Ahoj, prosim o preventivni kontrolu logu... Potrebuji procistit PC od tech vsech internetovych hajzliku a rad bych preventivne PC prohledl abych predesel problemum.... DIky..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:45, on 6.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\j\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\j\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Documents and Settings\j\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\j\Plocha\hijackthis.exe
C:\Documents and Settings\j\Plocha\moje složka\TeamViewer.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - 855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DB84CE7-0FA4-824E-8F90-C7592EB074E5} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: (no name) - {6283C72D-7231-4527-A3AD-5FAD4CDE83EE} - C:\WINDOWS\system32\cfgbken.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [advap32] C:\WINDOWS\system32\wpv5314.cpx/r
O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe
O4 - HKLM\..\Run: [vanrqpiffeoichr] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\spqefyttutqz.dll"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\j\LOCALS~1\Temp\~tmpb.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\j\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ccagent.exe] C:\Documents and Settings\j\Data aplikací\Control-Center\ccagent.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\hmipcore.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1c9b054971d2682) (gupdate1c9b054971d2682) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HideMyIpSRV - My Privacy Tools, Inc. - C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Net Spool srv (NetSpoolsvs) - Unknown owner - C:\WINDOWS\system32\NetSpools.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 12167 bytes
Kontrola logu Vyřešeno
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Kontrola logu
Opravdu hééézkééé 
u tebe si viry zpívají: Tohle je ráááj......... 
A co ty Trojani a další malware?
Odinstaluj si ICQ6Toolbar, Media Access Startup, Internet Saving Optimizer, Ask Toolbar, System Search Dispatcher
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - 855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1DB84CE7-0FA4-824E-8F90-C7592EB074E5} - (no file)
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: (no name) - {6283C72D-7231-4527-A3AD-5FAD4CDE83EE} - C:\WINDOWS\system32\cfgbken.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [advap32] C:\WINDOWS\system32\wpv5314.cpx/r
O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe
O4 - HKLM\..\Run: [vanrqpiffeoichr] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\spqefyttutqz.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\j\LOCALS~1\Temp\~tmpb.exe
O4 - HKCU\..\Run: [ccagent.exe] C:\Documents and Settings\j\Data aplikací\Control-Center\ccagent.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
u tebe si viry zpívají: Tohle je ráááj......... A co ty Trojani a další malware?
Odinstaluj si ICQ6Toolbar, Media Access Startup, Internet Saving Optimizer, Ask Toolbar, System Search Dispatcher
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - 855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1DB84CE7-0FA4-824E-8F90-C7592EB074E5} - (no file)
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: (no name) - {6283C72D-7231-4527-A3AD-5FAD4CDE83EE} - C:\WINDOWS\system32\cfgbken.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [advap32] C:\WINDOWS\system32\wpv5314.cpx/r
O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe
O4 - HKLM\..\Run: [vanrqpiffeoichr] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\spqefyttutqz.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\j\LOCALS~1\Temp\~tmpb.exe
O4 - HKCU\..\Run: [ccagent.exe] C:\Documents and Settings\j\Data aplikací\Control-Center\ccagent.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Kontrola logu
ok...vše jsem udělal přesně jak jste napsal....zde je ten log-
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3830
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
6.3.2010 22:34:32
mbam-log-2010-03-06 (22-34-29).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 158875
Uplynulý čas: 7 minute(s), 45 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 36
Infikované hodnoty registru: 7
Infikované datové položky registru: 2
Infikované adresáře: 33
Infikované soubory: 140
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Documents and Settings/j/Local Settings/Temp/dkwppdft.dat (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dkwppdft.dat (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dkwppdft.dat (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pro antispyware 2009 4.6 (Rogue.ProAntiSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntiSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\j\Data aplikací\Control-Center\ccmain.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Infikované adresáře:
C:\Documents and Settings\All Users\Data aplikací\11282184 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\BASE (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\DELETED (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\SAVED (Rogue.ProAntiSpyware) -> No action taken.
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> No action taken.
Infikované soubory:
C:\Documents and Settings\j\Plocha\hd2_multihack.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\tmp1A3.tmp (Trojan.Inject) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\dkwppdft.dat (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\~3F.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\sbpin.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\bc02919.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\11282184\11282184 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128164027593.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128164504140.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128170606234.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081129180704656.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130103440500.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130171331671.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130204411750.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081201142816593.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> No action taken.
C:\WINDOWS\system32\288yI86o.exe.a_a (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ccfgn.dll (Trojan.Boaxxe) -> No action taken.
C:\WINDOWS\system32\Kernel32.exe (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\ISOSetup.exe (Trojan.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3830
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
6.3.2010 22:34:32
mbam-log-2010-03-06 (22-34-29).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 158875
Uplynulý čas: 7 minute(s), 45 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 36
Infikované hodnoty registru: 7
Infikované datové položky registru: 2
Infikované adresáře: 33
Infikované soubory: 140
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Documents and Settings/j/Local Settings/Temp/dkwppdft.dat (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dkwppdft.dat (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dkwppdft.dat (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pro antispyware 2009 4.6 (Rogue.ProAntiSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntiSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\j\Data aplikací\Control-Center\ccmain.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.
Infikované adresáře:
C:\Documents and Settings\All Users\Data aplikací\11282184 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\BASE (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\DELETED (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\SAVED (Rogue.ProAntiSpyware) -> No action taken.
C:\Program Files\DoubleD (Adware.DoubleD) -> No action taken.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> No action taken.
Infikované soubory:
C:\Documents and Settings\j\Plocha\hd2_multihack.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\tmp1A3.tmp (Trojan.Inject) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\dkwppdft.dat (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\~3F.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\sbpin.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\bc02919.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\11282184\11282184 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128164027593.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128164504140.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128170606234.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081129180704656.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130103440500.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130171331671.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130204411750.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081201142816593.log (Rogue.ProAntiSpyware) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> No action taken.
C:\WINDOWS\system32\288yI86o.exe.a_a (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ccfgn.dll (Trojan.Boaxxe) -> No action taken.
C:\WINDOWS\system32\Kernel32.exe (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\ISOSetup.exe (Trojan.Agent) -> No action taken.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Kontrola logu
Mno, tak se s nima rozluč, pošleme je do věčných softwarových lovišť..... 
Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Kontrola logu
to je ten log- (ale 5 věcí mi napsalo že se napodařilo odstranit-HKEY_LOCAL_MACHINE ATD...)
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3830
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
7.3.2010 8:30:20
mbam-log-2010-03-07 (08-30-20).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 258658
Uplynulý čas: 35 minute(s), 29 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 36
Infikované hodnoty registru: 7
Infikované datové položky registru: 2
Infikované adresáře: 33
Infikované soubory: 146
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Documents and Settings/j/Local Settings/Temp/dkwppdft.dat (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dkwppdft.dat (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dkwppdft.dat (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pro antispyware 2009 4.6 (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\j\Data aplikací\Control-Center\ccmain.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infikované adresáře:
C:\Documents and Settings\All Users\Data aplikací\11282184 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\BASE (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\DELETED (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\SAVED (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované soubory:
C:\Documents and Settings\j\Data aplikací\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temp\tmp1A3.tmp (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temp\dkwppdft.dat (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\j\Local Settings\Temp\~3F.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temp\sbpin.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temp\bc02919.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Plocha\hd2_multihack.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Plocha\backups\backup-20100306-221656-419.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{105A28B6-6E67-4950-8D2B-A0CD11AD67DD}\RP300\A0091714.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{105A28B6-6E67-4950-8D2B-A0CD11AD67DD}\RP300\A0091715.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{105A28B6-6E67-4950-8D2B-A0CD11AD67DD}\RP300\A0091717.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{105A28B6-6E67-4950-8D2B-A0CD11AD67DD}\RP319\A0097338.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\11282184\11282184 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128164027593.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128164504140.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128170606234.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081129180704656.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130103440500.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130171331671.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130204411750.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081201142816593.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\288yI86o.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccfgn.dll (Trojan.Boaxxe) -> Delete on reboot.
C:\WINDOWS\system32\Kernel32.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\ISOSetup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3830
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11
7.3.2010 8:30:20
mbam-log-2010-03-07 (08-30-20).txt
Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 258658
Uplynulý čas: 35 minute(s), 29 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 36
Infikované hodnoty registru: 7
Infikované datové položky registru: 2
Infikované adresáře: 33
Infikované soubory: 146
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Worm.Allaple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Documents and Settings/j/Local Settings/Temp/dkwppdft.dat (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dkwppdft.dat (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dkwppdft.dat (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pro antispyware 2009 4.6 (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\j\Data aplikací\Control-Center\ccmain.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infikované adresáře:
C:\Documents and Settings\All Users\Data aplikací\11282184 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009 (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\BASE (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\DELETED (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\SAVED (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\GamingHarbor Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.
Infikované soubory:
C:\Documents and Settings\j\Data aplikací\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temp\tmp1A3.tmp (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temp\dkwppdft.dat (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\j\Local Settings\Temp\~3F.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temp\sbpin.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temp\bc02919.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Plocha\hd2_multihack.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Plocha\backups\backup-20100306-221656-419.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{105A28B6-6E67-4950-8D2B-A0CD11AD67DD}\RP300\A0091714.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{105A28B6-6E67-4950-8D2B-A0CD11AD67DD}\RP300\A0091715.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{105A28B6-6E67-4950-8D2B-A0CD11AD67DD}\RP300\A0091717.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{105A28B6-6E67-4950-8D2B-A0CD11AD67DD}\RP319\A0097338.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\11282184\11282184 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128164027593.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128164504140.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081128170606234.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081129180704656.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130103440500.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130171331671.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081130204411750.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Solt Lake Software\Pro Antispyware 2009\LOG\20081201142816593.log (Rogue.ProAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\HPCommon.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\hppx.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\MAHelper.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\Data\config.md (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome.manifest (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\install.rdf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\288yI86o.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccfgn.dll (Trojan.Boaxxe) -> Delete on reboot.
C:\WINDOWS\system32\Kernel32.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\ISOSetup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Re: Kontrola logu
ok už je vše hotovo...toto je log z combofixu-
ComboFix 10-03-06.06 - j 07.03.2010 8:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.3070.2461 [GMT 1:00]
Spuštěný z: c:\documents and settings\j\Plocha\ComboFix.exe
AV: AVG 7.5.560 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\AutoRun.inf
c:\documents and settings\j\Local Settings\Temporary Internet Files\_tm20.tmp
c:\documents and settings\j\Local Settings\Temporary Internet Files\_tm3E.tmp
c:\documents and settings\j\Local Settings\Temporary Internet Files\_tm49.tmp
c:\documents and settings\j\Local Settings\Temporary Internet Files\stb06759.tmp
c:\windows\EventSystem.log
c:\windows\system32\ccfgn.dll
c:\windows\system32\drivers\bwshlovi.sys
c:\windows\system32\drivers\xtvjeibo.sys
c:\windows\system32\Dvbpws.dll
c:\windows\system32\twain_32.dll
c:\windows\wiaservb.log
F:\Autorun.inf
G:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BWSHLOVI
-------\Legacy_NETSPOOLSVS
-------\Service_bwshlovi
-------\Service_NetSpoolsvs
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-07 do 2010-03-07 )))))))))))))))))))))))))))))))
.
2010-03-06 21:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 21:19 . 2010-03-06 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 21:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 18:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-02 12:30 . 2010-03-02 12:30 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-03-01 15:51 . 2010-03-01 15:51 -------- d-----w- c:\program files\QuickTime
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Apple Software Update
2010-02-26 14:34 . 2010-02-26 15:35 -------- d-----w- C:\Fraps
2010-02-19 15:31 . 2010-02-19 15:31 -------- d-----w- c:\program files\Common Files\Skype
2010-02-18 20:40 . 2010-02-18 20:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 18:13 . 2009-09-16 12:27 -------- d-----w- c:\program files\Xfire
2010-02-24 08:16 . 2009-10-23 11:53 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 15:31 . 2008-10-26 14:36 -------- d-----r- c:\program files\Skype
2010-02-14 19:53 . 2008-10-15 15:26 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-14 19:53 . 2008-10-15 15:25 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-05 18:25 . 2008-10-26 14:36 -------- d-----w- c:\program files\Google
2010-02-02 20:18 . 2008-09-25 16:40 -------- d-----w- c:\program files\Microsoft Works
2010-02-02 15:03 . 2010-02-02 15:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-01 07:54 . 2010-02-01 07:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-23 12:53 . 2010-01-23 12:49 -------- d-----w- c:\program files\FlatOut2
2010-01-17 20:41 . 2010-01-14 15:17 -------- d-----w- c:\program files\TMbot
2010-01-05 09:58 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2006-03-02 12:00 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:14 . 2006-03-02 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-18 10:03 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-12-18 10:03 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-12-17 08:00 . 2008-02-12 20:26 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:28 . 2006-03-02 12:00 2138112 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:28 . 2004-08-17 15:45 2017792 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856]
"Google Update"="c:\documents and settings\j\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-07-13 590848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2009-07-13 219136]
c:\documents and settings\j\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=hex(1b8):45,78,70,6c,6f,72,65,72,2e,65,78,65
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winag38.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbh38.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj63.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winek73.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt40.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta38.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua05.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb27.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd51.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\ServerLauncher.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\HD2DS.exe"=
"c:\\Program Files\\EA Games\\Need for Speed Undercover\\nfs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TravianManager1.9.5\\TravianManager1.9.5\\TM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TeamViewer.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.2.2008 19:48 715248]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.10.2008 14:11 222968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP 2009\HideMyIpSrv.exe [22.11.2009 14:14 2347008]
R3 WFLR6654;WinFast DTV1800 H (Video);c:\windows\system32\drivers\wfeaglxt.sys [15.2.2008 18:21 393088]
S0 Winag38;Winag38;c:\windows\system32\Drivers\Winag38.sys --> c:\windows\system32\Drivers\Winag38.sys [?]
S0 Winbh38;Winbh38;c:\windows\system32\Drivers\Winbh38.sys --> c:\windows\system32\Drivers\Winbh38.sys [?]
S0 Windj63;Windj63;c:\windows\system32\Drivers\Windj63.sys --> c:\windows\system32\Drivers\Windj63.sys [?]
S0 Winek73;Winek73;c:\windows\system32\Drivers\Winek73.sys --> c:\windows\system32\Drivers\Winek73.sys [?]
S0 Winnt40;Winnt40;c:\windows\system32\drivers\Winnt40.sys [22.10.2008 5:02 31104]
S0 Winta38;Winta38;c:\windows\system32\Drivers\Winta38.sys --> c:\windows\system32\Drivers\Winta38.sys [?]
S0 Winua05;Winua05;c:\windows\system32\Drivers\Winua05.sys --> c:\windows\system32\Drivers\Winua05.sys [?]
S0 Winvb27;Winvb27;c:\windows\system32\Drivers\Winvb27.sys --> c:\windows\system32\Drivers\Winvb27.sys [?]
S0 Winwd51;Winwd51;c:\windows\system32\Drivers\Winwd51.sys --> c:\windows\system32\Drivers\Winwd51.sys [?]
S2 acnkjsx;Time Monitor;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ahjodyvw;Windows Boot;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 aordc;Update Time;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 cbsmy;Time Support;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 cyhldola;Driver Helper;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 edolngpt;Driver Monitor;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 fdrxu;Support Network;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 gupdate1c9b054971d2682;Služba Google Update (gupdate1c9b054971d2682);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2009 10:56 133104]
S2 gyyweexxg;Universal Server;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 iljgpeq;Image Security;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ilpkubpph;Center Server;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 jqjtnjgbw;System Shell;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 krsqpilbv;Manager Helper;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ksgugcz;Manager Helper;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 kvlyxzqs;Driver Security;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ldldfpvcs;Helper Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 lfbiajm;Center Config;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 lfgxnjl;Installer Driver;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 lhzici;Server Support;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 misgrzzf;xvpnou;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 mlursf;Update Config;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 mwmzf;Time Image;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 nxscoj;Driver Windows;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 odhvtixjj;Time Center;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ofphql;Time Boot;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ovjug;Image Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 qpxnynx;System Universal;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 qtyqgxpkb;Center Config;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 rdray;Helper Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 rujyabio;Center Config;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 snfzdx;Update Shell;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 sslrgxsm;Shell Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 tpuwqm;Installer Universal;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 trezr;Microsoft Network;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 vhfbu;Universal Task;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 xlpkx;Task Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 xoykk;Time Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 yljvpkjy;Shell Driver;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 yujxlo;Helper Center;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ywrmfvu;Boot Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 zfzdlfu;Center Windows;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 zgyaxuc;Time Windows;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S3 NetSpoolsvsDrv;NetSpoolsvsDrv;\??\c:\windows\system32\NetSpools.sys --> c:\windows\system32\NetSpools.sys [?]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [15.2.2008 18:25 9446]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - BWSHLOVI
*Deregistered* - bwshlovi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
misgrzzf
lfbiajm
lfgxnjl
zfzdlfu
vhfbu
gyyweexxg
acnkjsx
xlpkx
nxscoj
yljvpkjy
ofphql
edolngpt
odhvtixjj
snfzdx
sslrgxsm
lhzici
rujyabio
yujxlo
mlursf
krsqpilbv
ldldfpvcs
iljgpeq
ksgugcz
cyhldola
rdray
qpxnynx
jqjtnjgbw
qtyqgxpkb
mwmzf
zgyaxuc
tpuwqm
trezr
cbsmy
ovjug
kvlyxzqs
aordc
fdrxu
xoykk
ahjodyvw
ywrmfvu
ilpkubpph
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
2010-03-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 08:53
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys >>UNKNOWN [0x8A54A1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba12cfc3
\Driver\ACPI -> ACPI.sys @ 0xb9e69cb8
\Driver\atapi -> prosync1.sys @ 0xba5ae6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d1aba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d27b21
SendHandler -> NDIS.sys @ 0xb9d0587b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\acnkjsx]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ahjodyvw]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aordc]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbsmy]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cyhldola]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\edolngpt]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fdrxu]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gyyweexxg]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iljgpeq]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ilpkubpph]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jqjtnjgbw]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\krsqpilbv]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ksgugcz]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kvlyxzqs]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldldfpvcs]
"ServiceDll"="c:\program files\Movie Maker\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lfbiajm]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lfgxnjl]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lhzici]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\misgrzzf]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mlursf]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mwmzf]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nxscoj]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odhvtixjj]
"ServiceDll"="c:\program files\Internet Explorer\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ofphql]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovjug]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qpxnynx]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qtyqgxpkb]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdray]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rujyabio]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\snfzdx]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sslrgxsm]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tpuwqm]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trezr]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vhfbu]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xlpkx]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xoykk]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yljvpkjy]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yujxlo]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ywrmfvu]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zfzdlfu]
"ServiceDll"="c:\program files\Internet Explorer\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zgyaxuc]
"ServiceDll"="c:\windows\system32\xygnv.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:36,cb,25,c5,2f,97,d1,3e,99,0d,da,98,f6,63,1c,ee,60,77,8d,0d,13,
09,09,f9,34,f6,3f,72,87,bd,7b,b6,20,6e,8b,77,93,c8,44,3a,e1,60,6e,d5,2b,fb,\
"rkeysecu"=hex:ec,f6,7b,35,9a,5c,31,93,39,98,79,0b,23,26,2b,22
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\HMIPCore.dll
- - - - - - - > 'explorer.exe'(1864)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-07 08:57:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-07 07:57
Před spuštěním: Volných bajtů: 14 073 581 568
Po spuštění: Volných bajtů: 16 737 730 560
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 3A3F4F9E75041355E604EE824A6FE081
ComboFix 10-03-06.06 - j 07.03.2010 8:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.3070.2461 [GMT 1:00]
Spuštěný z: c:\documents and settings\j\Plocha\ComboFix.exe
AV: AVG 7.5.560 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\AutoRun.inf
c:\documents and settings\j\Local Settings\Temporary Internet Files\_tm20.tmp
c:\documents and settings\j\Local Settings\Temporary Internet Files\_tm3E.tmp
c:\documents and settings\j\Local Settings\Temporary Internet Files\_tm49.tmp
c:\documents and settings\j\Local Settings\Temporary Internet Files\stb06759.tmp
c:\windows\EventSystem.log
c:\windows\system32\ccfgn.dll
c:\windows\system32\drivers\bwshlovi.sys
c:\windows\system32\drivers\xtvjeibo.sys
c:\windows\system32\Dvbpws.dll
c:\windows\system32\twain_32.dll
c:\windows\wiaservb.log
F:\Autorun.inf
G:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BWSHLOVI
-------\Legacy_NETSPOOLSVS
-------\Service_bwshlovi
-------\Service_NetSpoolsvs
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-07 do 2010-03-07 )))))))))))))))))))))))))))))))
.
2010-03-06 21:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 21:19 . 2010-03-06 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 21:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 18:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-02 12:30 . 2010-03-02 12:30 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-03-01 15:51 . 2010-03-01 15:51 -------- d-----w- c:\program files\QuickTime
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Apple Software Update
2010-02-26 14:34 . 2010-02-26 15:35 -------- d-----w- C:\Fraps
2010-02-19 15:31 . 2010-02-19 15:31 -------- d-----w- c:\program files\Common Files\Skype
2010-02-18 20:40 . 2010-02-18 20:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 18:13 . 2009-09-16 12:27 -------- d-----w- c:\program files\Xfire
2010-02-24 08:16 . 2009-10-23 11:53 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 15:31 . 2008-10-26 14:36 -------- d-----r- c:\program files\Skype
2010-02-14 19:53 . 2008-10-15 15:26 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-14 19:53 . 2008-10-15 15:25 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-05 18:25 . 2008-10-26 14:36 -------- d-----w- c:\program files\Google
2010-02-02 20:18 . 2008-09-25 16:40 -------- d-----w- c:\program files\Microsoft Works
2010-02-02 15:03 . 2010-02-02 15:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-01 07:54 . 2010-02-01 07:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-23 12:53 . 2010-01-23 12:49 -------- d-----w- c:\program files\FlatOut2
2010-01-17 20:41 . 2010-01-14 15:17 -------- d-----w- c:\program files\TMbot
2010-01-05 09:58 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:57 . 2006-03-02 12:00 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2006-03-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:14 . 2006-03-02 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-18 10:03 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-12-18 10:03 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-12-17 08:00 . 2008-02-12 20:26 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:37 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:28 . 2006-03-02 12:00 2138112 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:28 . 2004-08-17 15:45 2017792 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856]
"Google Update"="c:\documents and settings\j\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-07-13 590848]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2009-07-13 219136]
c:\documents and settings\j\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=hex(1b8):45,78,70,6c,6f,72,65,72,2e,65,78,65
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winag38.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbh38.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj63.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winek73.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt40.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta38.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua05.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb27.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd51.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\ServerLauncher.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\HD2DS.exe"=
"c:\\Program Files\\EA Games\\Need for Speed Undercover\\nfs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TravianManager1.9.5\\TravianManager1.9.5\\TM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TeamViewer.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.2.2008 19:48 715248]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.10.2008 14:11 222968]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP 2009\HideMyIpSrv.exe [22.11.2009 14:14 2347008]
R3 WFLR6654;WinFast DTV1800 H (Video);c:\windows\system32\drivers\wfeaglxt.sys [15.2.2008 18:21 393088]
S0 Winag38;Winag38;c:\windows\system32\Drivers\Winag38.sys --> c:\windows\system32\Drivers\Winag38.sys [?]
S0 Winbh38;Winbh38;c:\windows\system32\Drivers\Winbh38.sys --> c:\windows\system32\Drivers\Winbh38.sys [?]
S0 Windj63;Windj63;c:\windows\system32\Drivers\Windj63.sys --> c:\windows\system32\Drivers\Windj63.sys [?]
S0 Winek73;Winek73;c:\windows\system32\Drivers\Winek73.sys --> c:\windows\system32\Drivers\Winek73.sys [?]
S0 Winnt40;Winnt40;c:\windows\system32\drivers\Winnt40.sys [22.10.2008 5:02 31104]
S0 Winta38;Winta38;c:\windows\system32\Drivers\Winta38.sys --> c:\windows\system32\Drivers\Winta38.sys [?]
S0 Winua05;Winua05;c:\windows\system32\Drivers\Winua05.sys --> c:\windows\system32\Drivers\Winua05.sys [?]
S0 Winvb27;Winvb27;c:\windows\system32\Drivers\Winvb27.sys --> c:\windows\system32\Drivers\Winvb27.sys [?]
S0 Winwd51;Winwd51;c:\windows\system32\Drivers\Winwd51.sys --> c:\windows\system32\Drivers\Winwd51.sys [?]
S2 acnkjsx;Time Monitor;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ahjodyvw;Windows Boot;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 aordc;Update Time;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 cbsmy;Time Support;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 cyhldola;Driver Helper;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 edolngpt;Driver Monitor;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 fdrxu;Support Network;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 gupdate1c9b054971d2682;Služba Google Update (gupdate1c9b054971d2682);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2009 10:56 133104]
S2 gyyweexxg;Universal Server;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 iljgpeq;Image Security;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ilpkubpph;Center Server;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 jqjtnjgbw;System Shell;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 krsqpilbv;Manager Helper;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ksgugcz;Manager Helper;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 kvlyxzqs;Driver Security;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ldldfpvcs;Helper Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 lfbiajm;Center Config;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 lfgxnjl;Installer Driver;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 lhzici;Server Support;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 misgrzzf;xvpnou;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 mlursf;Update Config;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 mwmzf;Time Image;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 nxscoj;Driver Windows;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 odhvtixjj;Time Center;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ofphql;Time Boot;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ovjug;Image Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 qpxnynx;System Universal;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 qtyqgxpkb;Center Config;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 rdray;Helper Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 rujyabio;Center Config;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 snfzdx;Update Shell;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 sslrgxsm;Shell Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 tpuwqm;Installer Universal;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 trezr;Microsoft Network;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 vhfbu;Universal Task;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 xlpkx;Task Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 xoykk;Time Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 yljvpkjy;Shell Driver;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 yujxlo;Helper Center;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 ywrmfvu;Boot Manager;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 zfzdlfu;Center Windows;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 zgyaxuc;Time Windows;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S3 NetSpoolsvsDrv;NetSpoolsvsDrv;\??\c:\windows\system32\NetSpools.sys --> c:\windows\system32\NetSpools.sys [?]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [15.2.2008 18:25 9446]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - BWSHLOVI
*Deregistered* - bwshlovi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
misgrzzf
lfbiajm
lfgxnjl
zfzdlfu
vhfbu
gyyweexxg
acnkjsx
xlpkx
nxscoj
yljvpkjy
ofphql
edolngpt
odhvtixjj
snfzdx
sslrgxsm
lhzici
rujyabio
yujxlo
mlursf
krsqpilbv
ldldfpvcs
iljgpeq
ksgugcz
cyhldola
rdray
qpxnynx
jqjtnjgbw
qtyqgxpkb
mwmzf
zgyaxuc
tpuwqm
trezr
cbsmy
ovjug
kvlyxzqs
aordc
fdrxu
xoykk
ahjodyvw
ywrmfvu
ilpkubpph
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
2010-03-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 08:53
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys >>UNKNOWN [0x8A54A1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba12cfc3
\Driver\ACPI -> ACPI.sys @ 0xb9e69cb8
\Driver\atapi -> prosync1.sys @ 0xba5ae6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d1aba0
PacketIndicateHandler -> NDIS.sys @ 0xb9d27b21
SendHandler -> NDIS.sys @ 0xb9d0587b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\acnkjsx]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ahjodyvw]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aordc]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbsmy]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cyhldola]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\edolngpt]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fdrxu]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gyyweexxg]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iljgpeq]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ilpkubpph]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jqjtnjgbw]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\krsqpilbv]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ksgugcz]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kvlyxzqs]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldldfpvcs]
"ServiceDll"="c:\program files\Movie Maker\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lfbiajm]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lfgxnjl]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lhzici]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\misgrzzf]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mlursf]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mwmzf]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nxscoj]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odhvtixjj]
"ServiceDll"="c:\program files\Internet Explorer\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ofphql]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovjug]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qpxnynx]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qtyqgxpkb]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdray]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rujyabio]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\snfzdx]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sslrgxsm]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tpuwqm]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trezr]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vhfbu]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xlpkx]
"ServiceDll"="c:\windows\system32\xygnv.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xoykk]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yljvpkjy]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yujxlo]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ywrmfvu]
"ServiceDll"="c:\windows\system32\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zfzdlfu]
"ServiceDll"="c:\program files\Internet Explorer\xygnv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zgyaxuc]
"ServiceDll"="c:\windows\system32\xygnv.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:36,cb,25,c5,2f,97,d1,3e,99,0d,da,98,f6,63,1c,ee,60,77,8d,0d,13,
09,09,f9,34,f6,3f,72,87,bd,7b,b6,20,6e,8b,77,93,c8,44,3a,e1,60,6e,d5,2b,fb,\
"rkeysecu"=hex:ec,f6,7b,35,9a,5c,31,93,39,98,79,0b,23,26,2b,22
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\HMIPCore.dll
- - - - - - - > 'explorer.exe'(1864)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-03-07 08:57:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-07 07:57
Před spuštěním: Volných bajtů: 14 073 581 568
Po spuštění: Volných bajtů: 16 737 730 560
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
- - End Of File - - 3A3F4F9E75041355E604EE824A6FE081
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Kontrola logu
Nejdříve si vypni Body obnovení. Cca po 2 minutách si je opět zapni.
To tam máš nějakou farmu na chov malware?
Mimochodem, po tom MbAM si povolil restart? Píše, že ty klíče smázne při restartu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\windows\system32\Drivers\Winag38.sys
c:\windows\system32\Drivers\Winbh38.sys
c:\windows\system32\Drivers\Windj63.sys
c:\windows\system32\Drivers\Winek73.sys
c:\windows\system32\drivers\Winnt40.sys
c:\windows\system32\Drivers\Winta38.sys
c:\windows\system32\Drivers\Winua05.sys
c:\windows\system32\Drivers\Winvb27.sys
c:\windows\system32\Drivers\Winwd51.sys
c:\windows\system32\NetSpools.sys
c:\program files\Movie Maker\xygnv.dll
c:\windows\system32\xygnv.dll"
c:\program files\Internet Explorer\xygnv.dll"
Driver::
NetSpoolsvsDrv;NetSpoolsvsDrv
NetSpoolsvsDrv
Winbh38
Winag38
Windj63
Winek73
Winnt40
Winta38
Winua05
Winvb27
Winwd51
acnkjsx;Time Monitor
acnkjsx
ahjodyvw;Windows Boot
ahjodyvw
aordc;Update Time
aordc
cbsmy;Time Support
cbsmy
cyhldola;Driver Helper
cyhldola
edolngpt;Driver Monitor
edolngpt
fdrxu;Support Network
fdrxu
gyyweexxg;Universal Server
gyyweexxg
iljgpeq;Image Security
iljgpeg
ilpkubpph;Center Server
ilpkubpph
jqjtnjgbw;System Shell
jqjtnjgbw
krsqpilbv;Manager Helper
krsqpilbv
ksgugcz;Manager Helper
ksgugcz
kvlyxzqs;Driver Security
kvlyxzqs
ldldfpvcs;Helper Manager
ldldfpvcs
lfbiajm;Center Config
lfbiajm
lfgxnjl;Installer Driver
lfgxnjl
lhzici;Server Support
lhzici
misgrzzf;xvpnou
misgrzzf
mlursf;Update Config
mlursf
mwmzf;Time Image
mwmzf
nxscoj;Driver Windows
nxscoj
odhvtixjj;Time Center
odhvtixjj
ofphql;Time Boot
ofphql
ovjug;Image Microsoft
ovjug
qpxnynx;System Universal
qpxnynx
qtyqgxpkb;Center Config
qtyqgxpkb
rdray;Helper Manager
rdray
rujyabio;Center Config
rujyabio
snfzdx;Update Shell
snfzdx
sslrgxsm;Shell Manager
sslrgxsm
tpuwqm;Installer Universal
tpuwqm
trezr;Microsoft Network
trezr
vhfbu;Universal Task
vhfbu
xlpkx;Task Manager
xlpkx
xoykk;Time Manager
xoykk
yljvpkjy;Shell Driver
yljvpkjy
yujxlo;Helper Center
yujxlo
ywrmfvu;Boot Manager
ywrmfvu
zfzdlfu;Center Windows
zfzdlfu
zgyaxuc;Time Windows
zgyaxuc
NetSvcs::
misgrzzf
lfbiajm
lfgxnjl
zfzdlfu
vhfbu
gyyweexxg
acnkjsx
xlpkx
nxscoj
yljvpkjy
ofphql
edolngpt
odhvtixjj
snfzdx
sslrgxsm
lhzici
rujyabio
yujxlo
mlursf
krsqpilbv
ldldfpvcs
iljgpeq
ksgugcz
cyhldola
rdray
qpxnynx
jqjtnjgbw
qtyqgxpkb
mwmzf
zgyaxuc
tpuwqm
trezr
cbsmy
ovjug
kvlyxzqs
aordc
fdrxu
xoykk
ahjodyvw
ywrmfvu
ilpkubpph
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winag38.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbh38.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj63.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winek73.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt40.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta38.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua05.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb27.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd51.sys]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\acnkjsx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ahjodyvw]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aordc]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbsmy]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cyhldola]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\edolngpt]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fdrxu]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gyyweexxg]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iljgpeq]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ilpkubpph]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jqjtnjgbw]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\krsqpilbv]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ksgugcz]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kvlyxzqs]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldldfpvcs]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lfbiajm]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lfgxnjl]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lhzici]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\misgrzzf]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mlursf]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mwmzf]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nxscoj]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odhvtixjj]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ofphql]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovjug]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qpxnynx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qtyqgxpkb]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdray]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rujyabio]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\snfzdx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sslrgxsm]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tpuwqm]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trezr]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vhfbu]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xlpkx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xoykk]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yljvpkjy]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yujxlo]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ywrmfvu]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zfzdlfu]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zgyaxuc]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 60 minut (u tebe-jinak je to 10-15 min). ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Pokud by si měl problém, ozvi se. Nerestartujz PC ručně! (pokud ti nepovím)
To tam máš nějakou farmu na chov malware?
Mimochodem, po tom MbAM si povolil restart? Píše, že ty klíče smázne při restartu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
File::
c:\windows\system32\Drivers\Winag38.sys
c:\windows\system32\Drivers\Winbh38.sys
c:\windows\system32\Drivers\Windj63.sys
c:\windows\system32\Drivers\Winek73.sys
c:\windows\system32\drivers\Winnt40.sys
c:\windows\system32\Drivers\Winta38.sys
c:\windows\system32\Drivers\Winua05.sys
c:\windows\system32\Drivers\Winvb27.sys
c:\windows\system32\Drivers\Winwd51.sys
c:\windows\system32\NetSpools.sys
c:\program files\Movie Maker\xygnv.dll
c:\windows\system32\xygnv.dll"
c:\program files\Internet Explorer\xygnv.dll"
Driver::
NetSpoolsvsDrv;NetSpoolsvsDrv
NetSpoolsvsDrv
Winbh38
Winag38
Windj63
Winek73
Winnt40
Winta38
Winua05
Winvb27
Winwd51
acnkjsx;Time Monitor
acnkjsx
ahjodyvw;Windows Boot
ahjodyvw
aordc;Update Time
aordc
cbsmy;Time Support
cbsmy
cyhldola;Driver Helper
cyhldola
edolngpt;Driver Monitor
edolngpt
fdrxu;Support Network
fdrxu
gyyweexxg;Universal Server
gyyweexxg
iljgpeq;Image Security
iljgpeg
ilpkubpph;Center Server
ilpkubpph
jqjtnjgbw;System Shell
jqjtnjgbw
krsqpilbv;Manager Helper
krsqpilbv
ksgugcz;Manager Helper
ksgugcz
kvlyxzqs;Driver Security
kvlyxzqs
ldldfpvcs;Helper Manager
ldldfpvcs
lfbiajm;Center Config
lfbiajm
lfgxnjl;Installer Driver
lfgxnjl
lhzici;Server Support
lhzici
misgrzzf;xvpnou
misgrzzf
mlursf;Update Config
mlursf
mwmzf;Time Image
mwmzf
nxscoj;Driver Windows
nxscoj
odhvtixjj;Time Center
odhvtixjj
ofphql;Time Boot
ofphql
ovjug;Image Microsoft
ovjug
qpxnynx;System Universal
qpxnynx
qtyqgxpkb;Center Config
qtyqgxpkb
rdray;Helper Manager
rdray
rujyabio;Center Config
rujyabio
snfzdx;Update Shell
snfzdx
sslrgxsm;Shell Manager
sslrgxsm
tpuwqm;Installer Universal
tpuwqm
trezr;Microsoft Network
trezr
vhfbu;Universal Task
vhfbu
xlpkx;Task Manager
xlpkx
xoykk;Time Manager
xoykk
yljvpkjy;Shell Driver
yljvpkjy
yujxlo;Helper Center
yujxlo
ywrmfvu;Boot Manager
ywrmfvu
zfzdlfu;Center Windows
zfzdlfu
zgyaxuc;Time Windows
zgyaxuc
NetSvcs::
misgrzzf
lfbiajm
lfgxnjl
zfzdlfu
vhfbu
gyyweexxg
acnkjsx
xlpkx
nxscoj
yljvpkjy
ofphql
edolngpt
odhvtixjj
snfzdx
sslrgxsm
lhzici
rujyabio
yujxlo
mlursf
krsqpilbv
ldldfpvcs
iljgpeq
ksgugcz
cyhldola
rdray
qpxnynx
jqjtnjgbw
qtyqgxpkb
mwmzf
zgyaxuc
tpuwqm
trezr
cbsmy
ovjug
kvlyxzqs
aordc
fdrxu
xoykk
ahjodyvw
ywrmfvu
ilpkubpph
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winag38.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbh38.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj63.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winek73.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnt40.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta38.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua05.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb27.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd51.sys]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\acnkjsx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ahjodyvw]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aordc]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbsmy]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cyhldola]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\edolngpt]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fdrxu]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gyyweexxg]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iljgpeq]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ilpkubpph]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jqjtnjgbw]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\krsqpilbv]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ksgugcz]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kvlyxzqs]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldldfpvcs]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lfbiajm]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lfgxnjl]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lhzici]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\misgrzzf]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mlursf]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mwmzf]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nxscoj]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odhvtixjj]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ofphql]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovjug]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qpxnynx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qtyqgxpkb]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdray]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rujyabio]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\snfzdx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sslrgxsm]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tpuwqm]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trezr]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vhfbu]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xlpkx]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xoykk]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yljvpkjy]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yujxlo]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ywrmfvu]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zfzdlfu]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zgyaxuc]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 60 minut (u tebe-jinak je to 10-15 min). ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Pokud by si měl problém, ozvi se. Nerestartujz PC ručně! (pokud ti nepovím)
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Kontrola logu
oprava trvala tak necelých 10 minut a odstranilo to tak 1 nebo 2 věci... 
ComboFix 10-03-06.06 - j 07.03.2010 13:01:10.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2547 [GMT 1:00]
Spuštěný z: c:\documents and settings\j\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\j\Plocha\CFScript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FILE ::
"c:\program files\Internet Explorer\xygnv.dll"
"c:\program files\Movie Maker\xygnv.dll"
"c:\windows\system32\Drivers\Winag38.sys"
"c:\windows\system32\Drivers\Winbh38.sys"
"c:\windows\system32\Drivers\Windj63.sys"
"c:\windows\system32\Drivers\Winek73.sys"
"c:\windows\system32\drivers\Winnt40.sys"
"c:\windows\system32\Drivers\Winta38.sys"
"c:\windows\system32\Drivers\Winua05.sys"
"c:\windows\system32\Drivers\Winvb27.sys"
"c:\windows\system32\Drivers\Winwd51.sys"
"c:\windows\system32\NetSpools.sys"
"c:\windows\system32\xygnv.dll"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\Winnt40.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACNKJSX
-------\Legacy_AHJODYVW
-------\Legacy_AORDC
-------\Legacy_CBSMY
-------\Legacy_CYHLDOLA
-------\Legacy_EDOLNGPT
-------\Legacy_FDRXU
-------\Legacy_GYYWEEXXG
-------\Legacy_ILPKUBPPH
-------\Legacy_JQJTNJGBW
-------\Legacy_KRSQPILBV
-------\Legacy_KSGUGCZ
-------\Legacy_KVLYXZQS
-------\Legacy_LDLDFPVCS
-------\Legacy_LFBIAJM
-------\Legacy_LFGXNJL
-------\Legacy_LHZICI
-------\Legacy_MISGRZZF
-------\Legacy_MLURSF
-------\Legacy_MWMZF
-------\Legacy_NETSPOOLSVSDRV
-------\Legacy_NXSCOJ
-------\Legacy_ODHVTIXJJ
-------\Legacy_OFPHQL
-------\Legacy_OVJUG
-------\Legacy_QPXNYNX
-------\Legacy_QTYQGXPKB
-------\Legacy_RDRAY
-------\Legacy_RUJYABIO
-------\Legacy_SNFZDX
-------\Legacy_SSLRGXSM
-------\Legacy_TPUWQM
-------\Legacy_TREZR
-------\Legacy_VHFBU
-------\Legacy_WINNT40
-------\Legacy_XLPKX
-------\Legacy_XOYKK
-------\Legacy_YLJVPKJY
-------\Legacy_YUJXLO
-------\Legacy_YWRMFVU
-------\Legacy_ZFZDLFU
-------\Legacy_ZGYAXUC
-------\Service_acnkjsx
-------\Service_ahjodyvw
-------\Service_aordc
-------\Service_cbsmy
-------\Service_cyhldola
-------\Service_edolngpt
-------\Service_fdrxu
-------\Service_gyyweexxg
-------\Service_ilpkubpph
-------\Service_jqjtnjgbw
-------\Service_krsqpilbv
-------\Service_ksgugcz
-------\Service_kvlyxzqs
-------\Service_ldldfpvcs
-------\Service_lfbiajm
-------\Service_lfgxnjl
-------\Service_lhzici
-------\Service_misgrzzf
-------\Service_mlursf
-------\Service_mwmzf
-------\Service_NetSpoolsvsDrv
-------\Service_nxscoj
-------\Service_odhvtixjj
-------\Service_ofphql
-------\Service_ovjug
-------\Service_qpxnynx
-------\Service_qtyqgxpkb
-------\Service_rdray
-------\Service_rujyabio
-------\Service_snfzdx
-------\Service_sslrgxsm
-------\Service_tpuwqm
-------\Service_trezr
-------\Service_vhfbu
-------\Service_Winag38
-------\Service_Winbh38
-------\Service_Windj63
-------\Service_Winek73
-------\Service_Winnt40
-------\Service_Winta38
-------\Service_Winua05
-------\Service_Winvb27
-------\Service_Winwd51
-------\Service_xlpkx
-------\Service_xoykk
-------\Service_yljvpkjy
-------\Service_yujxlo
-------\Service_ywrmfvu
-------\Service_zfzdlfu
-------\Service_zgyaxuc
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-07 do 2010-03-07 )))))))))))))))))))))))))))))))
.
2010-03-07 09:46 . 2010-03-07 09:46 -------- d-sh--w- c:\documents and settings\j\IETldCache
2010-03-07 09:42 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-07 09:42 . 2010-03-07 09:42 -------- d-----w- c:\windows\ie8updates
2010-03-07 09:41 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-07 09:41 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-07 09:40 . 2010-03-07 09:41 -------- dc-h--w- c:\windows\ie8
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\system32\cs
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\system32\bits
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\l2schemas
2010-03-07 09:17 . 2010-03-07 09:17 -------- d-----w- c:\windows\EHome
2010-03-07 09:08 . 2010-03-07 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-07 08:57 . 2010-03-07 08:57 -------- d-----w- C:\$AVG
2010-03-07 08:57 . 2010-03-07 09:08 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-07 08:57 . 2010-03-07 09:08 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-07 08:57 . 2010-03-07 09:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-07 08:57 . 2010-03-07 09:08 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-07 08:57 . 2010-03-07 08:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-07 08:56 . 2010-03-07 08:56 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-07 08:56 . 2010-03-07 08:56 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-07 08:56 . 2010-03-07 08:56 -------- d-----w- c:\program files\AVG
2010-03-06 21:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 21:19 . 2010-03-06 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 21:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 18:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-02 12:30 . 2010-03-02 12:30 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-03-01 15:51 . 2010-03-01 15:51 -------- d-----w- c:\program files\QuickTime
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Apple Software Update
2010-02-26 14:34 . 2010-02-26 15:35 -------- d-----w- C:\Fraps
2010-02-19 15:31 . 2010-02-19 15:31 -------- d-----w- c:\program files\Common Files\Skype
2010-02-18 20:40 . 2010-02-18 20:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 11:01 . 2008-10-15 15:26 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-07 11:01 . 2008-10-15 15:25 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-07 09:24 . 2008-02-12 20:29 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-07 09:24 . 2008-02-12 20:29 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-04 18:13 . 2009-09-16 12:27 -------- d-----w- c:\program files\Xfire
2010-02-24 08:16 . 2009-10-23 11:53 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 15:31 . 2008-10-26 14:36 -------- d-----r- c:\program files\Skype
2010-02-05 18:25 . 2008-10-26 14:36 -------- d-----w- c:\program files\Google
2010-02-02 20:18 . 2008-09-25 16:40 -------- d-----w- c:\program files\Microsoft Works
2010-02-02 15:03 . 2010-02-02 15:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-01 07:54 . 2010-02-01 07:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-23 12:53 . 2010-01-23 12:49 -------- d-----w- c:\program files\FlatOut2
2010-01-17 20:41 . 2010-01-14 15:17 -------- d-----w- c:\program files\TMbot
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 10:03 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-12-18 10:03 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-12-17 07:42 . 2008-02-12 20:26 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2006-03-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856]
"Google Update"="c:\documents and settings\j\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\j\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-07 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\ServerLauncher.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\HD2DS.exe"=
"c:\\Program Files\\EA Games\\Need for Speed Undercover\\nfs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TravianManager1.9.5\\TravianManager1.9.5\\TM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TeamViewer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7.3.2010 9:57 52872]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.2.2008 19:48 715248]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7.3.2010 9:57 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7.3.2010 9:57 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7.3.2010 10:08 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7.3.2010 10:08 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7.3.2010 10:08 2325816]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.10.2008 14:11 222968]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7.3.2010 9:56 30104]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP 2009\HideMyIpSrv.exe [22.11.2009 14:14 2347008]
R3 WFLR6654;WinFast DTV1800 H (Video);c:\windows\system32\drivers\wfeaglxt.sys [15.2.2008 18:21 393088]
S2 gupdate1c9b054971d2682;Služba Google Update (gupdate1c9b054971d2682);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2009 10:56 133104]
S2 iljgpeq;Image Security;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7.3.2010 9:56 30104]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [15.2.2008 18:25 9446]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iljgpeq
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 13:08
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys atapi.sys spnk.sys >>UNKNOWN [0x8ACA9944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e69cb8
\Driver\atapi -> prosync1.sys @ 0xba5ae6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d1abb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d27a21
SendHandler -> NDIS.sys @ 0xb9d0587b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iljgpeq]
"ServiceDll"="c:\windows\system32\xygnv.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:50,d1,11,00,56,7f,f7,43,55,23,30,ea,a9,c4,50,0b,ce,fc,13,94,a7,
7c,68,de,ad,3b,b7,17,e4,dc,7e,38,51,0d,0f,23,92,e4,20,48,33,31,11,3e,f2,43,\
"rkeysecu"=hex:1c,dc,ee,b7,91,cf,61,ba,b6,1d,89,4d,17,eb,85,66
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\HMIPCore.dll
- - - - - - - > 'explorer.exe'(1728)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-03-07 13:11:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-07 12:11
ComboFix2.txt 2010-03-07 07:57
Před spuštěním: Volných bajtů: 21 317 533 696
Po spuštění: Volných bajtů: 21 285 580 800
- - End Of File - - 7F8D99796B418C105393EB4319D5A6FF
ComboFix 10-03-06.06 - j 07.03.2010 13:01:10.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2547 [GMT 1:00]
Spuštěný z: c:\documents and settings\j\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\j\Plocha\CFScript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FILE ::
"c:\program files\Internet Explorer\xygnv.dll"
"c:\program files\Movie Maker\xygnv.dll"
"c:\windows\system32\Drivers\Winag38.sys"
"c:\windows\system32\Drivers\Winbh38.sys"
"c:\windows\system32\Drivers\Windj63.sys"
"c:\windows\system32\Drivers\Winek73.sys"
"c:\windows\system32\drivers\Winnt40.sys"
"c:\windows\system32\Drivers\Winta38.sys"
"c:\windows\system32\Drivers\Winua05.sys"
"c:\windows\system32\Drivers\Winvb27.sys"
"c:\windows\system32\Drivers\Winwd51.sys"
"c:\windows\system32\NetSpools.sys"
"c:\windows\system32\xygnv.dll"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\Winnt40.sys
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ACNKJSX
-------\Legacy_AHJODYVW
-------\Legacy_AORDC
-------\Legacy_CBSMY
-------\Legacy_CYHLDOLA
-------\Legacy_EDOLNGPT
-------\Legacy_FDRXU
-------\Legacy_GYYWEEXXG
-------\Legacy_ILPKUBPPH
-------\Legacy_JQJTNJGBW
-------\Legacy_KRSQPILBV
-------\Legacy_KSGUGCZ
-------\Legacy_KVLYXZQS
-------\Legacy_LDLDFPVCS
-------\Legacy_LFBIAJM
-------\Legacy_LFGXNJL
-------\Legacy_LHZICI
-------\Legacy_MISGRZZF
-------\Legacy_MLURSF
-------\Legacy_MWMZF
-------\Legacy_NETSPOOLSVSDRV
-------\Legacy_NXSCOJ
-------\Legacy_ODHVTIXJJ
-------\Legacy_OFPHQL
-------\Legacy_OVJUG
-------\Legacy_QPXNYNX
-------\Legacy_QTYQGXPKB
-------\Legacy_RDRAY
-------\Legacy_RUJYABIO
-------\Legacy_SNFZDX
-------\Legacy_SSLRGXSM
-------\Legacy_TPUWQM
-------\Legacy_TREZR
-------\Legacy_VHFBU
-------\Legacy_WINNT40
-------\Legacy_XLPKX
-------\Legacy_XOYKK
-------\Legacy_YLJVPKJY
-------\Legacy_YUJXLO
-------\Legacy_YWRMFVU
-------\Legacy_ZFZDLFU
-------\Legacy_ZGYAXUC
-------\Service_acnkjsx
-------\Service_ahjodyvw
-------\Service_aordc
-------\Service_cbsmy
-------\Service_cyhldola
-------\Service_edolngpt
-------\Service_fdrxu
-------\Service_gyyweexxg
-------\Service_ilpkubpph
-------\Service_jqjtnjgbw
-------\Service_krsqpilbv
-------\Service_ksgugcz
-------\Service_kvlyxzqs
-------\Service_ldldfpvcs
-------\Service_lfbiajm
-------\Service_lfgxnjl
-------\Service_lhzici
-------\Service_misgrzzf
-------\Service_mlursf
-------\Service_mwmzf
-------\Service_NetSpoolsvsDrv
-------\Service_nxscoj
-------\Service_odhvtixjj
-------\Service_ofphql
-------\Service_ovjug
-------\Service_qpxnynx
-------\Service_qtyqgxpkb
-------\Service_rdray
-------\Service_rujyabio
-------\Service_snfzdx
-------\Service_sslrgxsm
-------\Service_tpuwqm
-------\Service_trezr
-------\Service_vhfbu
-------\Service_Winag38
-------\Service_Winbh38
-------\Service_Windj63
-------\Service_Winek73
-------\Service_Winnt40
-------\Service_Winta38
-------\Service_Winua05
-------\Service_Winvb27
-------\Service_Winwd51
-------\Service_xlpkx
-------\Service_xoykk
-------\Service_yljvpkjy
-------\Service_yujxlo
-------\Service_ywrmfvu
-------\Service_zfzdlfu
-------\Service_zgyaxuc
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-07 do 2010-03-07 )))))))))))))))))))))))))))))))
.
2010-03-07 09:46 . 2010-03-07 09:46 -------- d-sh--w- c:\documents and settings\j\IETldCache
2010-03-07 09:42 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-07 09:42 . 2010-03-07 09:42 -------- d-----w- c:\windows\ie8updates
2010-03-07 09:41 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-07 09:41 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-07 09:40 . 2010-03-07 09:41 -------- dc-h--w- c:\windows\ie8
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\system32\cs
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\system32\bits
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\l2schemas
2010-03-07 09:17 . 2010-03-07 09:17 -------- d-----w- c:\windows\EHome
2010-03-07 09:08 . 2010-03-07 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-07 08:57 . 2010-03-07 08:57 -------- d-----w- C:\$AVG
2010-03-07 08:57 . 2010-03-07 09:08 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-07 08:57 . 2010-03-07 09:08 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-07 08:57 . 2010-03-07 09:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-07 08:57 . 2010-03-07 09:08 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-07 08:57 . 2010-03-07 08:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-07 08:56 . 2010-03-07 08:56 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-07 08:56 . 2010-03-07 08:56 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-07 08:56 . 2010-03-07 08:56 -------- d-----w- c:\program files\AVG
2010-03-06 21:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 21:19 . 2010-03-06 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 21:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 18:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-02 12:30 . 2010-03-02 12:30 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-03-01 15:51 . 2010-03-01 15:51 -------- d-----w- c:\program files\QuickTime
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Apple Software Update
2010-02-26 14:34 . 2010-02-26 15:35 -------- d-----w- C:\Fraps
2010-02-19 15:31 . 2010-02-19 15:31 -------- d-----w- c:\program files\Common Files\Skype
2010-02-18 20:40 . 2010-02-18 20:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 11:01 . 2008-10-15 15:26 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-07 11:01 . 2008-10-15 15:25 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-07 09:24 . 2008-02-12 20:29 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-07 09:24 . 2008-02-12 20:29 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-04 18:13 . 2009-09-16 12:27 -------- d-----w- c:\program files\Xfire
2010-02-24 08:16 . 2009-10-23 11:53 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 15:31 . 2008-10-26 14:36 -------- d-----r- c:\program files\Skype
2010-02-05 18:25 . 2008-10-26 14:36 -------- d-----w- c:\program files\Google
2010-02-02 20:18 . 2008-09-25 16:40 -------- d-----w- c:\program files\Microsoft Works
2010-02-02 15:03 . 2010-02-02 15:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-01 07:54 . 2010-02-01 07:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-23 12:53 . 2010-01-23 12:49 -------- d-----w- c:\program files\FlatOut2
2010-01-17 20:41 . 2010-01-14 15:17 -------- d-----w- c:\program files\TMbot
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 10:03 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2009-12-18 10:03 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2009-12-17 07:42 . 2008-02-12 20:26 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2006-03-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856]
"Google Update"="c:\documents and settings\j\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\j\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-07 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\ServerLauncher.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\HD2DS.exe"=
"c:\\Program Files\\EA Games\\Need for Speed Undercover\\nfs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TravianManager1.9.5\\TravianManager1.9.5\\TM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TeamViewer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7.3.2010 9:57 52872]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.2.2008 19:48 715248]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7.3.2010 9:57 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7.3.2010 9:57 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7.3.2010 10:08 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7.3.2010 10:08 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7.3.2010 10:08 2325816]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.10.2008 14:11 222968]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7.3.2010 9:56 30104]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP 2009\HideMyIpSrv.exe [22.11.2009 14:14 2347008]
R3 WFLR6654;WinFast DTV1800 H (Video);c:\windows\system32\drivers\wfeaglxt.sys [15.2.2008 18:21 393088]
S2 gupdate1c9b054971d2682;Služba Google Update (gupdate1c9b054971d2682);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2009 10:56 133104]
S2 iljgpeq;Image Security;c:\windows\system32\svchost.exe -k netsvcs [2.3.2006 13:00 14336]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7.3.2010 9:56 30104]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [15.2.2008 18:25 9446]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iljgpeq
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 13:08
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys atapi.sys spnk.sys >>UNKNOWN [0x8ACA9944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e69cb8
\Driver\atapi -> prosync1.sys @ 0xba5ae6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d1abb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d27a21
SendHandler -> NDIS.sys @ 0xb9d0587b
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iljgpeq]
"ServiceDll"="c:\windows\system32\xygnv.dll"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:50,d1,11,00,56,7f,f7,43,55,23,30,ea,a9,c4,50,0b,ce,fc,13,94,a7,
7c,68,de,ad,3b,b7,17,e4,dc,7e,38,51,0d,0f,23,92,e4,20,48,33,31,11,3e,f2,43,\
"rkeysecu"=hex:1c,dc,ee,b7,91,cf,61,ba,b6,1d,89,4d,17,eb,85,66
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\HMIPCore.dll
- - - - - - - > 'explorer.exe'(1728)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-03-07 13:11:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-07 12:11
ComboFix2.txt 2010-03-07 07:57
Před spuštěním: Volných bajtů: 21 317 533 696
Po spuštění: Volných bajtů: 21 285 580 800
- - End Of File - - 7F8D99796B418C105393EB4319D5A6FF
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Kontrola logu
No už se ti tam trocha světla na konci tunelu objevilo... AVG sis tam dávat nemusel, jsou lepší antiviry,ale budiž
Ještě jeden skript:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
KillAll::
File::
c:\windows\system32\xygnv.dll
Driver::
iljgpeq;Image Security
iljgpeq
NetSvcs::
iljgpeq
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iljgpeq]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Ještě jeden skript:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
KillAll::
File::
c:\windows\system32\xygnv.dll
Driver::
iljgpeq;Image Security
iljgpeq
NetSvcs::
iljgpeq
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iljgpeq]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Kontrola logu
vše jsem udělal....nechal ho pracovat....to je vše nebo ještě něco je za potřebí udělat...?
ComboFix 10-03-06.06 - j 07.03.2010 19:03:32.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2533 [GMT 1:00]
Spuštěný z: c:\documents and settings\j\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\j\Plocha\CFScript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FILE ::
"c:\windows\system32\xygnv.dll"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ILJGPEQ
-------\Service_iljgpeq
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-07 do 2010-03-07 )))))))))))))))))))))))))))))))
.
2010-03-07 09:46 . 2010-03-07 09:46 -------- d-sh--w- c:\documents and settings\j\IETldCache
2010-03-07 09:42 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-07 09:42 . 2010-03-07 09:42 -------- d-----w- c:\windows\ie8updates
2010-03-07 09:41 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-07 09:41 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-07 09:40 . 2010-03-07 09:41 -------- dc-h--w- c:\windows\ie8
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\system32\cs
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\system32\bits
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\l2schemas
2010-03-07 09:17 . 2010-03-07 09:17 -------- d-----w- c:\windows\EHome
2010-03-07 09:08 . 2010-03-07 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-07 08:57 . 2010-03-07 08:57 -------- d-----w- C:\$AVG
2010-03-07 08:57 . 2010-03-07 09:08 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-07 08:57 . 2010-03-07 09:08 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-07 08:57 . 2010-03-07 09:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-07 08:57 . 2010-03-07 09:08 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-07 08:57 . 2010-03-07 12:23 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-07 08:56 . 2010-03-07 08:56 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-07 08:56 . 2010-03-07 08:56 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-07 08:56 . 2010-03-07 08:56 -------- d-----w- c:\program files\AVG
2010-03-06 21:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 21:19 . 2010-03-06 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 21:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 18:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-02 12:30 . 2010-03-02 12:30 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-03-01 15:51 . 2010-03-01 15:51 -------- d-----w- c:\program files\QuickTime
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Apple Software Update
2010-02-26 14:34 . 2010-02-26 15:35 -------- d-----w- C:\Fraps
2010-02-19 15:31 . 2010-02-19 15:31 -------- d-----w- c:\program files\Common Files\Skype
2010-02-18 20:40 . 2010-02-18 20:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 18:05 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-03-07 18:05 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-03-07 11:01 . 2008-10-15 15:26 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-07 11:01 . 2008-10-15 15:25 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-07 09:24 . 2008-02-12 20:29 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-07 09:24 . 2008-02-12 20:29 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-04 18:13 . 2009-09-16 12:27 -------- d-----w- c:\program files\Xfire
2010-02-24 08:16 . 2009-10-23 11:53 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 15:31 . 2008-10-26 14:36 -------- d-----r- c:\program files\Skype
2010-02-05 18:25 . 2008-10-26 14:36 -------- d-----w- c:\program files\Google
2010-02-02 20:18 . 2008-09-25 16:40 -------- d-----w- c:\program files\Microsoft Works
2010-02-02 15:03 . 2010-02-02 15:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-01 07:54 . 2010-02-01 07:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-23 12:53 . 2010-01-23 12:49 -------- d-----w- c:\program files\FlatOut2
2010-01-17 20:41 . 2010-01-14 15:17 -------- d-----w- c:\program files\TMbot
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-02-12 20:26 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2006-03-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856]
"Google Update"="c:\documents and settings\j\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\j\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-07 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\ServerLauncher.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\HD2DS.exe"=
"c:\\Program Files\\EA Games\\Need for Speed Undercover\\nfs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TravianManager1.9.5\\TravianManager1.9.5\\TM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TeamViewer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7.3.2010 9:57 52872]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.2.2008 19:48 715248]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7.3.2010 9:57 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7.3.2010 9:57 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7.3.2010 10:08 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7.3.2010 10:08 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7.3.2010 10:08 2325816]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.10.2008 14:11 222968]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7.3.2010 9:56 30104]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP 2009\HideMyIpSrv.exe [22.11.2009 14:14 2347008]
R3 WFLR6654;WinFast DTV1800 H (Video);c:\windows\system32\drivers\wfeaglxt.sys [15.2.2008 18:21 393088]
S2 gupdate1c9b054971d2682;Služba Google Update (gupdate1c9b054971d2682);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2009 10:56 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7.3.2010 9:56 30104]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [15.2.2008 18:25 9446]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 19:09
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys atapi.sys sprg.sys >>UNKNOWN [0x8ACAC944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e69cb8
\Driver\atapi -> prosync1.sys @ 0xba5ae6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d1abb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d27a21
SendHandler -> NDIS.sys @ 0xb9d0587b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:50,d1,11,00,56,7f,f7,43,55,23,30,ea,a9,c4,50,0b,ce,fc,13,94,a7,
7c,68,de,ad,3b,b7,17,e4,dc,7e,38,51,0d,0f,23,92,e4,20,48,33,31,11,3e,f2,43,\
"rkeysecu"=hex:1c,dc,ee,b7,91,cf,61,ba,b6,1d,89,4d,17,eb,85,66
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\HMIPCore.dll
- - - - - - - > 'explorer.exe'(3648)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-07 19:13:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-07 18:13
ComboFix2.txt 2010-03-07 12:11
ComboFix3.txt 2010-03-07 07:57
Před spuštěním: Volných bajtů: 21 207 789 568
Po spuštění: Volných bajtů: 21 168 750 592
- - End Of File - - A3DC2CF18621F475804803CA5B5EDDEF
ComboFix 10-03-06.06 - j 07.03.2010 19:03:32.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3070.2533 [GMT 1:00]
Spuštěný z: c:\documents and settings\j\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\j\Plocha\CFScript.txt
AV: AVG Anti-Virus plus Firewall *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FILE ::
"c:\windows\system32\xygnv.dll"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ILJGPEQ
-------\Service_iljgpeq
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-07 do 2010-03-07 )))))))))))))))))))))))))))))))
.
2010-03-07 09:46 . 2010-03-07 09:46 -------- d-sh--w- c:\documents and settings\j\IETldCache
2010-03-07 09:42 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-07 09:42 . 2010-03-07 09:42 -------- d-----w- c:\windows\ie8updates
2010-03-07 09:41 . 2009-12-21 19:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-07 09:41 . 2009-12-21 19:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-07 09:40 . 2010-03-07 09:41 -------- dc-h--w- c:\windows\ie8
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\system32\cs
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\system32\bits
2010-03-07 09:23 . 2010-03-07 09:23 -------- d-----w- c:\windows\l2schemas
2010-03-07 09:17 . 2010-03-07 09:17 -------- d-----w- c:\windows\EHome
2010-03-07 09:08 . 2010-03-07 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-07 08:57 . 2010-03-07 08:57 -------- d-----w- C:\$AVG
2010-03-07 08:57 . 2010-03-07 09:08 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-07 08:57 . 2010-03-07 09:08 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-07 08:57 . 2010-03-07 09:08 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-07 08:57 . 2010-03-07 09:08 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-07 08:57 . 2010-03-07 12:23 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-07 08:56 . 2010-03-07 08:56 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-03-07 08:56 . 2010-03-07 08:56 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-03-07 08:56 . 2010-03-07 08:56 -------- d-----w- c:\program files\AVG
2010-03-06 21:19 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 21:19 . 2010-03-06 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-06 21:19 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 18:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-02 12:30 . 2010-03-02 12:30 -------- d-----w- c:\program files\PhotoFiltre Studio X
2010-03-01 15:51 . 2010-03-01 15:51 -------- d-----w- c:\program files\QuickTime
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Common Files\Apple
2010-03-01 15:50 . 2010-03-01 15:50 -------- d-----w- c:\program files\Apple Software Update
2010-02-26 14:34 . 2010-02-26 15:35 -------- d-----w- C:\Fraps
2010-02-19 15:31 . 2010-02-19 15:31 -------- d-----w- c:\program files\Common Files\Skype
2010-02-18 20:40 . 2010-02-18 20:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-11 03:16 . 2010-02-11 03:16 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 18:05 . 2006-03-02 12:00 78052 ----a-w- c:\windows\system32\perfc005.dat
2010-03-07 18:05 . 2006-03-02 12:00 429024 ----a-w- c:\windows\system32\perfh005.dat
2010-03-07 11:01 . 2008-10-15 15:26 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-07 11:01 . 2008-10-15 15:25 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-07 09:24 . 2008-02-12 20:29 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-07 09:24 . 2008-02-12 20:29 2684 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-03-04 18:13 . 2009-09-16 12:27 -------- d-----w- c:\program files\Xfire
2010-02-24 08:16 . 2009-10-23 11:53 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 15:31 . 2008-10-26 14:36 -------- d-----r- c:\program files\Skype
2010-02-05 18:25 . 2008-10-26 14:36 -------- d-----w- c:\program files\Google
2010-02-02 20:18 . 2008-09-25 16:40 -------- d-----w- c:\program files\Microsoft Works
2010-02-02 15:03 . 2010-02-02 15:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-01 07:54 . 2010-02-01 07:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-23 12:53 . 2010-01-23 12:49 -------- d-----w- c:\program files\FlatOut2
2010-01-17 20:41 . 2010-01-14 15:17 -------- d-----w- c:\program files\TMbot
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-02-12 20:26 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2006-03-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-29 486856]
"Google Update"="c:\documents and settings\j\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-10-31 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 111928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\j\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-07 09:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WinFast\\WFDTV\\DVBTAP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\hd2.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\ServerLauncher.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\HD2DS.exe"=
"c:\\Program Files\\EA Games\\Need for Speed Undercover\\nfs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TravianManager1.9.5\\TravianManager1.9.5\\TM.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\j\\Plocha\\moje složka\\TeamViewer.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7.3.2010 9:57 52872]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 13:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.2.2008 19:48 715248]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7.3.2010 9:57 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7.3.2010 9:57 242696]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7.3.2010 10:08 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7.3.2010 10:08 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7.3.2010 10:08 2325816]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9.10.2008 14:11 222968]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7.3.2010 9:56 30104]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP 2009\HideMyIpSrv.exe [22.11.2009 14:14 2347008]
R3 WFLR6654;WinFast DTV1800 H (Video);c:\windows\system32\drivers\wfeaglxt.sys [15.2.2008 18:21 393088]
S2 gupdate1c9b054971d2682;Služba Google Update (gupdate1c9b054971d2682);c:\program files\Google\Update\GoogleUpdate.exe [29.3.2009 10:56 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7.3.2010 9:56 30104]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [15.2.2008 18:25 9446]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 11:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 09:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\HMIPCore.dll
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 19:09
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys atapi.sys sprg.sys >>UNKNOWN [0x8ACAC944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba11cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e69cb8
\Driver\atapi -> prosync1.sys @ 0xba5ae6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9d1abb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d27a21
SendHandler -> NDIS.sys @ 0xb9d0587b
user & kernel MBR OK
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1659004503-926492609-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:50,d1,11,00,56,7f,f7,43,55,23,30,ea,a9,c4,50,0b,ce,fc,13,94,a7,
7c,68,de,ad,3b,b7,17,e4,dc,7e,38,51,0d,0f,23,92,e4,20,48,33,31,11,3e,f2,43,\
"rkeysecu"=hex:1c,dc,ee,b7,91,cf,61,ba,b6,1d,89,4d,17,eb,85,66
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1028)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\HMIPCore.dll
- - - - - - - > 'explorer.exe'(3648)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-07 19:13:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-07 18:13
ComboFix2.txt 2010-03-07 12:11
ComboFix3.txt 2010-03-07 07:57
Před spuštěním: Volných bajtů: 21 207 789 568
Po spuštění: Volných bajtů: 21 168 750 592
- - End Of File - - A3DC2CF18621F475804803CA5B5EDDEF
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Kontrola logu
Odinstaluj si ICQ6Toolbar a už si nikdy nic podobné neinstaluj.
Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall
Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)
(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj
Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall
Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)
(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Kontrola logu
vše je uděláno...pošlu ti ty logy na 2x ať je rozeznáš.... 
OTL logfile created on: 7.3.2010 20:11:34 - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\j\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65,04 Gb Total Space | 20,00 Gb Free Space | 30,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 130,65 Gb Total Space | 130,46 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
Drive G: | 102,40 Gb Total Space | 102,32 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: J-55E921BC82104
Current User Name: j
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\j\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe (My Privacy Tools, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\j\Plocha\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe (My Privacy Tools, Inc.)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (WFLR6654) WinFast DTV1800 H (Video) -- C:\WINDOWS\system32\drivers\wfeaglxt.sys (Leadtek Research Inc.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (WFIOCTL) -- C:\Program Files\WinFast\WFDTV\WFIOCTL.sys (Leadtek Research Inc.)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|http://eu.ask.com?o=14672&l=dis"
FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.4.0.4340
FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:1.5.0.850
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: ""
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.13 11:15:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.08.15 17:45:25 | 000,000,000 | ---D | M]
[2009.09.10 16:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Mozilla\Extensions
[2009.09.10 16:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\j\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.11.25 19:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\extensions
[2009.09.13 18:09:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.14 11:13:26 | 000,002,235 | ---- | M] () -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\searchplugins\askcom.xml
[2009.11.20 17:08:51 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\searchplugins\icqplugin-1.xml
[2009.11.08 12:16:20 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\searchplugins\icqplugin-2.xml
[2009.11.20 20:25:28 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\searchplugins\icqplugin-3.xml
[2009.10.26 17:14:32 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\searchplugins\icqplugin.xml
[2009.11.26 17:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.15 16:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.15 17:45:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009.11.22 14:14:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2009.05.01 22:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009.08.15 17:45:25 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009.05.12 19:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2006.10.26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007.05.10 22:52:00 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009.02.02 17:15:00 | 003,771,296 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2009.05.01 22:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
O1 HOSTS File: ([2010.03.07 19:09:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\j\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\j\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\j\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\j\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010.03.07 20:07:22 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\j\Plocha\OTL.exe
[2010.03.07 19:59:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.07 19:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.03.07 10:46:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\j\IETldCache
[2010.03.07 10:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.03.07 10:40:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.03.07 10:33:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.03.07 10:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.03.07 10:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs
[2010.03.07 10:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.03.07 10:17:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.03.07 10:17:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010.03.07 10:08:50 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.03.07 09:57:33 | 000,000,000 | ---D | C] -- C:\$AVG
[2010.03.07 09:57:22 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.03.07 09:57:22 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.03.07 09:57:17 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.03.07 09:57:15 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.03.07 09:57:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010.03.07 09:56:42 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.03.07 09:56:42 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.03.07 09:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010.03.07 09:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.03.07 09:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Avg7
[2010.03.07 09:45:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2010.03.07 09:45:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2010.03.07 09:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2010.03.07 09:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.03.07 08:45:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.06 22:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j\Data aplikací\Malwarebytes
[2010.03.06 22:19:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.06 22:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.06 22:19:53 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.06 22:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.06 21:22:28 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\j\Plocha\hijackthis.exe
[2010.03.06 19:57:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.02 13:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j\Data aplikací\PhotoFiltre Studio X
[2010.03.02 13:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoFiltre Studio X
[2010.03.01 21:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2010.03.01 16:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j\Data aplikací\Apple Computer
[2010.03.01 16:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.03.01 16:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
[2010.03.01 16:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.03.01 16:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j\Local Settings\Data aplikací\Apple
[2010.03.01 16:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.03.01 16:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple
[2010.03.01 16:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j\Local Settings\Data aplikací\Apple Computer
[2010.02.26 15:34:13 | 000,000,000 | ---D | C] -- C:\Fraps
[2009.10.08 13:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Xfire
[2009.03.30 13:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.03.29 10:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2008.12.01 15:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2008.12.01 15:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2008.12.01 15:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Yahoo!
[2008.02.21 18:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\PCHealth
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010.03.07 20:07:32 | 000,010,791 | ---- | M] () -- C:\Documents and Settings\j\Plocha\Stáhni si.docx
[2010.03.07 20:07:24 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\j\Plocha\OTL.exe
[2010.03.07 20:07:08 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\j\Plocha\Microsoft Office Word 2007.lnk
[2010.03.07 19:27:08 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.07 19:09:38 | 000,000,240 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.07 19:09:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.07 19:09:23 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.07 19:09:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.07 19:09:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.07 19:09:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.07 19:08:09 | 006,926,336 | ---- | M] () -- C:\Documents and Settings\j\ntuser.dat
[2010.03.07 19:08:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\j\ntuser.ini
[2010.03.07 19:05:42 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.07 19:05:42 | 000,429,024 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.07 19:05:42 | 000,078,052 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.07 19:05:42 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.07 19:05:41 | 001,020,388 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.07 14:59:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.03.07 13:23:21 | 056,819,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.03.07 12:01:37 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.03.07 11:00:20 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.03.07 10:34:48 | 000,030,240 | ---- | M] () -- C:\Documents and Settings\j\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.03.07 10:33:55 | 001,455,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.07 10:19:52 | 000,250,576 | RHS- | M] () -- C:\ntldr
[2010.03.07 10:08:52 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.03.07 10:08:50 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.03.07 10:08:50 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.03.07 10:08:35 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.03.07 10:08:33 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.03.07 09:58:36 | 000,568,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.03.07 09:58:12 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.03.07 09:57:23 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.03.07 09:57:15 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.03.07 09:57:06 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.03.07 09:57:06 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.03.07 09:56:42 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.03.07 09:56:42 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.03.07 08:45:17 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010.03.06 13:03:42 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\j\default.pls
[2010.03.06 12:23:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.06 12:23:32 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\j\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.03 22:04:56 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\j\Plocha\hijackthis.exe
[2010.03.02 13:30:13 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\j\Plocha\PhotoFiltre Studio X.lnk
[2010.03.01 21:12:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.02.28 21:00:19 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\j\Plocha\Microsoft Office Excel 2007.lnk
[2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.03.07 20:07:32 | 000,010,791 | ---- | C] () -- C:\Documents and Settings\j\Plocha\Stáhni si.docx
[2010.03.07 09:57:23 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.03.07 09:57:15 | 000,568,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.03.07 09:57:15 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.03.07 09:57:06 | 056,819,350 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.03.07 09:57:06 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.03.07 09:57:06 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.03.07 09:57:06 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.03.07 08:45:17 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010.03.07 08:45:14 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.03.02 13:30:13 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\j\Plocha\PhotoFiltre Studio X.lnk
[2010.03.01 16:50:40 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.02.11 04:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009.11.18 19:54:28 | 000,001,196 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2009.11.11 18:06:44 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009.08.30 19:05:21 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.06.23 08:31:05 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2009.03.01 19:36:40 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.02.06 21:07:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008.10.15 16:26:02 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.10.15 16:26:02 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\j\Data aplikací\PnkBstrK.sys
[2008.10.09 13:23:55 | 000,007,997 | ---- | C] () -- C:\WINDOWS\System32\NetSpools.ini
[2008.08.11 15:59:19 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008.02.29 18:21:52 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\j\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.26 16:45:41 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008.02.21 19:11:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.02.15 19:57:42 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008.02.15 19:48:05 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.02.15 18:21:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.02.13 19:08:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.02.13 19:08:05 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.02.13 19:08:05 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.02.13 19:08:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.02.13 19:08:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
========== LOP Check ==========
[2008.02.16 08:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2010.03.07 09:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Avg7
[2010.03.07 10:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2008.02.26 16:41:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.11.22 13:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2009.06.12 16:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2009.07.15 16:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.02.17 17:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2009.11.18 19:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2009.11.18 19:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio
[2008.02.26 16:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2009.01.24 21:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SweetIM
[2008.03.02 20:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
[2008.02.26 16:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Canon
[2009.01.19 16:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\DAEMON Tools
[2010.03.07 08:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Desktopicon
[2010.03.01 18:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Facebook
[2010.03.07 10:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\ICQ
[2008.12.24 21:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Leadertech
[2010.03.02 13:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\PhotoFiltre Studio X
[2008.02.26 16:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\ScanSoft
[2010.03.06 21:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\TeamViewer
[2008.10.27 19:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\uTorrent
[2010.03.01 17:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Zoner
========== Purity Check ==========
< End of report >
OTL logfile created on: 7.3.2010 20:11:34 - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\j\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65,04 Gb Total Space | 20,00 Gb Free Space | 30,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 130,65 Gb Total Space | 130,46 Gb Free Space | 99,86% Space Free | Partition Type: NTFS
Drive G: | 102,40 Gb Total Space | 102,32 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: J-55E921BC82104
Current User Name: j
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\j\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe (My Privacy Tools, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\j\Plocha\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe (My Privacy Tools, Inc.)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
========== Driver Services (SafeList) ==========
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtHDMI.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (WFLR6654) WinFast DTV1800 H (Video) -- C:\WINDOWS\system32\drivers\wfeaglxt.sys (Leadtek Research Inc.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
DRV - (WFIOCTL) -- C:\Program Files\WinFast\WFDTV\WFIOCTL.sys (Leadtek Research Inc.)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|http://eu.ask.com?o=14672&l=dis"
FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.4.0.4340
FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:1.5.0.850
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: ""
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.13 11:15:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.08.15 17:45:25 | 000,000,000 | ---D | M]
[2009.09.10 16:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Mozilla\Extensions
[2009.09.10 16:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\j\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.11.25 19:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\extensions
[2009.09.13 18:09:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.14 11:13:26 | 000,002,235 | ---- | M] () -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\searchplugins\askcom.xml
[2009.11.20 17:08:51 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\searchplugins\icqplugin-1.xml
[2009.11.08 12:16:20 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\searchplugins\icqplugin-2.xml
[2009.11.20 20:25:28 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\searchplugins\icqplugin-3.xml
[2009.10.26 17:14:32 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\j\Data aplikací\Mozilla\Firefox\Profiles\xtw2g44u.default\searchplugins\icqplugin.xml
[2009.11.26 17:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.07.15 16:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.15 17:45:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009.11.22 14:14:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2009.05.01 22:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009.08.15 17:45:25 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009.05.12 19:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2006.10.26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007.05.10 22:52:00 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009.02.02 17:15:00 | 003,771,296 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2009.05.01 22:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
O1 HOSTS File: ([2010.03.07 19:09:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\j\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\j\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\j\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\j\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010.03.07 20:07:22 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\j\Plocha\OTL.exe
[2010.03.07 19:59:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.07 19:07:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.03.07 10:46:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\j\IETldCache
[2010.03.07 10:42:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.03.07 10:40:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.03.07 10:33:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.03.07 10:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.03.07 10:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs
[2010.03.07 10:23:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.03.07 10:17:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.03.07 10:17:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010.03.07 10:08:50 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.03.07 09:57:33 | 000,000,000 | ---D | C] -- C:\$AVG
[2010.03.07 09:57:22 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.03.07 09:57:22 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.03.07 09:57:17 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.03.07 09:57:15 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.03.07 09:57:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010.03.07 09:56:42 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.03.07 09:56:42 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.03.07 09:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010.03.07 09:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.03.07 09:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Avg7
[2010.03.07 09:45:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2010.03.07 09:45:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2010.03.07 09:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2010.03.07 09:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2010.03.07 08:45:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.06 22:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j\Data aplikací\Malwarebytes
[2010.03.06 22:19:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.06 22:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.06 22:19:53 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.06 22:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.06 21:22:28 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\j\Plocha\hijackthis.exe
[2010.03.06 19:57:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.02 13:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j\Data aplikací\PhotoFiltre Studio X
[2010.03.02 13:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoFiltre Studio X
[2010.03.01 21:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2010.03.01 16:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j\Data aplikací\Apple Computer
[2010.03.01 16:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.03.01 16:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
[2010.03.01 16:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.03.01 16:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j\Local Settings\Data aplikací\Apple
[2010.03.01 16:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.03.01 16:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Apple
[2010.03.01 16:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\j\Local Settings\Data aplikací\Apple Computer
[2010.02.26 15:34:13 | 000,000,000 | ---D | C] -- C:\Fraps
[2009.10.08 13:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Xfire
[2009.03.30 13:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.03.29 10:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2008.12.01 15:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Macromedia
[2008.12.01 15:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2008.12.01 15:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Yahoo!
[2008.02.21 18:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\PCHealth
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010.03.07 20:07:32 | 000,010,791 | ---- | M] () -- C:\Documents and Settings\j\Plocha\Stáhni si.docx
[2010.03.07 20:07:24 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\j\Plocha\OTL.exe
[2010.03.07 20:07:08 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\j\Plocha\Microsoft Office Word 2007.lnk
[2010.03.07 19:27:08 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.07 19:09:38 | 000,000,240 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.07 19:09:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.07 19:09:23 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.07 19:09:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.07 19:09:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.07 19:09:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.07 19:08:09 | 006,926,336 | ---- | M] () -- C:\Documents and Settings\j\ntuser.dat
[2010.03.07 19:08:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\j\ntuser.ini
[2010.03.07 19:05:42 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.07 19:05:42 | 000,429,024 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.07 19:05:42 | 000,078,052 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.07 19:05:42 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.07 19:05:41 | 001,020,388 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.07 14:59:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.03.07 13:23:21 | 056,819,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.03.07 12:01:37 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.03.07 11:00:20 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.03.07 10:34:48 | 000,030,240 | ---- | M] () -- C:\Documents and Settings\j\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.03.07 10:33:55 | 001,455,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.07 10:19:52 | 000,250,576 | RHS- | M] () -- C:\ntldr
[2010.03.07 10:08:52 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.03.07 10:08:50 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.03.07 10:08:50 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.03.07 10:08:35 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.03.07 10:08:33 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.03.07 09:58:36 | 000,568,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.03.07 09:58:12 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.03.07 09:57:23 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.03.07 09:57:15 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.03.07 09:57:06 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.03.07 09:57:06 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.03.07 09:56:42 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010.03.07 09:56:42 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010.03.07 08:45:17 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010.03.06 13:03:42 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\j\default.pls
[2010.03.06 12:23:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.06 12:23:32 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\j\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.03 22:04:56 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\j\Plocha\hijackthis.exe
[2010.03.02 13:30:13 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\j\Plocha\PhotoFiltre Studio X.lnk
[2010.03.01 21:12:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.02.28 21:00:19 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\j\Plocha\Microsoft Office Excel 2007.lnk
[2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.03.07 20:07:32 | 000,010,791 | ---- | C] () -- C:\Documents and Settings\j\Plocha\Stáhni si.docx
[2010.03.07 09:57:23 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.03.07 09:57:15 | 000,568,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010.03.07 09:57:15 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.03.07 09:57:06 | 056,819,350 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.03.07 09:57:06 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.03.07 09:57:06 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.03.07 09:57:06 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.03.07 08:45:17 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010.03.07 08:45:14 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.03.02 13:30:13 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\j\Plocha\PhotoFiltre Studio X.lnk
[2010.03.01 16:50:40 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.02.11 04:16:10 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009.11.18 19:54:28 | 000,001,196 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2009.11.11 18:06:44 | 000,000,049 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009.08.30 19:05:21 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.06.23 08:31:05 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2009.03.01 19:36:40 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.02.06 21:07:45 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008.10.15 16:26:02 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008.10.15 16:26:02 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\j\Data aplikací\PnkBstrK.sys
[2008.10.09 13:23:55 | 000,007,997 | ---- | C] () -- C:\WINDOWS\System32\NetSpools.ini
[2008.08.11 15:59:19 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008.02.29 18:21:52 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\j\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.26 16:45:41 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008.02.21 19:11:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.02.15 19:57:42 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008.02.15 19:48:05 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.02.15 18:21:50 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.02.13 19:08:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.02.13 19:08:05 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.02.13 19:08:05 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.02.13 19:08:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.02.13 19:08:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
========== LOP Check ==========
[2008.02.16 08:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2010.03.07 09:45:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Avg7
[2010.03.07 10:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2008.02.26 16:41:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.11.22 13:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2009.06.12 16:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2009.07.15 16:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.02.17 17:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2009.11.18 19:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2009.11.18 19:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio
[2008.02.26 16:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2009.01.24 21:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SweetIM
[2008.03.02 20:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
[2008.02.26 16:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Canon
[2009.01.19 16:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\DAEMON Tools
[2010.03.07 08:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Desktopicon
[2010.03.01 18:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Facebook
[2010.03.07 10:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\ICQ
[2008.12.24 21:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Leadertech
[2010.03.02 13:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\PhotoFiltre Studio X
[2008.02.26 16:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\ScanSoft
[2010.03.06 21:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\TeamViewer
[2008.10.27 19:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\uTorrent
[2010.03.01 17:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\j\Data aplikací\Zoner
========== Purity Check ==========
< End of report >
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 89 hostů