složka Program Files je skrytá

weem · Příspěvekod **weem** » 10 srp 2009 21:28

ja se z toho asi zcvoknu, ta složka stále nic... tady je log

ComboFix 09-08-10.01 - Lukino 10.08.2009 21:14.2.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1599 [GMT 2:00]
Spuštěný z: c:\documents and settings\Lukino\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Lukino\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090810-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *disabled* {A990EAA7-8941-4621-BC27-4F16261D3180}

FILE ::
"c:\foldingathome1\srvany.exe"
"c:\foldingathome2\srvany.exe"
"c:\foldingathome3\srvany.exe"
"c:\program files\iolo\common\lib\ioloServiceManager.exe"
"c:\program files\logs.dat"
"d:\NTGLM7X.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

?

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAH1
-------\Legacy_FAH2
-------\Legacy_FAH3
-------\Legacy_IOLOFILEINFOLIST
-------\Legacy_IOLOSYSTEMSERVICE
-------\Legacy_SETUPNTGLM7X
-------\Service_FAH1
-------\Service_FAH2
-------\Service_FAH3
-------\Service_ioloFileInfoList
-------\Service_ioloSystemService
-------\Service_SetupNTGLM7X

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-10 do 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 17:18 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-10 17:18 . 2009-08-10 17:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 17:18 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 17:14 . 2009-08-10 17:14 3942080 ----a-w- c:\program files\mbam-setup.exe
2009-08-06 18:12 . 2009-08-06 18:12 -------- d-----w- c:\program files\Common Files\BioWare
2009-08-05 18:24 . 2009-08-09 18:56 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-05 01:10 . 2009-08-05 01:10 -------- d-----w- c:\documents and settings\LocalService\Plocha

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 19:23 . 2007-08-24 09:36 -------- d-----w- c:\program files\Firefox
2009-08-10 18:32 . 2001-10-25 12:00 836508 ----a-w- c:\windows\system32\perfh005.dat
2009-08-10 18:32 . 2001-10-25 12:00 251680 ----a-w- c:\windows\system32\perfc005.dat
2009-08-10 10:38 . 2006-03-19 13:39 -------- d-----w- c:\program files\SpeedFan
2009-08-10 08:04 . 2006-03-19 13:30 -------- d-----w- c:\program files\InstallShield Installation Information
2009-08-08 17:04 . 2006-10-11 18:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-06 15:29 . 2008-02-24 07:38 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-03 16:59 . 2004-08-17 13:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:40 . 2004-08-17 13:49 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2001-10-25 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:11 . 2004-08-17 13:49 1293824 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 21:20 . 2009-05-29 21:16 5120 ----a-w- c:\windows\system32\BReWErS.dll
2009-05-29 20:03 . 2009-05-29 20:03 215144 ----a-w- c:\windows\patchw32.dll
2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-22 20:21 . 2008-08-05 15:06 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-22 20:21 . 2008-08-05 15:06 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2008-10-31 14:44 . 2008-10-31 14:44 3822770 ------w- c:\program files\MyPhoneExplorer_Setup_1.7.0.exe
2007-10-27 12:19 . 2008-09-01 15:18 24576 ------w- c:\program files\memtest.exe
2006-02-23 08:56 . 2006-02-23 08:56 15957 ------w- c:\program files\logs.dat
2003-11-03 15:07 . 2004-04-23 15:06 499712 ------w- c:\program files\msvcp71.dll
2003-11-03 15:07 . 2004-04-23 15:06 348160 ------w- c:\program files\msvcr71.dll
2003-05-30 07:22 . 2003-09-08 07:09 344064 ------r- c:\program files\msvcr70.dll
2002-01-05 01:40 . 2003-09-08 07:09 487424 ------w- c:\program files\msvcp70.dll
.

------- Sigcheck -------

[-] 2005-03-02 18:21 577024 3EF380290CE2CA8598E475CEAC4ADB13 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:51 578048 5393076FDCD6DAEB82814688DDE3E9A2 c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:38 577536 43240B12D220F30C7C75EA69B2E806B0 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2004-08-17 13:49 577024 1B4CCC59980DA34E75F20E42B283B027 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:18 577024 9267BC598E271BC3FA69F36CF1C8BD36 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 03:22 587776 581480DE9C65D6BD0552E35BF17379B2 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 03:22 587776 581480DE9C65D6BD0552E35BF17379B2 c:\windows\system32\user32.dll
[7] 2008-04-14 03:22 578560 E16E0990967374E76F3E40CACAFD3D53 c:\windows\VistaMizer\old\user32.dll

[-] 2004-08-17 13:49 541696 96112B362A1F419384CE57E5D92C6267 c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 03:22 547328 471341D353962A35DA3C6324D59D09C4 c:\windows\system32\winlogon.exe
[7] 2008-04-14 03:22 507904 CDDB1F8E1AEA356F3AD106F2CF9B7FEA c:\windows\VistaMizer\old\winlogon.exe

[-] 2008-04-14 03:22 1552384 B720487896E2D91DA23E59820F718E34 c:\windows\explorer.exe
[-] 2007-06-13 13:11 1033728 9B32416BD5988C97B6397CE0B02CAF97 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:23 1551872 3AC47EAC2BD0B93621B55DCD4C547956 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-17 13:49 1032704 53114D57AB73A406AC7F602227781A99 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 03:22 1552384 B720487896E2D91DA23E59820F718E34 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 03:22 1034240 27AFD587C462E280EE046B8CCA3C2CD1 c:\windows\VistaMizer\old\explorer.exe

[-] 2004-08-17 13:49 25088 5050A0B550CCF3FFBC3DAD33524A4DC1 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 03:22 25088 D8152865F2A59D765AF8317E38AA5FB4 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 03:22 15360 A756B8F0F7BAFBA6DFE39F7D169F2519 c:\windows\VistaMizer\old\ctfmon.exe

[-] 2004-08-17 13:49 1405440 B26D8B14BFA74CE9C3E3031DDA8DCB6B c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 03:21 1405440 3EF79D1F5B06B29B3C317DFFB8BE0F8F c:\windows\system32\comres.dll
[7] 2008-04-14 03:21 806912 E7B375DFFB68A16659CA66474A280C47 c:\windows\VistaMizer\old\comres.dll

[-] 2006-08-25 15:51 724992 D40513CF64FB1BFDE53A1D346CB95299 c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-17 13:49 611328 876C658C44F2BF4AF050E5534A9F066F c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2008-04-14 03:21 724992 92FAE100B7A31616DEBF6F91175000AA c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 03:21 724992 92FAE100B7A31616DEBF6F91175000AA c:\windows\system32\comctl32.dll
[7] 2008-04-14 03:21 617472 4F993463DC5F3F80D77A3D34D7BFBFED c:\windows\VistaMizer\old\comctl32.dll
[7] 2001-10-25 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\InstallTemp\46629\comctl32.dll
[7] 2001-10-25 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2004-08-17 13:48 1050624 F76B3003366A205E05AFC0D034C7D3E9 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:51 1054208 6CB1BAC5FA7E692B63C3D5AAA348E76A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[7] 2008-04-14 03:07 1054208 D7B7AE36A2EBA312AC4B53862019B3F5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-10_18.13.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 19:22 . 2009-08-10 19:22 16384 c:\windows\Temp\Perflib_Perfdata_7d0.dat
+ 2009-08-10 19:21 . 2009-08-10 19:21 16384 c:\windows\Temp\Perflib_Perfdata_674.dat
- 2009-08-10 18:10 . 2009-08-10 18:10 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-10 19:20 . 2009-08-10 19:20 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-10 19:20 . 2009-08-10 19:20 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
- 2009-08-10 18:10 . 2009-08-10 18:10 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2001-10-25 12:00 . 2009-08-10 18:32 769410 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2009-08-10 18:32 219626 c:\windows\system32\perfc009.dat
+ 2009-08-10 19:20 . 2009-08-10 19:20 307200 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-10 18:10 . 2009-08-10 18:10 307200 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-10 19:20 . 2009-08-10 19:20 1433600 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
- 2009-08-10 18:10 . 2009-08-10 18:10 1433600 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-10 19:20 . 2009-08-10 19:20 1429504 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
- 2009-08-10 18:10 . 2009-08-10 18:10 1429504 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
- 2009-08-10 18:10 . 2009-08-10 18:10 12025856 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-10 19:20 . 2009-08-10 19:20 12025856 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]

c:\documents and settings\host\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hotkeys.lnk - c:\program files\AutoCAD 2005\Hotkeys Marie\HOTKEYS.EXE [2006-3-20 40448]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]

c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]

c:\documents and settings\Lukino\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Mozilla Firefox.lnk - c:\program files\Firefox\firefox.exe [2009-1-26 908280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\install\Antimalware\SUPERAntiSpyware\SASSEH.DLL" [2009-03-15 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"nwiz"=nwiz.exe /install
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"CHotkey"=mHotkey.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" -lang 1033
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SoundMan"=SOUNDMAN.EXE
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4ss.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Install\\Games\\CoD5\\CoDWaWmp.exe"=
"d:\\Install\\Games\\CoD5\\CoDWaW.exe"=
"d:\\Install\\Pinnacle\\Programs\\RM.exe"=
"d:\\Install\\Pinnacle\\Programs\\Studio.exe"=
"d:\\Install\\Pinnacle\\Programs\\umi.exe"=
"d:\\Install\\Games\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Documents and Settings\\host\\Local Settings\\Data aplikací\\Skype\\Phone\\Skype.exe"=
"d:\\Install\\Games\\Mirrors edge\\Binaries\\MirrorsEdge.exe"=
"d:\\Install\\Games\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Install\\Games\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"d:\\Install\\Games\\Company of heroes - Tales of Valor\\RelicCOH.exe"=
"d:\\Install\\Games\\Company of heroes - Tales of Valor\\RelicDownloader\\RelicDownloader.exe"=
"d:\\Install\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"d:\\Install\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"d:\\Install\\Games\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=
"d:\\Install\\Games\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Install\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12135:TCP"= 12135:TCP:BitComet 12135 TCP
"12135:UDP"= 12135:UDP:BitComet 12135 UDP
"15404:TCP"= 15404:TCP:BitComet 15404 TCP
"15404:UDP"= 15404:UDP:BitComet 15404 UDP
"26740:TCP"= 26740:TCP:BitComet 26740 TCP
"26740:UDP"= 26740:UDP:BitComet 26740 UDP
"16986:TCP"= 16986:TCP:BitComet 16986 TCP
"16986:UDP"= 16986:UDP:BitComet 16986 UDP
"26465:TCP"= 26465:TCP:BitComet 26465 TCP
"26465:UDP"= 26465:UDP:BitComet 26465 UDP
"22901:TCP"= 22901:TCP:BitComet 22901 TCP
"22901:UDP"= 22901:UDP:BitComet 22901 UDP
"16881:TCP"= 16881:TCP:BitComet 16881 TCP
"16881:UDP"= 16881:UDP:BitComet 16881 UDP
"54654:TCP"= 54654:TCP:BitComet 54654 TCP
"54654:UDP"= 54654:UDP:BitComet 54654 UDP
"59999:TCP"= 59999:TCP:BitComet 59999 TCP
"59999:UDP"= 59999:UDP:BitComet 59999 UDP
"10601:TCP"= 10601:TCP:BitComet 10601 TCP
"10601:UDP"= 10601:UDP:BitComet 10601 UDP
"22144:TCP"= 22144:TCP:BitComet 22144 TCP
"22144:UDP"= 22144:UDP:BitComet 22144 UDP
"19629:TCP"= 19629:TCP:BitComet 19629 TCP
"19629:UDP"= 19629:UDP:BitComet 19629 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [30.3.2008 16:48 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [21.6.2005 10:51 270336]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [30.5.2005 9:32 53248]
R1 SASDIFSV;SASDIFSV;d:\install\Antimalware\SUPERAntiSpyware\SASDIFSV.SYS [7.6.2007 20:59 9968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30.3.2008 16:48 20560]
S1 SASKUTIL;SASKUTIL;\??\e:\install\Antimalware\SUPERAntiSpyware\SASKUTIL.sys --> e:\install\Antimalware\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [31.10.2008 16:01 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [31.10.2008 16:01 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [31.10.2008 16:01 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [31.10.2008 16:01 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [31.10.2008 16:01 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [31.10.2008 16:01 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [31.10.2008 16:01 110120]
S3 SASENUM;SASENUM;\??\e:\install\Antimalware\SUPERAntiSpyware\SASENUM.SYS --> e:\install\Antimalware\SUPERAntiSpyware\SASENUM.SYS [?]
S4 HDDTService;HDD Temperature; [x]
S4 SCIA;SCIA;c:\scialm\Lmgrd.exe [22.4.2009 17:36 974848]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Obsah adresáře 'Naplánované úlohy'

2009-08-09 c:\windows\Tasks\User_Feed_Synchronization-{CE4E8C96-B416-4EE4-804C-0D25675C85B0}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/?&Theme=dark_vader
uSearchMigratedDefaultURL = hxxp://www.atlas.cz/search.asp?mssrch=~ ... =ms&query={searchTerms}
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {38988F67-2A9C-422A-B940-77CCBEE463B3} = 212.158.128.2,212.158.128.3
FF - ProfilePath - c:\documents and settings\Lukino\Data aplikací\Mozilla\Firefox\Profiles\xsmfn3bx.default\
FF - prefs.js: browser.search.selectedEngine - KickassTorrents
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/?&Theme=dark_vader
FF - plugin: c:\program files\Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-10 21:22
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1960408961-261903793-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1960408961-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EF3FA809-6BC9-E8E2-E7F7-E6CAE2B3B208}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"gaghjfjiboodkf"=hex:63,61,67,64,70,6d,00,7e

[HKEY_USERS\S-1-5-21-1960408961-261903793-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:a0,9d,17,07,65,c2,3a,d5,5f,c0,e0,cc,79,20,12,e2,0d,94,2e,0b,64,
b1,9f,de,39,5d,89,5a,3a,80,7e,1f,ef,b5,6f,7b,e3,48,f3,ae,12,a7,6e,a0,51,1f,\
"rkeysecu"=hex:43,f3,aa,9f,21,6c,4b,dd,45,a2,00,f9,87,61,78,b2

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,b5,59,9b,e2,1e,
97,59,6c,e2,63,26,f1,3f,c8,ff,68,c2,af,e6,c5,53,a8,ac,e0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,e0,96,93,06,26,
b0,58,ea,6a,9c,d6,61,af,45,84,18,d3,c0,25,07,12,5b,a2,a8,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,cb,22,12,a5,5a,
bb,f4,3a,ff,7c,85,e0,43,d4,0e,fe,08,7b,eb,7b,fc,64,ff,87,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,21,ca,d5,f0,24,
63,d6,9e,86,8c,21,01,be,91,eb,e7,e0,ee,a2,e1,5e,1c,4e,2d,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,34,0b,1e,a7,e1,
7b,b8,05,f5,1d,4d,73,a8,13,5c,05,c5,65,73,fc,04,25,a6,6c,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,67,97,69,94,00,
34,e7,b2,df,20,58,62,78,6b,cf,c8,9c,5b,09,e2,b4,9d,c1,78,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,21,36,02,d3,58,
18,27,72,fb,a7,78,e6,12,2f,9a,ea,a7,98,09,81,03,2d,2f,a3,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,84,89,41,ab,6b,
77,37,d4,01,3a,48,fc,e8,04,4a,f1,5b,4d,cf,79,e4,ea,b5,74,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,05,68,11,dd,db,
e7,07,5f,f6,0f,4e,58,98,5b,89,c9,87,c0,80,58,c0,92,50,01,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,26,40,76,9d,a2,
04,68,7e,3d,ce,ea,26,2d,45,aa,78,85,c5,09,5a,0c,e9,08,c8,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,91,b6,2d,5e,b7,
35,35,6b,2a,b7,cc,b5,b9,7f,41,e7,7a,3f,2e,44,ad,ae,7d,e5,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,62,99,11,55,bf,
d4,6e,28,6c,43,2d,1e,aa,22,2f,9c,d5,76,8b,10,0c,7f,a2,0d,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="255810:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2454686:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install*Loc\VxDs]
@DACL=
"DefaultSettings"="-19:{3C7DA433-1047-9FC4-00BA-978A09424856}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{1C8B2B24-1BFF-41F2-B787-0C64B794365B}\Version 1.1]
@DACL=
"dat"="806585365:{65A52A06-1573-7F01-7364-8D6C30AE8600}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="B40ED03F2130EBB30777678EC1B3ED3E078E64AF79A4AC5B94092414D13E58C581589B754FE3FC3F62B640A109506CC2F1F67B98D19842070339307474F769D4825957AD00F5C4AA8E3B9E219C52D63310E424EC7C49030675E1BCA252205BC1F083473BDB097E69CD60166B0151079F4EB3653B75648B27A2855FF5FD182937E91DB463B153A5244650C253DA779BCDF99749035D283A6AA0FAB3BC325593956FC3EB5FF39E7C36820D40A1778575B8C895DFB776EA3288EEEBDAB8C9609FEE6566BC5DB64A0733F0EA318FC3CD3C0C5186BA412913DAEB6BD8F71C4856148C16C97E01B5C68F5C65FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A9C6AECB7A5D1407C038D530D6EB345261301FC80FB452430466E6F4CBF2A2EFCBA481F4F0D9A1B04FD03685153C15E7BE58CAB668EDD88D9C820174961DBFFDC25B61A0F9C6C9E3C0A4DC3D952F29A1FC64B42A6BF415DCB4F0356D1C2FEC893D23488A54983190A481CD7211D04602131049FC2DAA8554061F5EF04489263C5A3A1C9DDF52708A21959C897D65C0A2CB1A6BAB57325EF7A3FCCA358E519DA38E6139E710B8558AAF924F896173250646C76ED7A7F286B06E7FBB130CF036B3235F6D9D6CD760A99DAFE31FDA46308FF4609C45EE1A9ACD9F9E688AE4930942357CFB9410FC48E78CA7C91919EC55891EAE31DC1298E97F42D7793D522CE18935089BC829B977AAF23AE56CE1BBBB9D5D83DE2D8B22765B37AB0DEF226E4328E7D278D77DE388361A280E300BC83DDE2131CA64E62DF95BB09EB50C3854DF9F6532318561174FB8A0B910A081EEE73FAC100C5AC6F7DDDB3738F921899A22D79C0057394231D1BF7738AC1F474DFE1916FCB185DF81C29E2708D2DF9FC2A4994B1A74FC9D53474065F296ACEEC7F827C755BC05FA0FFC49301B2E9F9B913894886202FE09E49E9002BD75F3A2857F8B827E2017772792E5D588EF58AC90E1DABB3D6E93A91079EA3DECE5BE1C71F2C9D6DE47234496C060EF68EBA91B8D5A6323169DB1BB41AD7158DC787E2DBAE34AAC628EB1E7EE740B2958ECD33F188D07CDD967F28EABC326E86B30C539D49959BDF9456EFA81539B02F632BE0A869C06A179969606C57970D77B85CD3A768EA79A18B2AAABE9352A4F69EBF27B71DB0157EB6880984A411CE4736471BA1AF1C924348EDB3A8123363859C09DABB6D300FBA912B6D0B5BED720BEADB0DB00A53793CA079AFC695F9E38734B9243F5406BEE31B8E5CF4BCC37EFCAB530D12BC04D71DB3BA35C065C2B9EE6194781169314E60378D947907A338E0BC1B7E4620C4C1C69C1D7D57FC0048F6A2C54B740F0AAEA266087FDD086A489F690B2703108D8C87C243CFA41E9"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2454707:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{1C8B2B24-1BFF-41F2-B787-0C64B794365B}\Version 3.x]
@DACL=
"dat"="1767914624:{C76D69BA-78C8-3119-2789-756F7965B2FE}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{43FBA8EE-48DF-E9BF-BC67-504E5571365A}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923715162:{15BF8DA0-49AC-0072-6FC9-15B39B36BBFB}"

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{FB376CFE-4CF6-E213-C52D-0E0D7FCD218F}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234522510:{1049BFB7-CB96-805D-2465-86C75EE81941}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="0:{19C42D30-D844-8A07-12A4-E783E7D228F7}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{B08ECCAD-FEC0-A273-8DFD-B47BE795EE25}]
@DACL=
"DefaultSettings"="19:{5351C505-4E6C-6ECA-E5BD-7AE84A571B0A}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-08-10 21:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-10 19:27
ComboFix2.txt 2009-08-10 18:17

Před spuštěním: Volných bajtů: 11 617 902 592
Po spuštění: Volných bajtů: 11 562 070 016

482 --- E O F --- 2009-08-06 15:35

Reklama

Damned · Příspěvekod **Damned** » 10 srp 2009 21:56

SUPERAntiSpyware tam máš? OOdefrag či co taky?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

DirLook::
c:\program files

Driver::
HDDTService;HDD Temperature
HDDTService

Registry::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000

RegNull::
[HKEY_USERS\S-1-5-21-1960408961-261903793-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-1960408961-261903793-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EF3FA809-6BC9-E8E2-E7F7-E6CAE2B3B208}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install*Loc\VxDs]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{1C8B2B24-1BFF-41F2-B787-0C64B794365B}\Version 1.1]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{1C8B2B24-1BFF-41F2-B787-0C64B794365B}\Version 3.x]
[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{43FBA8EE-48DF-E9BF-BC67-504E5571365A}\Current*Set\xga-1\ver]
[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{FB376CFE-4CF6-E213-C52D-0E0D7FCD218F}\xga-1\Install*Loc]
[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{B08ECCAD-FEC0-A273-8DFD-B47BE795EE25}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

weem · Příspěvekod **weem** » 11 srp 2009 00:32

tady je log http://www.megafileupload.com/en/file/1 ... x-txt.html (bylo to moc velke, takze to neslo dat ani do prilohy), situace kolem slozky stale stejna

Damned · Příspěvekod **Damned** » 11 srp 2009 00:38

Ani to nešlo dát do Raru?

weem · Příspěvekod **weem** » 11 srp 2009 00:41

jej.. a kruci, uz je pozde a nemysli mi to, samozrejme ze slo, ale muzes si to stahnout ne? ma to "jen" 3,8 MB

Damned · Příspěvekod **Damned** » 11 srp 2009 00:47

Mám jen GPRS, taže tak 10-20 minut, podle větru :lol:

weem · Příspěvekod **weem** » 11 srp 2009 00:50

jestli tam bude tornado, tak to stahnes tak za den co? Takovyhle internet byl za moji babicky, proboha

, no nic, ja uz stejne jdu offline, takze si to muzes vklidu dotahat a rano se podivam na tve rady a porady

. Dik predem

Damned · Příspěvekod **Damned** » 11 srp 2009 01:19

Napadlo mne, jestli, když jsi něco instaloval, nepovolil u nějakého programu "Skrýt složku po instalaci".

Červené soubory zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

c:\program files\msvcp71.dll
c:\program files\msvcr71.dll
c:\program files\msvcr70.dll
c:\program files\msvcp70.dll

Měli by být ve složce ....\system32 nebo ve složce programu a ne v program files.

Co je toto: SCIA\ESA52 ?

weem · Příspěvekod **weem** » 11 srp 2009 01:36

SCIA je program pro vypocet pro statiku a dynamiku staveb - tata je inzenyr. Jinak u vsech tech souboru je 0 detekci, takze to asi zavadne nebude.... ja uz fakt nevim...

Damned · Příspěvekod **Damned** » 11 srp 2009 04:15

Start--> > Spustit a do řádku vlož celý tento řádek:

Kód: Vybrat vše

regedit /e "c:\regla.txt" "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"

Klikni na OK.
V "C:\" se ti objeví texťák "regla.txt", zkopíruj mi ho sem.

Je to všechno v jednom řádku.
Klasický postup Složka-->Nástroje.....si zkoušel?

Damned · Příspěvekod **Damned** » 11 srp 2009 05:55

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\program files\logs.dat

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
****************************************************************************************************************************************
Pak zkus:
Start--> Spustit a do řádku vlož:

Kód: Vybrat vše

attrib -h -s "C:\Program Files" /s /d

Otevře se dosové okno a po chvíli se zavře.

Pak koukni na vlastnosti složky. Mě to tam a zpět fungovalo.

weem · Příspěvekod **weem** » 11 srp 2009 10:30

DIKY! tak tohle attrib -h -s "C:\Program Files" /s /d zafungovalo. Jeste jednou dekuju za snahu. PS.: porid si lepsi internet, nejsme v dobe kamenne :lol:

složka Program Files je skrytá

Re: složka Program Files je skrytá

Re: složka Program Files je skrytá

Re: složka Program Files je skrytá

Re: složka Program Files je skrytá

Re: složka Program Files je skrytá

Re: složka Program Files je skrytá

Re: složka Program Files je skrytá

Re: složka Program Files je skrytá

Re: složka Program Files je skrytá

Re: složka Program Files je skrytá

Re: složka Program Files je skrytá

Re: složka Program Files je skrytá

Kdo je online