) protože kolonka je šedivá. Není to pro mě zas až tak extra problém a bůhví jak dlouho už to tam mám, ale zajímalo by mě, jestli to jde nějak dát do původního stavu.Dík předem za rady
složka Program Files je skrytá
složka Program Files je skrytá
Ahoj lidičky, mám tady trochu netradiční problém. Zjistil jsem, že mám složku Program Files s atributem skryté a že ji nejde "odkrýt" (nebo jak to mám napsat ) protože kolonka je šedivá. Není to pro mě zas až tak extra problém a bůhví jak dlouho už to tam mám, ale zajímalo by mě, jestli to jde nějak dát do původního stavu.
Dík předem za rady
) protože kolonka je šedivá. Není to pro mě zas až tak extra problém a bůhví jak dlouho už to tam mám, ale zajímalo by mě, jestli to jde nějak dát do původního stavu.Dík předem za rady
GeForce 8800GT, ATI Radeon HD 5850, AMD Phenom II X4 955 (3,2Ghz), 4GB RAM (DDR3 1600Mhz), 1000 GB HDD (Samsung F1), M4A8TD EVO motherboard
-
alenka_v_říši_divů
- Level 6
- Příspěvky: 3201
- Registrován: únor 09
- Bydliště: Brno
- Pohlaví:
- Stav:
Offline
Re: složka Program Files je skrytá
Klikni na tu složku pravým ,dej vlastnosti a dej pryč fajfku v políčku "skrytý" ...
Re: složka Program Files je skrytá
jak jsem psal, nejde to, je neaktivní (šedivá)
GeForce 8800GT, ATI Radeon HD 5850, AMD Phenom II X4 955 (3,2Ghz), 4GB RAM (DDR3 1600Mhz), 1000 GB HDD (Samsung F1), M4A8TD EVO motherboard
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: složka Program Files je skrytá
Co máš za systém? Jaký má ta složka vlastnosti? Velikost, vytvoření.....
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: složka Program Files je skrytá
je to Program Files, takze vytvoreni pri zakoupeni PC = 2005. Velikost nejak 10 GB, vsechno se zda byt v normalu, az na tu kolonku skryte. Mam XP Pro SP3
GeForce 8800GT, ATI Radeon HD 5850, AMD Phenom II X4 955 (3,2Ghz), 4GB RAM (DDR3 1600Mhz), 1000 GB HDD (Samsung F1), M4A8TD EVO motherboard
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: složka Program Files je skrytá
Normálně by měla být viditelná. Schovat ji mohl některý spyware.
Zkus sem dál log z Hijackthis (z mého podpisu).
Zkus sem dál log z Hijackthis (z mého podpisu).
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: složka Program Files je skrytá
projel jsem to vším co mám (Avast!, spybot, ad-aware, superantispyware), tady je log
Logfile of HijackThis v1.99.1
Scan saved at 18:46:29, on 10.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Firefox\firefox.exe
D:\Install\Antimalware\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Duplicate File Cleaner\DuplicateFileCleaner.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Install\Antimalware\test.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz/?&Theme=dark_vader
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/?&Theme=dark_vader
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Firefox\firefox.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{38988F67-2A9C-422A-B940-77CCBEE463B3}: NameServer = 212.158.128.2,212.158.128.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FAH1 - Unknown owner - C:\FoldingAtHome1\srvany.exe (file missing)
O23 - Service: FAH2 - Unknown owner - C:\FoldingAtHome2\srvany.exe (file missing)
O23 - Service: FAH3 - Unknown owner - C:\FoldingAtHome3\srvany.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 18:46:29, on 10.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Firefox\firefox.exe
D:\Install\Antimalware\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Duplicate File Cleaner\DuplicateFileCleaner.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Install\Antimalware\test.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centrum.cz/?&Theme=dark_vader
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/?&Theme=dark_vader
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Firefox\firefox.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{38988F67-2A9C-422A-B940-77CCBEE463B3}: NameServer = 212.158.128.2,212.158.128.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FAH1 - Unknown owner - C:\FoldingAtHome1\srvany.exe (file missing)
O23 - Service: FAH2 - Unknown owner - C:\FoldingAtHome2\srvany.exe (file missing)
O23 - Service: FAH3 - Unknown owner - C:\FoldingAtHome3\srvany.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (file missing)
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing)
GeForce 8800GT, ATI Radeon HD 5850, AMD Phenom II X4 955 (3,2Ghz), 4GB RAM (DDR3 1600Mhz), 1000 GB HDD (Samsung F1), M4A8TD EVO motherboard
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: složka Program Files je skrytá
A toto winsys2.exe čo jééé???? 
Tam mám odkaz na verzi HJT 2.0.2, kde si stáhl verzi 1.99?
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: FAH1 - Unknown owner - C:\FoldingAtHome1\srvany.exe (file missing)
O23 - Service: FAH2 - Unknown owner - C:\FoldingAtHome2\srvany.exe (file missing)
O23 - Service: FAH3 - Unknown owner - C:\FoldingAtHome3\srvany.exe (file missing)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Zkus sem dál log z Hijackthis (z mého podpisu).
Tam mám odkaz na verzi HJT 2.0.2, kde si stáhl verzi 1.99?
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Install\Icq 5.1\ICQLite\ICQLite.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O11 - Options group: [TABS] Tabbed Browsing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: FAH1 - Unknown owner - C:\FoldingAtHome1\srvany.exe (file missing)
O23 - Service: FAH2 - Unknown owner - C:\FoldingAtHome2\srvany.exe (file missing)
O23 - Service: FAH3 - Unknown owner - C:\FoldingAtHome3\srvany.exe (file missing)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: složka Program Files je skrytá
hijackthis! uz jsem si stahnul davno. btdna znam, je to aplikace zlepsujici prenos dat pri sdileni v p2p sitich, takze to nefixnu. Zbytek byl uspesne fixnut.
tady je log:
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2591
Windows 5.1.2600 Service Pack 3
10.8.2009 19:30:28
mbam-log-2009-08-10 (19-30-11).txt
Typ skenu: Rychlý sken
Objektu skenováno: 116989
Uplynulý cas: 9 minute(s), 49 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 1
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{y2x5gdm7-12ck-y4k2-7646-72djdbgmxa27} (Generic.Bot.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> No action taken.
tady je log:
Malwarebytes' Anti-Malware 1.40
Verze databáze: 2591
Windows 5.1.2600 Service Pack 3
10.8.2009 19:30:28
mbam-log-2009-08-10 (19-30-11).txt
Typ skenu: Rychlý sken
Objektu skenováno: 116989
Uplynulý cas: 9 minute(s), 49 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 3
Infikované hodnoty registru: 1
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{y2x5gdm7-12ck-y4k2-7646-72djdbgmxa27} (Generic.Bot.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> No action taken.
GeForce 8800GT, ATI Radeon HD 5850, AMD Phenom II X4 955 (3,2Ghz), 4GB RAM (DDR3 1600Mhz), 1000 GB HDD (Samsung F1), M4A8TD EVO motherboard
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: složka Program Files je skrytá
Fixni to, nehledě na to, že soubor btdna.exe je spyware, není potřebné, aby se spouštěl při spuštění počítače.
HJT je Free, není nutné držet si starou verzi, navíc HJT 2.0.2 má lepší detekci.
(např. fixnutím tohoto: %windir%\Network Diagnostic\xpnetdiag.exe (file missing), údajně chybějícího, si zrušíš internet).
Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
HJT je Free, není nutné držet si starou verzi, navíc HJT 2.0.2 má lepší detekci.
(např. fixnutím tohoto: %windir%\Network Diagnostic\xpnetdiag.exe (file missing), údajně chybějícího, si zrušíš internet).
Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: složka Program Files je skrytá
tak...ComboFix 09-08-10.01 - Lukino 10.08.2009 20:04.1.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1588 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukino\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *enabled* {A990EAA7-8941-4621-BC27-4F16261D3180}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
?
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XPDX
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-10 do 2009-08-10 )))))))))))))))))))))))))))))))
.
2009-08-10 17:18 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 17:18 . 2009-08-10 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 17:18 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 17:14 . 2009-08-10 17:14 3942080 ----a-w- c:\program files\mbam-setup.exe
2009-08-06 18:12 . 2009-08-06 18:12 -------- d-----w- c:\program files\Common Files\BioWare
2009-08-05 18:24 . 2009-08-09 18:56 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-05 18:23 . 2009-08-09 18:56 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-05 18:23 . 2009-08-05 18:23 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-05 01:10 . 2009-08-05 01:10 -------- d-----w- c:\documents and settings\LocalService\Plocha
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 18:12 . 2007-08-24 09:36 -------- d-----w- c:\program files\Firefox
2009-08-10 15:48 . 2001-10-25 12:00 835892 ----a-w- c:\windows\system32\perfh005.dat
2009-08-10 15:48 . 2001-10-25 12:00 251374 ----a-w- c:\windows\system32\perfc005.dat
2009-08-10 10:38 . 2006-03-19 13:39 -------- d-----w- c:\program files\SpeedFan
2009-08-10 08:04 . 2006-03-19 13:30 -------- d-----w- c:\program files\InstallShield Installation Information
2009-08-08 17:04 . 2006-10-11 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-06 15:29 . 2008-02-24 07:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-03 16:59 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-08-17 13:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:11 . 2004-08-17 13:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 21:20 . 2009-05-29 21:16 5120 ----a-w- c:\windows\system32\BReWErS.dll
2009-05-29 20:03 . 2009-05-29 20:03 215144 ----a-w- c:\windows\patchw32.dll
2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-22 20:21 . 2008-08-05 15:06 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-22 20:21 . 2008-08-05 15:06 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2008-10-31 14:44 . 2008-10-31 14:44 3822770 ------w- c:\program files\MyPhoneExplorer_Setup_1.7.0.exe
2007-10-27 12:19 . 2008-09-01 15:18 24576 ------w- c:\program files\memtest.exe
2006-02-23 08:56 . 2006-02-23 08:56 15957 ------w- c:\program files\logs.dat
2003-11-03 15:07 . 2004-04-23 15:06 499712 ------w- c:\program files\msvcp71.dll
2003-11-03 15:07 . 2004-04-23 15:06 348160 ------w- c:\program files\msvcr71.dll
2003-05-30 07:22 . 2003-09-08 07:09 344064 ------r- c:\program files\msvcr70.dll
2002-01-05 01:40 . 2003-09-08 07:09 487424 ------w- c:\program files\msvcp70.dll
.
------- Sigcheck -------
[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2004-08-17 13:49 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 03:22 587776 581480DE9C65D6BD0552E35BF17379B2 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 03:22 587776 581480DE9C65D6BD0552E35BF17379B2 c:\windows\system32\user32.dll
[7] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\VistaMizer\old\user32.dll
[-] 2004-08-17 13:49 541696 96112B362A1F419384CE57E5D92C6267 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 c:\windows\system32\winlogon.exe
[7] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\VistaMizer\old\winlogon.exe
[-] 2008-04-14 03:22 1552384 B720487896E2D91DA23E59820F718E34 c:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1551872 3AC47EAC2BD0B93621B55DCD4C547956 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-17 13:49 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1552384 B720487896E2D91DA23E59820F718E34 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\VistaMizer\old\explorer.exe
[-] 2004-08-17 13:49 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\VistaMizer\old\ctfmon.exe
[-] 2004-08-17 13:49 1405440 B26D8B14BFA74CE9C3E3031DDA8DCB6B c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F c:\windows\system32\comres.dll
[7] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\VistaMizer\old\comres.dll
[-] 2006-08-25 15:51 724992 D40513CF64FB1BFDE53A1D346CB95299 c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-17 13:49 611328 876C658C44F2BF4AF050E5534A9F066F c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 03:21 724992 92FAE100B7A31616DEBF6F91175000AA c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 03:21 724992 92FAE100B7A31616DEBF6F91175000AA c:\windows\system32\comctl32.dll
[7] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\VistaMizer\old\comctl32.dll
[7] 2001-10-25 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\InstallTemp\46629\comctl32.dll
[7] 2001-10-25 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-17 13:48 1050624 F76B3003366A205E05AFC0D034C7D3E9 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:51 1054208 6CB1BAC5FA7E692B63C3D5AAA348E76A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2008-04-14 03:07 1054208 D7B7AE36A2EBA312AC4B53862019B3F5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 195584]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]
c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]
c:\documents and settings\host\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hotkeys.lnk - c:\program files\AutoCAD 2005\Hotkeys Marie\HOTKEYS.EXE [2006-3-20 40448]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]
c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]
c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\install\Antimalware\SUPERAntiSpyware\SASSEH.DLL" [2009-03-15 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCIA"=2 (0x2)
"PnkBstrA"=2 (0x2)
"HDDTService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"CHotkey"=mHotkey.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Install\\Games\\CoD5\\CoDWaWmp.exe"=
"d:\\Install\\Games\\CoD5\\CoDWaW.exe"=
"d:\\Install\\Pinnacle\\Programs\\RM.exe"=
"d:\\Install\\Pinnacle\\Programs\\Studio.exe"=
"d:\\Install\\Pinnacle\\Programs\\umi.exe"=
"d:\\Install\\Games\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Documents and Settings\\host\\Local Settings\\Data aplikací\\Skype\\Phone\\Skype.exe"=
"d:\\Install\\Games\\Mirrors edge\\Binaries\\MirrorsEdge.exe"=
"d:\\Install\\Games\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Install\\Games\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Install\\Games\\Company of heroes - Tales of Valor\\RelicCOH.exe"=
"d:\\Install\\Games\\Company of heroes - Tales of Valor\\RelicDownloader\\RelicDownloader.exe"=
"d:\\Install\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Install\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"d:\\Install\\Games\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"d:\\Install\\Games\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Install\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12135:TCP"= 12135:TCP:BitComet 12135 TCP
"12135:UDP"= 12135:UDP:BitComet 12135 UDP
"15404:TCP"= 15404:TCP:BitComet 15404 TCP
"15404:UDP"= 15404:UDP:BitComet 15404 UDP
"26740:TCP"= 26740:TCP:BitComet 26740 TCP
"26740:UDP"= 26740:UDP:BitComet 26740 UDP
"16986:TCP"= 16986:TCP:BitComet 16986 TCP
"16986:UDP"= 16986:UDP:BitComet 16986 UDP
"26465:TCP"= 26465:TCP:BitComet 26465 TCP
"26465:UDP"= 26465:UDP:BitComet 26465 UDP
"22901:TCP"= 22901:TCP:BitComet 22901 TCP
"22901:UDP"= 22901:UDP:BitComet 22901 UDP
"16881:TCP"= 16881:TCP:BitComet 16881 TCP
"16881:UDP"= 16881:UDP:BitComet 16881 UDP
"54654:TCP"= 54654:TCP:BitComet 54654 TCP
"54654:UDP"= 54654:UDP:BitComet 54654 UDP
"59999:TCP"= 59999:TCP:BitComet 59999 TCP
"59999:UDP"= 59999:UDP:BitComet 59999 UDP
"10601:TCP"= 10601:TCP:BitComet 10601 TCP
"10601:UDP"= 10601:UDP:BitComet 10601 UDP
"22144:TCP"= 22144:TCP:BitComet 22144 TCP
"22144:UDP"= 22144:UDP:BitComet 22144 UDP
"19629:TCP"= 19629:TCP:BitComet 19629 TCP
"19629:UDP"= 19629:UDP:BitComet 19629 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30.3.2008 16:48 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [21.6.2005 10:51 270336]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [30.5.2005 9:32 53248]
R1 SASDIFSV;SASDIFSV;d:\install\Antimalware\SUPERAntiSpyware\SASDIFSV.SYS [7.6.2007 20:59 9968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.3.2008 16:48 20560]
S1 SASKUTIL;SASKUTIL;\??\e:\install\Antimalware\SUPERAntiSpyware\SASKUTIL.sys --> e:\install\Antimalware\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [31.10.2008 16:01 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [31.10.2008 16:01 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [31.10.2008 16:01 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [31.10.2008 16:01 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [31.10.2008 16:01 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [31.10.2008 16:01 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [31.10.2008 16:01 110120]
S3 SASENUM;SASENUM;\??\e:\install\Antimalware\SUPERAntiSpyware\SASENUM.SYS --> e:\install\Antimalware\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 FAH1;FAH1;c:\foldingathome1\srvany.exe --> c:\foldingathome1\srvany.exe [?]
S4 FAH2;FAH2;c:\foldingathome2\srvany.exe --> c:\foldingathome2\srvany.exe [?]
S4 FAH3;FAH3;c:\foldingathome3\srvany.exe --> c:\foldingathome3\srvany.exe [?]
S4 HDDTService;HDD Temperature;c:\program files\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService --> c:\program files\PalickSoft\HDD Temperature\HDDTSvc.exe [?]
S4 SCIA;SCIA;c:\scialm\Lmgrd.exe [22.4.2009 17:36 974848]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-08-09 c:\windows\Tasks\User_Feed_Synchronization-{CE4E8C96-B416-4EE4-804C-0D25675C85B0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKLM-Explorer_Run-admin - c:\program files\server.exe
HKCU-Explorer_Run-admin - c:\program files\server.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/?&Theme=dark_vader
uSearchMigratedDefaultURL = hxxp://www.atlas.cz/search.asp?mssrch=~ ... =ms&query={searchTerms}
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {38988F67-2A9C-422A-B940-77CCBEE463B3} = 212.158.128.2,212.158.128.3
FF - ProfilePath - c:\documents and settings\Lukino\Data aplikací\Mozilla\Firefox\Profiles\xsmfn3bx.default\
FF - prefs.js: browser.search.selectedEngine - KickassTorrents
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/?&Theme=dark_vader
FF - plugin: c:\program files\Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 20:12
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\_av_proI.tm~a01088
c:\windows\TEMP\_av_proI.tm~a01088\setup.lok 0 bytes
sken byl úspešně dokončen
skryté soubory: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDDTService]
"ImagePath"="c:\program files\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1960408961-261903793-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1960408961-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EF3FA809-6BC9-E8E2-E7F7-E6CAE2B3B208}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"gaghjfjiboodkf"=hex:63,61,67,64,70,6d,00,7e
[HKEY_USERS\S-1-5-21-1960408961-261903793-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:a0,9d,17,07,65,c2,3a,d5,5f,c0,e0,cc,79,20,12,e2,0d,94,2e,0b,64,
b1,9f,de,39,5d,89,5a,3a,80,7e,1f,ef,b5,6f,7b,e3,48,f3,ae,12,a7,6e,a0,51,1f,\
"rkeysecu"=hex:43,f3,aa,9f,21,6c,4b,dd,45,a2,00,f9,87,61,78,b2
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,b5,59,9b,e2,1e,
97,59,6c,e2,63,26,f1,3f,c8,ff,68,c2,af,e6,c5,53,a8,ac,e0,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,e0,96,93,06,26,
b0,58,ea,6a,9c,d6,61,af,45,84,18,d3,c0,25,07,12,5b,a2,a8,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,cb,22,12,a5,5a,
bb,f4,3a,ff,7c,85,e0,43,d4,0e,fe,08,7b,eb,7b,fc,64,ff,87,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,21,ca,d5,f0,24,
63,d6,9e,86,8c,21,01,be,91,eb,e7,e0,ee,a2,e1,5e,1c,4e,2d,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,34,0b,1e,a7,e1,
7b,b8,05,f5,1d,4d,73,a8,13,5c,05,c5,65,73,fc,04,25,a6,6c,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,67,97,69,94,00,
34,e7,b2,df,20,58,62,78,6b,cf,c8,9c,5b,09,e2,b4,9d,c1,78,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,21,36,02,d3,58,
18,27,72,fb,a7,78,e6,12,2f,9a,ea,a7,98,09,81,03,2d,2f,a3,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,84,89,41,ab,6b,
77,37,d4,01,3a,48,fc,e8,04,4a,f1,5b,4d,cf,79,e4,ea,b5,74,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,05,68,11,dd,db,
e7,07,5f,f6,0f,4e,58,98,5b,89,c9,87,c0,80,58,c0,92,50,01,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,26,40,76,9d,a2,
04,68,7e,3d,ce,ea,26,2d,45,aa,78,85,c5,09,5a,0c,e9,08,c8,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,91,b6,2d,5e,b7,
35,35,6b,2a,b7,cc,b5,b9,7f,41,e7,7a,3f,2e,44,ad,ae,7d,e5,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,62,99,11,55,bf,
d4,6e,28,6c,43,2d,1e,aa,22,2f,9c,d5,76,8b,10,0c,7f,a2,0d,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="255810:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"
[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2454686:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install*Loc\VxDs]
@DACL=
"DefaultSettings"="-19:{3C7DA433-1047-9FC4-00BA-978A09424856}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{1C8B2B24-1BFF-41F2-B787-0C64B794365B}\Version 1.1]
@DACL=
"dat"="806585365:{65A52A06-1573-7F01-7364-8D6C30AE8600}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="B40ED03F2130EBB30777678EC1B3ED3E078E64AF79A4AC5B94092414D13E58C581589B754FE3FC3F62B640A109506CC2F1F67B98D19842070339307474F769D4825957AD00F5C4AA8E3B9E219C52D63310E424EC7C49030675E1BCA252205BC1F083473BDB097E69CD60166B0151079F4EB3653B75648B27A2855FF5FD182937E91DB463B153A5244650C253DA779BCDF99749035D283A6AA0FAB3BC325593956FC3EB5FF39E7C36820D40A1778575B8C895DFB776EA3288EEEBDAB8C9609FEE6566BC5DB64A0733F0EA318FC3CD3C0C5186BA412913DAEB6BD8F71C4856148C16C97E01B5C68F5C65FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A9C6AECB7A5D1407C038D530D6EB345261301FC80FB452430466E6F4CBF2A2EFCBA481F4F0D9A1B04FD03685153C15E7BE58CAB668EDD88D9C820174961DBFFDC25B61A0F9C6C9E3C0A4DC3D952F29A1FC64B42A6BF415DCB4F0356D1C2FEC893D23488A54983190A481CD7211D04602131049FC2DAA8554061F5EF04489263C5A3A1C9DDF52708A21959C897D65C0A2CB1A6BAB57325EF7A3FCCA358E519DA38E6139E710B8558AAF924F896173250646C76ED7A7F286B06E7FBB130CF036B3235F6D9D6CD760A99DAFE31FDA46308FF4609C45EE1A9ACD9F9E688AE4930942357CFB9410FC48E78CA7C91919EC55891EAE31DC1298E97F42D7793D522CE18935089BC829B977AAF23AE56CE1BBBB9D5D83DE2D8B22765B37AB0DEF226E4328E7D278D77DE388361A280E300BC83DDE2131CA64E62DF95BB09EB50C3854DF9F6532318561174FB8A0B910A081EEE73FAC100C5AC6F7DDDB3738F921899A22D79C0057394231D1BF7738AC1F474DFE1916FCB185DF81C29E2708D2DF9FC2A4994B1A74FC9D53474065F296ACEEC7F827C755BC05FA0FFC49301B2E9F9B913894886202FE09E49E9002BD75F3A2857F8B827E2017772792E5D588EF58AC90E1DABB3D6E93A91079EA3DECE5BE1C71F2C9D6DE47234496C060EF68EBA91B8D5A6323169DB1BB41AD7158DC787E2DBAE34AAC628EB1E7EE740B2958ECD33F188D07CDD967F28EABC326E86B30C539D49959BDF9456EFA81539B02F632BE0A869C06A179969606C57970D77B85CD3A768EA79A18B2AAABE9352A4F69EBF27B71DB0157EB6880984A411CE4736471BA1AF1C924348EDB3A8123363859C09DABB6D300FBA912B6D0B5BED720BEADB0DB00A53793CA079AFC695F9E38734B9243F5406BEE31B8E5CF4BCC37EFCAB530D12BC04D71DB3BA35C065C2B9EE6194781169314E60378D947907A338E0BC1B7E4620C4C1C69C1D7D57FC0048F6A2C54B740F0AAEA266087FDD086A489F690B2703108D8C87C243CFA41E9"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2454707:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{1C8B2B24-1BFF-41F2-B787-0C64B794365B}\Version 3.x]
@DACL=
"dat"="1767914624:{C76D69BA-78C8-3119-2789-756F7965B2FE}"
[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{43FBA8EE-48DF-E9BF-BC67-504E5571365A}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923715162:{15BF8DA0-49AC-0072-6FC9-15B39B36BBFB}"
[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{FB376CFE-4CF6-E213-C52D-0E0D7FCD218F}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234522510:{1049BFB7-CB96-805D-2465-86C75EE81941}"
[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="0:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{B08ECCAD-FEC0-A273-8DFD-B47BE795EE25}]
@DACL=
"DefaultSettings"="19:{5351C505-4E6C-6ECA-E5BD-7AE84A571B0A}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(1256)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-10 20:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-10 18:17
Před spuštěním: Volných bajtů: 10 970 443 776
Po spuštění: Volných bajtů: 11 589 259 264
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
479 --- E O F --- 2009-08-06 15:35
smazal jsem i btdna, jak si chtěl. Co se týče HJT, vím že je zdarma, spíš jsem na to jaksi zapomněl... na jeho aktualizování ps. Program Files je stále skryto bez možnosti odkrytí
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1588 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukino\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *enabled* {A990EAA7-8941-4621-BC27-4F16261D3180}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
?
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XPDX
((((((((((((((((((((((((( Soubory vytvořené od 2009-07-10 do 2009-08-10 )))))))))))))))))))))))))))))))
.
2009-08-10 17:18 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 17:18 . 2009-08-10 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 17:18 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 17:14 . 2009-08-10 17:14 3942080 ----a-w- c:\program files\mbam-setup.exe
2009-08-06 18:12 . 2009-08-06 18:12 -------- d-----w- c:\program files\Common Files\BioWare
2009-08-05 18:24 . 2009-08-09 18:56 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-05 18:23 . 2009-08-09 18:56 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-05 18:23 . 2009-08-05 18:23 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-05 01:10 . 2009-08-05 01:10 -------- d-----w- c:\documents and settings\LocalService\Plocha
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 18:12 . 2007-08-24 09:36 -------- d-----w- c:\program files\Firefox
2009-08-10 15:48 . 2001-10-25 12:00 835892 ----a-w- c:\windows\system32\perfh005.dat
2009-08-10 15:48 . 2001-10-25 12:00 251374 ----a-w- c:\windows\system32\perfc005.dat
2009-08-10 10:38 . 2006-03-19 13:39 -------- d-----w- c:\program files\SpeedFan
2009-08-10 08:04 . 2006-03-19 13:30 -------- d-----w- c:\program files\InstallShield Installation Information
2009-08-08 17:04 . 2006-10-11 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-06 15:29 . 2008-02-24 07:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-03 16:59 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-08-17 13:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:11 . 2004-08-17 13:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 21:20 . 2009-05-29 21:16 5120 ----a-w- c:\windows\system32\BReWErS.dll
2009-05-29 20:03 . 2009-05-29 20:03 215144 ----a-w- c:\windows\patchw32.dll
2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-22 20:21 . 2008-08-05 15:06 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-22 20:21 . 2008-08-05 15:06 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2008-10-31 14:44 . 2008-10-31 14:44 3822770 ------w- c:\program files\MyPhoneExplorer_Setup_1.7.0.exe
2007-10-27 12:19 . 2008-09-01 15:18 24576 ------w- c:\program files\memtest.exe
2006-02-23 08:56 . 2006-02-23 08:56 15957 ------w- c:\program files\logs.dat
2003-11-03 15:07 . 2004-04-23 15:06 499712 ------w- c:\program files\msvcp71.dll
2003-11-03 15:07 . 2004-04-23 15:06 348160 ------w- c:\program files\msvcr71.dll
2003-05-30 07:22 . 2003-09-08 07:09 344064 ------r- c:\program files\msvcr70.dll
2002-01-05 01:40 . 2003-09-08 07:09 487424 ------w- c:\program files\msvcp70.dll
.
------- Sigcheck -------
[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2004-08-17 13:49 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 03:22 587776 581480DE9C65D6BD0552E35BF17379B2 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 03:22 587776 581480DE9C65D6BD0552E35BF17379B2 c:\windows\system32\user32.dll
[7] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\VistaMizer\old\user32.dll
[-] 2004-08-17 13:49 541696 96112B362A1F419384CE57E5D92C6267 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 c:\windows\system32\winlogon.exe
[7] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\VistaMizer\old\winlogon.exe
[-] 2008-04-14 03:22 1552384 B720487896E2D91DA23E59820F718E34 c:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1551872 3AC47EAC2BD0B93621B55DCD4C547956 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-17 13:49 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1552384 B720487896E2D91DA23E59820F718E34 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\VistaMizer\old\explorer.exe
[-] 2004-08-17 13:49 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\VistaMizer\old\ctfmon.exe
[-] 2004-08-17 13:49 1405440 B26D8B14BFA74CE9C3E3031DDA8DCB6B c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F c:\windows\system32\comres.dll
[7] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\VistaMizer\old\comres.dll
[-] 2006-08-25 15:51 724992 D40513CF64FB1BFDE53A1D346CB95299 c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-17 13:49 611328 876C658C44F2BF4AF050E5534A9F066F c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 03:21 724992 92FAE100B7A31616DEBF6F91175000AA c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 03:21 724992 92FAE100B7A31616DEBF6F91175000AA c:\windows\system32\comctl32.dll
[7] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\VistaMizer\old\comctl32.dll
[7] 2001-10-25 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\InstallTemp\46629\comctl32.dll
[7] 2001-10-25 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-17 13:48 1050624 F76B3003366A205E05AFC0D034C7D3E9 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:51 1054208 6CB1BAC5FA7E692B63C3D5AAA348E76A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2008-04-14 03:07 1054208 D7B7AE36A2EBA312AC4B53862019B3F5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 195584]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]
c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]
c:\documents and settings\host\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hotkeys.lnk - c:\program files\AutoCAD 2005\Hotkeys Marie\HOTKEYS.EXE [2006-3-20 40448]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]
c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]
c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 1 (0x1)
"SynchronousUserGroupPolicy"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\install\Antimalware\SUPERAntiSpyware\SASSEH.DLL" [2009-03-15 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCIA"=2 (0x2)
"PnkBstrA"=2 (0x2)
"HDDTService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"CHotkey"=mHotkey.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Install\\Games\\CoD5\\CoDWaWmp.exe"=
"d:\\Install\\Games\\CoD5\\CoDWaW.exe"=
"d:\\Install\\Pinnacle\\Programs\\RM.exe"=
"d:\\Install\\Pinnacle\\Programs\\Studio.exe"=
"d:\\Install\\Pinnacle\\Programs\\umi.exe"=
"d:\\Install\\Games\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Documents and Settings\\host\\Local Settings\\Data aplikací\\Skype\\Phone\\Skype.exe"=
"d:\\Install\\Games\\Mirrors edge\\Binaries\\MirrorsEdge.exe"=
"d:\\Install\\Games\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Install\\Games\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Install\\Games\\Company of heroes - Tales of Valor\\RelicCOH.exe"=
"d:\\Install\\Games\\Company of heroes - Tales of Valor\\RelicDownloader\\RelicDownloader.exe"=
"d:\\Install\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Install\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"d:\\Install\\Games\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"d:\\Install\\Games\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Install\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12135:TCP"= 12135:TCP:BitComet 12135 TCP
"12135:UDP"= 12135:UDP:BitComet 12135 UDP
"15404:TCP"= 15404:TCP:BitComet 15404 TCP
"15404:UDP"= 15404:UDP:BitComet 15404 UDP
"26740:TCP"= 26740:TCP:BitComet 26740 TCP
"26740:UDP"= 26740:UDP:BitComet 26740 UDP
"16986:TCP"= 16986:TCP:BitComet 16986 TCP
"16986:UDP"= 16986:UDP:BitComet 16986 UDP
"26465:TCP"= 26465:TCP:BitComet 26465 TCP
"26465:UDP"= 26465:UDP:BitComet 26465 UDP
"22901:TCP"= 22901:TCP:BitComet 22901 TCP
"22901:UDP"= 22901:UDP:BitComet 22901 UDP
"16881:TCP"= 16881:TCP:BitComet 16881 TCP
"16881:UDP"= 16881:UDP:BitComet 16881 UDP
"54654:TCP"= 54654:TCP:BitComet 54654 TCP
"54654:UDP"= 54654:UDP:BitComet 54654 UDP
"59999:TCP"= 59999:TCP:BitComet 59999 TCP
"59999:UDP"= 59999:UDP:BitComet 59999 UDP
"10601:TCP"= 10601:TCP:BitComet 10601 TCP
"10601:UDP"= 10601:UDP:BitComet 10601 UDP
"22144:TCP"= 22144:TCP:BitComet 22144 TCP
"22144:UDP"= 22144:UDP:BitComet 22144 UDP
"19629:TCP"= 19629:TCP:BitComet 19629 TCP
"19629:UDP"= 19629:UDP:BitComet 19629 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30.3.2008 16:48 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [21.6.2005 10:51 270336]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [30.5.2005 9:32 53248]
R1 SASDIFSV;SASDIFSV;d:\install\Antimalware\SUPERAntiSpyware\SASDIFSV.SYS [7.6.2007 20:59 9968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.3.2008 16:48 20560]
S1 SASKUTIL;SASKUTIL;\??\e:\install\Antimalware\SUPERAntiSpyware\SASKUTIL.sys --> e:\install\Antimalware\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [31.10.2008 16:01 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [31.10.2008 16:01 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [31.10.2008 16:01 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [31.10.2008 16:01 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [31.10.2008 16:01 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [31.10.2008 16:01 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [31.10.2008 16:01 110120]
S3 SASENUM;SASENUM;\??\e:\install\Antimalware\SUPERAntiSpyware\SASENUM.SYS --> e:\install\Antimalware\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 FAH1;FAH1;c:\foldingathome1\srvany.exe --> c:\foldingathome1\srvany.exe [?]
S4 FAH2;FAH2;c:\foldingathome2\srvany.exe --> c:\foldingathome2\srvany.exe [?]
S4 FAH3;FAH3;c:\foldingathome3\srvany.exe --> c:\foldingathome3\srvany.exe [?]
S4 HDDTService;HDD Temperature;c:\program files\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService --> c:\program files\PalickSoft\HDD Temperature\HDDTSvc.exe [?]
S4 SCIA;SCIA;c:\scialm\Lmgrd.exe [22.4.2009 17:36 974848]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'
2009-08-09 c:\windows\Tasks\User_Feed_Synchronization-{CE4E8C96-B416-4EE4-804C-0D25675C85B0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKLM-Explorer_Run-admin - c:\program files\server.exe
HKCU-Explorer_Run-admin - c:\program files\server.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/?&Theme=dark_vader
uSearchMigratedDefaultURL = hxxp://www.atlas.cz/search.asp?mssrch=~ ... =ms&query={searchTerms}
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {38988F67-2A9C-422A-B940-77CCBEE463B3} = 212.158.128.2,212.158.128.3
FF - ProfilePath - c:\documents and settings\Lukino\Data aplikací\Mozilla\Firefox\Profiles\xsmfn3bx.default\
FF - prefs.js: browser.search.selectedEngine - KickassTorrents
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/?&Theme=dark_vader
FF - plugin: c:\program files\Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 20:12
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\TEMP\_av_proI.tm~a01088
c:\windows\TEMP\_av_proI.tm~a01088\setup.lok 0 bytes
sken byl úspešně dokončen
skryté soubory: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDDTService]
"ImagePath"="c:\program files\PalickSoft\HDD Temperature\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1960408961-261903793-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1960408961-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EF3FA809-6BC9-E8E2-E7F7-E6CAE2B3B208}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"gaghjfjiboodkf"=hex:63,61,67,64,70,6d,00,7e
[HKEY_USERS\S-1-5-21-1960408961-261903793-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:a0,9d,17,07,65,c2,3a,d5,5f,c0,e0,cc,79,20,12,e2,0d,94,2e,0b,64,
b1,9f,de,39,5d,89,5a,3a,80,7e,1f,ef,b5,6f,7b,e3,48,f3,ae,12,a7,6e,a0,51,1f,\
"rkeysecu"=hex:43,f3,aa,9f,21,6c,4b,dd,45,a2,00,f9,87,61,78,b2
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,b5,59,9b,e2,1e,
97,59,6c,e2,63,26,f1,3f,c8,ff,68,c2,af,e6,c5,53,a8,ac,e0,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,e0,96,93,06,26,
b0,58,ea,6a,9c,d6,61,af,45,84,18,d3,c0,25,07,12,5b,a2,a8,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,cb,22,12,a5,5a,
bb,f4,3a,ff,7c,85,e0,43,d4,0e,fe,08,7b,eb,7b,fc,64,ff,87,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,21,ca,d5,f0,24,
63,d6,9e,86,8c,21,01,be,91,eb,e7,e0,ee,a2,e1,5e,1c,4e,2d,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,34,0b,1e,a7,e1,
7b,b8,05,f5,1d,4d,73,a8,13,5c,05,c5,65,73,fc,04,25,a6,6c,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,67,97,69,94,00,
34,e7,b2,df,20,58,62,78,6b,cf,c8,9c,5b,09,e2,b4,9d,c1,78,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,21,36,02,d3,58,
18,27,72,fb,a7,78,e6,12,2f,9a,ea,a7,98,09,81,03,2d,2f,a3,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,84,89,41,ab,6b,
77,37,d4,01,3a,48,fc,e8,04,4a,f1,5b,4d,cf,79,e4,ea,b5,74,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,05,68,11,dd,db,
e7,07,5f,f6,0f,4e,58,98,5b,89,c9,87,c0,80,58,c0,92,50,01,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,26,40,76,9d,a2,
04,68,7e,3d,ce,ea,26,2d,45,aa,78,85,c5,09,5a,0c,e9,08,c8,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,91,b6,2d,5e,b7,
35,35,6b,2a,b7,cc,b5,b9,7f,41,e7,7a,3f,2e,44,ad,ae,7d,e5,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,62,99,11,55,bf,
d4,6e,28,6c,43,2d,1e,aa,22,2f,9c,d5,76,8b,10,0c,7f,a2,0d,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="255810:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"
[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2454686:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install*Loc\VxDs]
@DACL=
"DefaultSettings"="-19:{3C7DA433-1047-9FC4-00BA-978A09424856}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{1C8B2B24-1BFF-41F2-B787-0C64B794365B}\Version 1.1]
@DACL=
"dat"="806585365:{65A52A06-1573-7F01-7364-8D6C30AE8600}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="B40ED03F2130EBB30777678EC1B3ED3E078E64AF79A4AC5B94092414D13E58C581589B754FE3FC3F62B640A109506CC2F1F67B98D19842070339307474F769D4825957AD00F5C4AA8E3B9E219C52D63310E424EC7C49030675E1BCA252205BC1F083473BDB097E69CD60166B0151079F4EB3653B75648B27A2855FF5FD182937E91DB463B153A5244650C253DA779BCDF99749035D283A6AA0FAB3BC325593956FC3EB5FF39E7C36820D40A1778575B8C895DFB776EA3288EEEBDAB8C9609FEE6566BC5DB64A0733F0EA318FC3CD3C0C5186BA412913DAEB6BD8F71C4856148C16C97E01B5C68F5C65FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A9C6AECB7A5D1407C038D530D6EB345261301FC80FB452430466E6F4CBF2A2EFCBA481F4F0D9A1B04FD03685153C15E7BE58CAB668EDD88D9C820174961DBFFDC25B61A0F9C6C9E3C0A4DC3D952F29A1FC64B42A6BF415DCB4F0356D1C2FEC893D23488A54983190A481CD7211D04602131049FC2DAA8554061F5EF04489263C5A3A1C9DDF52708A21959C897D65C0A2CB1A6BAB57325EF7A3FCCA358E519DA38E6139E710B8558AAF924F896173250646C76ED7A7F286B06E7FBB130CF036B3235F6D9D6CD760A99DAFE31FDA46308FF4609C45EE1A9ACD9F9E688AE4930942357CFB9410FC48E78CA7C91919EC55891EAE31DC1298E97F42D7793D522CE18935089BC829B977AAF23AE56CE1BBBB9D5D83DE2D8B22765B37AB0DEF226E4328E7D278D77DE388361A280E300BC83DDE2131CA64E62DF95BB09EB50C3854DF9F6532318561174FB8A0B910A081EEE73FAC100C5AC6F7DDDB3738F921899A22D79C0057394231D1BF7738AC1F474DFE1916FCB185DF81C29E2708D2DF9FC2A4994B1A74FC9D53474065F296ACEEC7F827C755BC05FA0FFC49301B2E9F9B913894886202FE09E49E9002BD75F3A2857F8B827E2017772792E5D588EF58AC90E1DABB3D6E93A91079EA3DECE5BE1C71F2C9D6DE47234496C060EF68EBA91B8D5A6323169DB1BB41AD7158DC787E2DBAE34AAC628EB1E7EE740B2958ECD33F188D07CDD967F28EABC326E86B30C539D49959BDF9456EFA81539B02F632BE0A869C06A179969606C57970D77B85CD3A768EA79A18B2AAABE9352A4F69EBF27B71DB0157EB6880984A411CE4736471BA1AF1C924348EDB3A8123363859C09DABB6D300FBA912B6D0B5BED720BEADB0DB00A53793CA079AFC695F9E38734B9243F5406BEE31B8E5CF4BCC37EFCAB530D12BC04D71DB3BA35C065C2B9EE6194781169314E60378D947907A338E0BC1B7E4620C4C1C69C1D7D57FC0048F6A2C54B740F0AAEA266087FDD086A489F690B2703108D8C87C243CFA41E9"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2454707:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{1C8B2B24-1BFF-41F2-B787-0C64B794365B}\Version 3.x]
@DACL=
"dat"="1767914624:{C76D69BA-78C8-3119-2789-756F7965B2FE}"
[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{43FBA8EE-48DF-E9BF-BC67-504E5571365A}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923715162:{15BF8DA0-49AC-0072-6FC9-15B39B36BBFB}"
[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{FB376CFE-4CF6-E213-C52D-0E0D7FCD218F}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234522510:{1049BFB7-CB96-805D-2465-86C75EE81941}"
[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="0:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{B08ECCAD-FEC0-A273-8DFD-B47BE795EE25}]
@DACL=
"DefaultSettings"="19:{5351C505-4E6C-6ECA-E5BD-7AE84A571B0A}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(1256)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-10 20:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-10 18:17
Před spuštěním: Volných bajtů: 10 970 443 776
Po spuštění: Volných bajtů: 11 589 259 264
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
479 --- E O F --- 2009-08-06 15:35
smazal jsem i btdna, jak si chtěl. Co se týče HJT, vím že je zdarma, spíš jsem na to jaksi zapomněl... na jeho aktualizování
ps. Program Files je stále skryto bez možnosti odkrytíGeForce 8800GT, ATI Radeon HD 5850, AMD Phenom II X4 955 (3,2Ghz), 4GB RAM (DDR3 1600Mhz), 1000 GB HDD (Samsung F1), M4A8TD EVO motherboard
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: složka Program Files je skrytá
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\program files\logs.dat
c:\program files\iolo\common\lib\ioloServiceManager.exe
c:\foldingathome1\srvany.exe
c:\foldingathome2\srvany.exe
c:\foldingathome3\srvany.exe
d:\NTGLM7X.sys
Folder::
c:\windows\TEMP\_av_proI.tm~a01088
Driver::
ioloFileInfoList;iolo FileInfoList Service
ioloFileInfoList
ioloSystemService;iolo System Service
ioloSystemService
FAH1;FAH1
FAH1
FAH2;FAH2
FAH2
FAH3;FAH3
FAH3
SetupNTGLM7X;SetupNTGLM7X
SetupNTGLM7X
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=-
"SynchronousUserGroupPolicy"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=-
"MemCheckBoxInRunDlg"=-
"NoResolveTrack"=-
"NoWelcomeScreen"=-
"NoRecentDocsNetHood"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCIA"=-
"PnkBstrA"=-
"HDDTService"=-
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDDTService]
"ImagePath"=-
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
- Zkus jestli jdou změnit atributy u tý složky a jestli se dá s ní pracovat
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\program files\logs.dat
c:\program files\iolo\common\lib\ioloServiceManager.exe
c:\foldingathome1\srvany.exe
c:\foldingathome2\srvany.exe
c:\foldingathome3\srvany.exe
d:\NTGLM7X.sys
Folder::
c:\windows\TEMP\_av_proI.tm~a01088
Driver::
ioloFileInfoList;iolo FileInfoList Service
ioloFileInfoList
ioloSystemService;iolo System Service
ioloSystemService
FAH1;FAH1
FAH1
FAH2;FAH2
FAH2
FAH3;FAH3
FAH3
SetupNTGLM7X;SetupNTGLM7X
SetupNTGLM7X
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=-
"SynchronousUserGroupPolicy"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=-
"MemCheckBoxInRunDlg"=-
"NoResolveTrack"=-
"NoWelcomeScreen"=-
"NoRecentDocsNetHood"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCIA"=-
"PnkBstrA"=-
"HDDTService"=-
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDDTService]
"ImagePath"=-
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
- Zkus jestli jdou změnit atributy u tý složky a jestli se dá s ní pracovat
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
-
- Mohlo by vás zajímat
- Odpovědi
- Zobrazení
- Poslední příspěvek
-
-
Program na hledání poškozených souborů JPG Příloha(y)
od Rosta_Kolmix » 09 lis 2024 11:01 » v Design a grafické editory - 2
- 4686
-
od Minapark
Zobrazit poslední příspěvek
15 lis 2024 11:04
-
-
-
Jaký program pro zpracování videa je nejlepší?
od zuzana3 » 13 kvě 2025 08:48 » v Programy ke stažení - 7
- 5948
-
od buchtik
Zobrazit poslední příspěvek
14 kvě 2025 12:20
-
-
- 4
- 3467
-
od RostislavC
Zobrazit poslední příspěvek
14 lis 2024 17:37
Zpět na “Windows 11, 10, 8...”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 10 hostů