aplikací\SystemKey\SystemKey.dll" [2006-04-07 339968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Timer Wizard.lnk - c:\program files\Timer Wizard\Timer Wizard.exe [2005-6-5 225280]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:Active@ SMART Monitor
.
R0 ShredderVolumeDriver;Helper driver for shredding volume;c:\windows\system32\drivers\ShredderDriver32.sys [3.6.2011 10:45 28032]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.6.2011 10:34 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.6.2011 10:34 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.6.2011 10:34 19544]
R2 Matrox Centering Service;Matrox Centering Service;c:\program files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [11.2.2010 16:48 1266944]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [11.2.2010 16:48 344832]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.7.2010 2:45 35088]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [19.11.2010 17:27 27632]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [18.5.2010 16:01 493032]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2.11.2010 10:07 364544]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [19.11.2010 17:25 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [19.11.2010 17:25 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [19.11.2010 17:25 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [19.11.2010 17:26 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [19.11.2010 17:25 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [19.11.2010 17:25 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [19.11.2010 17:26 115752]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ASWSNX
.
.
------- Doplňkový sken -------
.
mSearch Bar = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 212.20.67.99
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=14672&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... YYYYYCZ&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Page Hacker: pagehacker-nico@nc - %profile%\extensions\pagehacker-nico@nc
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-HomeKeyLogger - c:\program files\HomeKeylogger\KeyLogger.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-08 17:36
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-1960408961-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,9a,13,6a,40,b4,94,4e,bf,cb,53,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,9a,13,6a,40,b4,94,4e,bf,cb,53,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2312)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-06-08 17:48:16
ComboFix-quarantined-files.txt 2011-06-08 15:47
ComboFix2.txt 2011-06-08 13:07
.
Před spuštěním: Volných bajtů: 131 866 546 176
Po spuštění: Volných bajtů: 131 859 021 824
.
- - End Of File - - C5621F4287F4F9AB8B5BDDCC5995BC42

Log HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:56:45, on 8.6.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\ICQ7.5\ICQ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [SystemKey] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\All Users\Data aplikací\SystemKey\SystemKey.dll" rdl
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Timer Wizard.lnk = C:\Program Files\Timer Wizard\Timer Wizard.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2848935025
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: GSService - Unknown owner - C:\WINDOWS\system32\GSService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - c:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5832 bytes

http://www.virustotal.com/file-scan/rep ... 1307548339 - k čemu to patří netuším

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Collect::
c:\windows\system32\drivers\ShredderDriver32.sys

Folder::
c:\program files\HomeKeylogger

Driver::
ShredderVolumeDriver
ShredderDriver32

Firefox::
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=14672&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... YYYYYCZ&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Page Hacker: pagehacker-nico@nc - %profile%\extensions\pagehacker-nico@nc

ReckLock::
[HKEY_USERS\S-1-5-21-1229272821-1960408961-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
 d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,9a,13,6a,40,b4,94,4e,bf,cb,53,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
 d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,9a,13,6a,40,b4,94,4e,bf,cb,53,\


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[guest]

Vše proběhlo korektně, jenom CF mazal tak zběsile až jsem se bál zda mi tam něco zůstane, nejvíc toho souviselo s Mozzilou. Navíc CF něco odesílal k další analýze. Jenom po restartu otravoval Avast s tím Sanboxem.
CF log:
ComboFix 11-06-07.03 - Administrator 09.06.2011 10:18:30.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.766 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
file zipped: c:\windows\system32\drivers\ShredderDriver32.sys
.
PEV Error: MenuFile
PEV Error: MenuFolder
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components\ITB_History.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\prefs.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\user.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome.manifest
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\about.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\autocomplete.xml
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\exitobserver.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\globals.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\highlight.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.css
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtabs.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\icqtoolbar.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgLarge.gif
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\bgSmall.gif
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonBlue.gif
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\buttonGreen.gif
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img\searchLogo.gif
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\localfileupdate.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\menu-button.xml
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_bg.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_cz.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_de.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_en.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_es.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_fr.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_he.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_it.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_ru.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_sk.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_tr.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\newTab_uk.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\options.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsegamesxml.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\parsemenuxml.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\peoplesearch.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\prefutils.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\search.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\splitter.xml
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\statistics.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\tabcontext.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\utilities.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\voucher.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\zoom.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\icq_locale.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\itb_options.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg\options.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\icq_locale.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\itb_options.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs\options.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\icq_locale.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\itb_options.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de\options.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\icq_locale.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\itb_options.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US\options.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\icq_locale.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\itb_options.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es\options.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\icq_locale.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\itb_options.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr\options.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\icq_locale.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\itb_options.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he\options.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\icq_locale.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\itb_options.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it\options.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\icq_locale.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\itb_options.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru\options.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\icq_locale.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\itb_options.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk\options.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\icq_locale.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\itb_options.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr\options.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\about.css
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\abt.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ain.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\ang.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\default.css
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dis.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\dropmarker.css
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\defaults\preferences\prefs.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome.manifest
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\content\pagehacker.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\content\pagehacker.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ar\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ar\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ar\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ca-AD\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ca-AD\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ca-AD\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\cs-CZ\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\cs-CZ\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\cs-CZ\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\de-DE\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\de-DE\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\de-DE\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\en-GB\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\en-GB\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\en-US\amo.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\en-US\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\en-US\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\en-US\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\es-ES\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\es-ES\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\fr-FR\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\fr-FR\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\fr-FR\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\he-IL\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\he-IL\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\hu-HU\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\hu-HU\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\hu-HU\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\it-IT\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\it-IT\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\it-IT\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ja-JP\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ja-JP\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ja-JP\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\lt-LT\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\lt-LT\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\lt-LT\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\nl-NL\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\nl-NL\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\nl-NL\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\pl-PL\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\pl-PL\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\pl-PL\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\pt-BR\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\pt-BR\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\pt-BR\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\pt-PT\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\pt-PT\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\pt-PT\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ru-RU\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ru-RU\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\ru-RU\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\sk-SK\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\sk-SK\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\tr-TR\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\tr-TR\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\zh-CN\contents.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\zh-CN\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\zh-CN\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\zh-TW\pagehacker.dtd
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\locale\zh-TW\pagehacker.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\skin\button.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\skin\icon.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\chrome\skin\pagehacker.css
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\pagehacker-nico@nc\install.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\datastore\cache.sqlite
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome.manifest
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\about.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\about.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\bindings.xml
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\button-bindings.xml
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\cache.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\constants.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\core.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\custom-command-listener.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\dynamic-button-manager.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\dynamic-button.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\events.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\feeds.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\http-headers.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\issigned.exe
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\json.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\lifecycle.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\listeners.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\locale.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\logger.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\network.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\newtab-manager.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\newtab-overlay.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\newtab.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\newtab.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\notification-popup-controller.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\notification-popup-ff3.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\notification-popup.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\notification.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\observer.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\options.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\options.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\preferences.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\prefetch.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\ss-popup-bindings.xml
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\suggestions.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\update.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\updateRdf.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\utilities.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\webframe-bindings.xml
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\webframe-manager.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\widget-controller.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\widget-popup.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\content\widgets.js
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\abc.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\amazon_16x.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\as.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\b-p.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\b.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\bbc_news.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\beppe_grillo.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\bg.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\bild.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\bl-pbl.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\bl-pbr.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\bl.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\blogs.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\br-pbl.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\br-pbr.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\br.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\business.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\businessRU.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\celebrity.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\close.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\cnn_16x.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\corriere_della_sera.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\dictionary.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\el_mundo.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\email_16x.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\expansion.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\facebook_16x.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\film1.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\folha.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\ft.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\ftd.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\g1.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\games_16x.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\gazzetta_dello_sport.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\globe_18x.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\gripper.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\highlighter_off.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\highlighter_on.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\history.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\hola.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\chevron.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\images.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\kicker.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\l.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\labels-de.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\labels-en.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\labels-es.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\labels-fr.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\labels-it.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\labels-nl.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\labels-pt.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\labels-ru.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\laposte.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\lemonde.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\lequipe.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\libero_it.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\links-BR.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\links-DE.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\links-ES.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\links-EU.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\links-FR.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\links-IT.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\links-NL.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\links-RU.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\links-UK.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\links-US.properties
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\logo_32x32.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\magnify_search.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\maps.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\mtv.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\news.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\newsNL.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\newsRU.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\newtab.css
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\newtab_bkg.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\newtab_search_bkg.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\notification.css
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\oglobo.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\orkut.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\personas.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\preferences.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\r.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\radiodigital.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_ask.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_ask_de.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_ask_es.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_ask_fr.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_ask_it.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_ask_nl.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pl.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pt.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_ask_ru.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_cobrand.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_current_site.png

[guest]

Log CF-2:
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_de.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_es.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_fr.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_grey_73x24.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_it.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_nl.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_pl.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_pt.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\search_ru.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\shopping.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\sports.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\sportsNL.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\sportsRU.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\stocks.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\t-p.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\t.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\terra.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\titlebar_bg.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\tl-ptl.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\tl-ptr.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\tl.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\toolbar.css
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\toolbar.xul
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\tr-ptl.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\tr-ptr.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\tr.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\tv.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\tv_movie_de.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\uol.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\vk.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\voici_16x.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\weather.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\web.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\wordoftheday_16x.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\youtube_16x.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\skin\zoomall.png
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-27-May-2011-18-58-38-GMT\ff-config.zip
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-04-Apr-2011-17-11-09-GMT\ff-config.zip
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-03-May-2011-09-09-19-GMT\ff-config.zip
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\install.rdf
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\logs\asktb-log-1301137364663.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\logs\asktb-log-1301937064726.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\logs\asktb-log-1301937086244.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\logs\asktb-log-1302890700541.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\logs\asktb-log-1304413758268.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\logs\asktb-log-1304413814922.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\logs\asktb-log-1304413921574.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\logs\asktb-log-1304417499574.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\logs\asktb-log-1306522717168.html
c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\extensions\toolbar@ask.com\searchplugins\askcom.xml
c:\program files\HomeKeylogger
c:\program files\HomeKeylogger\KeyLog.txt
c:\windows\system32\drivers\ShredderDriver32.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ShredderVolumeDriver
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-09 do 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-08 09:37 . 2011-06-08 09:37 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2011-06-08 08:34 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-08 08:34 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-08 08:34 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-08 08:34 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-08 08:34 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-08 08:34 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-08 08:34 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-08 08:34 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-08 08:33 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-08 08:33 . 2011-06-08 08:33 -------- d-----w- c:\program files\AVAST Software
2011-06-08 08:33 . 2011-06-08 08:33 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2011-06-07 10:09 . 2011-06-07 10:10 -------- d-----w- c:\program files\CCleaner
2011-06-07 09:14 . 2011-06-08 10:28 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Smarty Uninstaller
2011-06-07 09:13 . 2011-04-25 08:25 4603616 ----a-w- c:\windows\system32\DevComponents.DotNetBar2.dll
2011-06-07 09:13 . 2011-06-07 09:14 -------- d-----w- c:\program files\Smarty Uninstaller
2011-06-06 08:35 . 2011-06-06 08:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SystemKey
2011-06-03 08:52 . 2011-06-03 08:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Abelssoft
2011-06-03 08:52 . 2011-06-03 08:52 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Abelssoft
2011-06-03 08:45 . 2011-06-03 08:45 -------- d-----w- c:\program files\FileWing
2011-06-01 16:55 . 2009-03-26 23:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2011-06-01 16:55 . 2011-06-01 16:55 -------- d-----w- c:\program files\CPUID
2011-05-31 08:28 . 2011-05-31 08:28 -------- d-----w- c:\program files\Common Files\Chameleon Manager
2011-05-30 14:46 . 2011-05-30 14:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\QuickStores
2011-05-26 18:54 . 2011-05-26 18:54 -------- d-----w- c:\documents and settings\Administrator\Qonverter
2011-05-24 07:00 . 2011-05-24 07:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 11:03 . 2011-05-10 11:07 -------- d-----w- c:\program files\ICQ7.5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2010-09-09 15:25 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-09-09 15:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:10 . 2011-02-25 11:27 40112 ----a-w- c:\windows\avastSS.scr
2009-05-20 21:29 . 2009-05-20 21:29 1822848 ----a-w- c:\program files\instmsiw.exe
2009-05-20 21:29 . 2009-05-20 21:29 1709160 ----a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-08_12.57.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-09 08:56 . 2011-06-09 08:56 16384 c:\windows\Temp\Perflib_Perfdata_8d4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Matrox PowerDesk SE"="c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2010-02-11 4246784]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"HD Tune"="c:\progra~1\HDTUNE~1\HDTune.exe" [2008-02-09 401408]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"SystemKey"="c:\documents and settings\All Users\Data aplikací\SystemKey\SystemKey.dll" [2006-04-07 339968]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Timer Wizard.lnk - c:\program files\Timer Wizard\Timer Wizard.exe [2005-6-5 225280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:Active@ SMART Monitor
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8.6.2011 10:34 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.6.2011 10:34 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.6.2011 10:34 19544]
R2 Matrox Centering Service;Matrox Centering Service;c:\program files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [11.2.2010 16:48 1266944]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [11.2.2010 16:48 344832]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.7.2010 2:45 35088]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [19.11.2010 17:27 27632]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [18.5.2010 16:01 493032]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2.11.2010 10:07 364544]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [19.11.2010 17:25 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [19.11.2010 17:25 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [19.11.2010 17:25 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [19.11.2010 17:26 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [19.11.2010 17:25 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [19.11.2010 17:25 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [19.11.2010 17:26 115752]
.
.
------- Doplňkový sken -------
.
mSearch Bar = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 212.20.67.99
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\i4ftlo3y.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-09 10:58
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1229272821-1960408961-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,9a,13,6a,40,b4,94,4e,bf,cb,53,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8a,9a,13,6a,40,b4,94,4e,bf,cb,53,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3136)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\mgabg.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\AVAST Software\Avast\setup\avast.setup
.
**************************************************************************
.
Celkový čas: 2011-06-09 11:03:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-09 09:03
ComboFix2.txt 2011-06-08 15:48
ComboFix3.txt 2011-06-08 13:07
.
Před spuštěním: Volných bajtů: 131 697 623 040
Po spuštění: Volných bajtů: 131 595 902 976
.
- - End Of File - - E4A58D7BA8542D4F74362B38A8E88D27
Nahr nˇ probŘhlo ŁspŘçnŘ