tak zatím log z combo,hijack mi nejde,budu se muset přihlásit asi jako správce.Jsem v tom nouzovým režimu.Nevím,jestli jsem vypl pořádně avast,nejde mi vůbec otevřít,tak je přes správce úloh jsem vypl proces.
ComboFix 10-05-10.03 - kája 11.05.2010 11:12:59.5.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.585 [GMT 2:00]
Spuštěný z: c:\documents and settings\kája\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100510-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AbaleZip.dll
c:\windows\system32\out.txt
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-11 do 2010-05-11 )))))))))))))))))))))))))))))))
.
2010-05-10 20:35 . 2010-05-10 20:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-10 16:11 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-05-10 16:11 . 2010-04-03 22:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-05-10 16:11 . 2010-04-03 22:55 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-05-10 16:11 . 2010-04-03 22:55 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-05-10 16:11 . 2010-04-03 22:55 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-05-10 16:11 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-05-10 16:11 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-05-10 16:11 . 2010-04-03 22:55 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-05-10 16:11 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-10 16:11 . 2010-04-03 22:55 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-05-10 09:49 . 2010-05-10 09:49 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-04 14:04 . 2010-05-04 14:04 -------- d-----w- c:\program files\Conduit
2010-05-04 14:04 . 2010-05-04 14:04 -------- d-----w- c:\program files\Vuze_Remote
2010-04-15 13:20 . 2010-04-15 13:20 -------- d-----w- c:\program files\QuickTime
2010-04-13 12:55 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-25 02:24 . 2009-11-08 16:04 -------- d---a-w- c:\program files\Guru3D.com
2010-05-10 19:04 . 2009-10-31 23:08 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-05-10 18:08 . 2009-12-07 16:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 13:39 . 2009-12-07 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-12-07 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 20:34 . 2009-01-23 17:48 -------- d-----w- c:\program files\CCleaner
2010-04-10 16:39 . 2010-04-10 16:35 -------- d-----w- c:\program files\ICQ7.1
2010-04-10 16:36 . 2009-01-23 15:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-07 12:49 . 2010-04-07 12:49 -------- d-----w- c:\program files\Exec
2010-04-03 22:55 . 2009-11-08 17:19 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-03 22:55 . 2008-09-17 22:55 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2008-09-17 22:55 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:23 . 2010-04-03 17:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-04-03 17:23 . 2010-04-03 17:23 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-04-02 14:54 . 2009-11-08 17:19 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-30 20:46 . 2010-03-07 18:18 -------- d-----r- c:\program files\Skype
2010-03-29 15:09 . 2009-11-21 13:34 -------- d-----w- c:\program files\Wise Disk Cleaner
2010-03-10 06:17 . 2002-09-23 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-07 18:20 . 2010-03-07 18:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-26 16:04 . 2009-01-24 19:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 06:18 . 2009-11-15 22:29 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2002-09-23 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:34 . 2002-09-23 12:00 2183552 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:34 . 2002-09-20 17:12 2060544 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2002-09-23 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2002-09-23 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-07-17 17:34 . 2009-07-17 12:59 30001184 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD_Display"="c:\program files\AMD\AMD Power Monitor\AMD_PwrMon.exe" [2009-11-08 1449984]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0autocheck smrgdf c:\documents and settings\kája\Data aplikací\iolo\\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2009-11-24 23:51 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2008-11-03 23:44 435096 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 20:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2004-08-17 14:49 159232 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-05 12:45 385856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
2010-02-18 23:23 26624 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupFaster]
2008-09-07 18:36 1402080 ----a-w- c:\program files\Startup Faster\StartupLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-10-12 20:24 2000112 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SEGA\\Vancouver 2010\\Vancouver.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [24.1.2009 10:11 30808]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.1.2009 19:48 114768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 22:24 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 22:24 74480]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.1.2009 21:03 20560]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [13.7.2009 11:38 592232]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [13.7.2009 11:38 592232]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [16.5.2009 12:17 219264]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [1.11.2009 21:50 98488]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 22:24 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\kája\Data aplikací\Mozilla\Firefox\Profiles\am89cmnq.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.2&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
MSConfigStartUp-nwiz - nwiz.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 11:17
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1897051121-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="706410BA350AE1AE84CDCCDB76D07BDF0E2525128E63177672521F09D1C03CBB391BBBBCB0E29C4CF6FD664C431FDB3C75211D5E1DA2B0B7B74F80907D764E46C78A9F7DBD92A2105D251FC82289E0B847F7324A6EBCDFCEAF17D6BA4FA2C63E2B2972F6129E86629ABDAED32F65AA1ADA4435809F7572774706B078891D3F79FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67949DB7CE019D40AA5C386C0E73075F3D512CC5E71CB10AEB2542AF82BAA95188765645EF6E098549A44CE48857F0AAE1E70A2EEC0CB87AEC8ACA13DB19E2FB2DB6C0F3D692E22C184E03D0153B3BB331D8CF014933622AB6F59B0CB53B7C729F7473001207E19A69E0AB623DA27CD72FB561B0435E698B9A96CCED3358F6551F975BBA418CEB42881B2990BD741D7BD3B839F5553D5B8F5C3B8BCF2C89264ADCA9FCC03A42379935DF739688FB5D038A3D614BAEE49C2F37D91B8FAA4B32F8FDD6ECEB05B1531920361470C369CB5BB4C07B6E314DE2E5D58ACDCBEF01968D1E73D5E05D439F3FF3C8AB61484FD071A6EABAE474D2B9345B0B0F6AEE6EA1B94A747602B445CF0D48E66DEE24A5A439A501E873C1367F1C5B3CDB134F3DF8B284739FF8AF6B6E092E0321641748552970706127181DE5A5DE22C4B0ECF9143043AE3A34A54BD7BBA7B5A1CF197546BA36C713CD290D76DD64E5EFF4D518BE6D7087BDE3255FBC342C37DC0253D0AAED1BBB847B5DF40952DBD495D2CF6B19AEE9843A7DEB86228327675892A1E20EC4B524CC87CD234E99AAE083834F2E153503CED13A7102DF3F77CAA95A1795CDC5147D980C494E48C8281C1B03837DFCCBFE36BA16DB792401EE06FC77F8B99BFB36E5A868D28C4E7BA3C2D110495A6ABD1A2ABD5489F6EDE5D6E5904EBF027CF50FA2CF40A05C89D25DAFB0AF35AB4EDB82C1BBF889E793906858B9829A844CC6861C777B9C1D7A728AE2D4AA8EB86B7C5937A4CC2120BCA5D2EE5DFE6A3FB604F8DC9B4465127380D304708DD0AF5BF5346700DC495667CF3A6378F243103EC83795CC88CEE59B2A565A47A62C2208269D55687CAD2363BC340F994FF0BA393404992F7E5FA3EC1EA3D2B38B0386B36D13270A3DAF86551DCC7064CA6F6650E818E17A9A4F3C3790BF7EA1946DB46F308824AA7B626137A702AB105E719E828C1F0AFB988F049B39249294DCB7EA23D7E2BD1DD18FFB5515C886E6CADA52A04BB9CF137941331253BD67204460CA0D51FA834D24337ECEA3866C498FC7D5D0537B9AB47D3BE6E51EEDF9EDEF1BD73A8BA0AC3A95FE799B1417EB2AF403608D566D70E82D889DB45E0A6B3C48CFFD11FC1512F30F565E02AD483891838F8DA28B8AFCCAD4673DF05BDA80"
"OODEFRAG12.00.00.01PROFESSIONAL"="1271FA57C74CD6DC49FC4625E70526A2F98C417847F19FE83EF21C5793298D2998D35FC8D44EDB8C51141E4607B2CCC5601DB280D132403F66E911724CF60B963968A0C8C67ADAEBFCADAB13BAE02FF94CEF60CC31A0DF08F95C5B2CCB7DB01ED4354C4DD34D7C9C02C31E1F6312678F6E95FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D1407FEBC9E127BECC74C51429BF98D48F26F1BA92CB6D78312C5929B7299E42F3F9C178ED41CCE5BBED37B2505D72AB0D75ABD1FAF9741CD3AE8BD9DA04355F67C1E8C3D919A790FA4D34FF47638F566455528CB606F415524DC3ADE70EF05AAF56934B35CC234652CD5EF617D11B144CA55A07DF5B80BA2D5A91167623EB79FCB39F65A9C797320AD6C47CF8C29A49A9B6130370CC2D530FD6A0DF8DB20B39EC35FFE4CA0F52F75A73C82D7F81F97AA8D14252D222EDAF0EAD03D8423DDC76547C23E5818C4E490BC0114C7FEE2572D9B1E92C81AEFD9C5912074AF67904025E0DA67049AC5150EB10AAE1FBB3836CA66C04EA8BD53948888B149D6362873024436F30421AB4401F0364D91B2BA0BA4AED4729D3675D2848BF098080667B71644759EC6887EFBED897F2C08C8542D4EDC455DAC9448DDF9FB5D8004ADE3E76DDACE6969131A47D1AA6E4DA0C9477CCB7A113090CA90061D5D8DE3C36B0A6509248A974164AE38172C21F52A64A7591B384B52B5B1691C1656A76A71DE97135FE10630D407BF6222094AAD2AA95F29A9E69C6D3E8441F700B469FE698A9F58D7F833815F68A4DE48DB30425710A9D65B7FBE6F00E1D7F46C6622D040D90921CFF09699D15A8A4AD2E92DC6A0F2194E071C818B034D43EF5E01B6D2BB180FDC9978C9CD4E116FC58197AF0D26101104F6FA48B6872EEECC4DBA9E3D57F4BF0077DFF8B52D27A8F5846DB8B13A8A4AE96B7F89AAFB5096712771E78A4085FC81269BE72EF919DC03041CDF8EE767517C95B0D2E708E2CD49C924B0F85942FEDC4FC4E9D77349879897F34FC76B9209B81FB9C02E84F87A438A762E8D3908D0919698E8150E7CFA6ACEEA45C033D924A0A06887847E8AD3D0B1B0280DAB9550240F78E18FF0DAD729AB1B1422666E2D37AAB06F35B8F26A68F8BE7C052D10AF1C42E7E63277749711244221DA5BE87E0A3F2AD2CD27F11E0614AF99C27100F7042E109C2D313985DCA142679BA0C2C9A4D58DA02175A9A628243885DADE5381ECC23EBBF661FE41CC82A1F558F55A9519D9BA5C467E230C50C230D6A310577C6966E49245807EBF279889ECCBCEF1387CA9361E15D5C7AC867A93B9B853C36B126F950294395547B32BC705F154AFE068982490ADC069B9D34C81F0F72BAE2582AD8C7FA5EB0574BE72"
"OOCC06.00.00.01WSSV"="E0D07F77553C5281E836E4F0B4D1A9A0CE99D4C567D3D11A14A8ACB61E504CE745C8B01B56B9FB34F4911456046E118E0FE54AD10D4E44BAF98530960C6166098547F86D6D913C3E2D4D799257E92614255DBA755EF4243EBEB65C8B149D9C0899074AB8DA297CFC9C64C53A0F3BA126505DAF2C037096D07A9AB81CC27CA16B8A874B2D2E6B9FEFE415D9C56360B05DE8866A5977ECB6C4555102B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D1407FEBC9E127BECC74C1C4966FA3530414C6F6976B7F8ADD71B78EC225DA0AC2F716082D92C3C154E70165A1791600B9B6E06FB60340BCB43BF232C8B0BCF9B6922BC67610DDEC62EAA2AE38AE5CC2C85C843AAC4473C5E575A243CF8BA465478CB4E4A8F15BFA0E94E07F8236A4A4A7595193BF71BAF9F072DD635CAEF192F6CDA7333EFC00B3FD091B0323BB1B66197F1D1F63DFD1B0B7C5EE4AD5450754B8B9DDDAB822F8001630BFC2B9F7688324ADE87A85061486313F7D046DA28990A504692C23AA5F509593995031014CA41A242AAA1DFDB16AD5B69EE9D9B65D792656EEC0C800AD1BE1EFA7B5D430D1AD567E47D380C26F7B11A05685CC39A994E3090981DB16A914C4D9500E1E106A5FB93F59AC26C9F72FC480039AA7800D9EB430C19109B7445A23CAF4ABB89C6B40658846B9E0B489FE19175B335CE6FA6DD6923430504FD11F370D7559C49BC20859708312DE3C72FF4D664FA30D16823D8207FC01EA3FC2C37257D6EB6287954D269D7FED16B67628EAD2E884E828D88D8192C9082A410E4A6C6753AC09DAFD48B1A33BC770715114DDC9A284BD0A5209AB896835A28F41BC3FA7830F7983C348E283A26878FE12391E1D17CE4A79B4BA099933FD7C190C15095A1989BF7189D01C6F2CAF4540597806D64F8DB5E7EFA31885A3E2BF9E96153A2F113EE13664DCA5F478F3496D78202E344E7F4C501B7D60806CC8BCCAD1818DFCD933A30EA95978B83AA3D8D588845DC47E37C21F99BDECC970F34A92B932E407EDFC70F8F5B581BD8A80DE028E33BA5285EBDA6E5585CC06FF8E374D61A686AAE9369DE61174013DD6825328D63183F059D0C02E0AE258157D45C0648035EB8F01C70C48F5648A80C208810F2E8D55D60383BD1B0775360FAC0652A3B3BEA39373C365B71BAACC9BFD4408264EB30E9A09DA529B99D456268AE49A110C22DAF5C8C952EFC7A6C14BBE3DA8215742A00900CAA8F88201C429262551E4BAC87919A776E3ED15D4C5C247CE57EDB2208EFDD19A97FCA123FECD2F85D4A1324A20914B9A58130C0542902237959B0A8D23F9BAD09E7D41C590363DD3841B46268764CE7A060FA17D136C32E2AE733CB5726C007B2AC9C"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2010-05-11 11:18:50
ComboFix-quarantined-files.txt 2010-05-11 09:18
Před spuštěním: Volných bajtů: 24 899 031 040
Po spuštění: Volných bajtů: 24 957 153 280
- - End Of File - - 3E8B5A8FAE361E09A008741FE385419A
prosím o pomoc a kontrola logu Vyřešeno
Re: prosím o pomoc
tak mám už i log z Hijack
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:22, on 11.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [AMD_Display] C:\Program Files\AMD\AMD Power Monitor\AMD_PwrMon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 9080 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:22, on 11.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [AMD_Display] C:\Program Files\AMD\AMD Power Monitor\AMD_PwrMon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 9080 bytes
Re: prosím o pomoc
toto vše se mi stalo,když jsem přes noc stahoval a ráno už byla obrazovka černá a blikal jen buton zapnutí na obrazovce,pc běžel.
Re: prosím o pomoc
V malwarebytes nic nenalezeno
Re: prosím o pomoc a kontrola logu
tak co s tím?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43291
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o pomoc a kontrola logu
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Budu až později večer.
Návod
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll
File::
c:\windows\system32\ezsidmv.dat
c:\windows\system32\drivers\fidbox.dat
DirLook::
c:\program files\Exec
DDS::
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
Firefox::
FF - ProfilePath - c:\documents and settings\kája\Data aplikací\Mozilla\Firefox\Profiles\am89cmnq.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... 2.0.0.2&q=
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Budu až později večer.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o pomoc a kontrola logu
omlouvám se za zdržení,ale vůbec mi to nešlo spustit,monitor jen blikal,ale nezapl se.
zde je log,snad bude správně,vyndaval jsem i baterku ze základní desky,protože už jsem nevěděl,co udělat,aby se monitor zapl.
ComboFix 10-05-10.03 - kája 11.05.2010 23:39:27.6.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.783 [GMT 2:00]
Spuštěný z: c:\documents and settings\kája\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\kája\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100510-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\drivers\fidbox.dat"
"c:\windows\system32\ezsidmv.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\ezsidmv.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2005-11-28 do 2005-12-31 )))))))))))))))))))))))))))))))
.
2010-05-11 10:09 . 2010-05-11 10:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-10 20:35 . 2010-05-10 20:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-10 16:11 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-05-10 16:11 . 2010-04-03 22:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-05-10 16:11 . 2010-04-03 22:55 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-05-10 16:11 . 2010-04-03 22:55 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-05-10 16:11 . 2010-04-03 22:55 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-05-10 16:11 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-05-10 16:11 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-05-10 16:11 . 2010-04-03 22:55 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-05-10 16:11 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-10 16:11 . 2010-04-03 22:55 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-05-10 09:49 . 2010-05-10 09:49 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-04 14:04 . 2010-05-04 14:04 -------- d-----w- c:\program files\Conduit
2010-05-04 14:04 . 2010-05-04 14:04 -------- d-----w- c:\program files\Vuze_Remote
2010-04-15 13:20 . 2010-04-15 13:20 -------- d-----w- c:\program files\QuickTime
2010-04-13 12:55 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-10 16:35 . 2010-04-10 16:39 -------- d-----w- c:\program files\ICQ7.1
2010-04-09 19:23 . 2010-04-29 12:47 -------- d-----w- C:\Jitka a Kája
2010-04-07 12:49 . 2010-04-07 12:49 -------- d-----w- c:\program files\Exec
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:23 . 2010-04-03 17:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-04-03 17:23 . 2010-04-03 17:23 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-03-10 11:47 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 18:18 . 2010-03-30 20:46 -------- d-----r- c:\program files\Skype
2010-02-26 16:05 . 2010-02-26 16:05 -------- d-----w- c:\program files\Common Files\Java
2010-02-25 22:12 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-25 22:12 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-25 22:12 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-25 22:12 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-25 22:12 . 2010-02-25 22:12 -------- d--h--w- c:\windows\msdownld.tmp
2010-02-18 23:21 . 2010-02-18 23:24 -------- d-----w- C:\TRANSLAT
2010-02-18 22:50 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-02-18 22:50 . 2010-02-18 22:50 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-18 22:49 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-02-18 22:49 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-02-18 22:49 . 2009-12-30 10:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-02-18 22:49 . 2010-01-21 13:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-02-18 22:49 . 2009-12-30 10:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-02-18 22:49 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-02-10 15:03 . 2010-02-10 15:03 -------- d-----w- c:\program files\SEGA
2010-02-02 14:16 . 2010-02-02 14:16 -------- d-----w- c:\program files\iPod
2010-02-02 14:15 . 2010-02-02 14:16 -------- d-----w- c:\program files\iTunes
2010-01-19 15:41 . 2010-01-19 15:41 -------- d-----w- c:\program files\AxBx
2010-01-13 14:10 . 2010-01-13 14:10 85504 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-01-13 13:35 . 2009-11-21 16:46 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-24 07:07 . 2009-12-24 07:07 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2009-12-17 08:00 . 2009-12-17 08:00 343552 -c----w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:37 . 2009-12-14 07:37 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-07 16:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 16:42 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 16:42 . 2010-05-10 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 15:32 . 2009-12-07 15:32 -------- d-----w- c:\program files\DVDCover+
2009-12-03 16:43 . 2009-12-03 17:32 -------- d-----w- c:\program files\Microsoft Games
2009-12-02 18:16 . 2009-12-02 18:19 23733 ----a-w- c:\windows\hpqins15.dat
2009-11-27 17:35 . 2009-11-27 17:35 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:40 . 2009-11-27 16:40 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:40 . 2009-11-27 16:40 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:40 . 2009-11-27 16:40 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2009-11-27 14:28 . 2009-11-27 14:28 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-27 14:25 . 2009-11-27 14:29 -------- d-----w- c:\program files\DIFX
2009-11-26 17:35 . 2009-11-26 17:41 19567 ----a-w- c:\windows\hpqins13.dat
2009-11-26 17:23 . 2009-11-26 17:28 78206 ----a-w- c:\windows\hpqins05.dat
2009-11-26 17:09 . 2009-11-26 17:09 -------- d-----w- c:\windows\Hewlett-Packard
2009-11-26 17:02 . 2008-01-24 21:22 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-26 17:02 . 2008-01-24 21:22 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-26 17:01 . 2008-01-24 21:23 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-11-26 17:01 . 2007-10-20 17:21 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2009-11-26 17:01 . 2007-10-20 17:25 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2009-11-26 17:01 . 2008-01-24 21:22 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-11-26 17:00 . 2008-01-24 21:22 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2009-11-26 17:00 . 2008-01-24 21:22 303104 ----a-r- c:\windows\system32\hpovst15.dll
2009-11-26 17:00 . 2008-01-24 21:22 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2009-11-26 17:00 . 2008-01-24 21:22 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-11-26 17:00 . 2008-01-24 21:22 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-11-26 16:53 . 2009-11-26 16:53 -------- d-----w- c:\program files\Common Files\HP
2009-11-26 16:53 . 2009-11-26 16:53 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-26 16:52 . 2009-11-26 16:52 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-26 16:50 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-26 16:50 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-26 16:47 . 2009-11-26 17:09 -------- d-----w- c:\program files\HP
2009-11-26 16:45 . 2009-11-26 17:03 186308 ----a-w- c:\windows\hpoins28.dat
2009-11-26 16:45 . 2008-07-01 04:02 796 ------w- c:\windows\hpomdl28.dat
2009-11-25 16:16 . 2009-11-25 16:17 -------- d-----w- c:\program files\hkSFV
2009-11-25 10:13 . 2009-11-25 10:13 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 09:00 . 2009-11-24 09:00 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-24 09:00 . 2009-11-24 09:00 -------- d-----w- c:\program files\Red Kawa
2009-11-24 08:40 . 2009-12-27 11:50 -------- d-----w- c:\program files\MediaCoder
2009-11-23 12:50 . 2009-11-23 12:50 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-11-22 16:35 . 2009-11-24 15:58 3532 ----a-w- C:\drmHeader.bin
2009-11-22 14:20 . 2009-11-22 14:20 0 ----a-w- c:\windows\nsreg.dat
2009-11-22 10:50 . 2009-12-02 17:31 -------- d-----w- c:\program files\HandBrake
2009-11-22 01:31 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-22 01:29 . 2009-11-22 01:29 -------- d-----w- c:\program files\Apple Software Update
2009-11-22 01:29 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-11-22 01:29 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-22 01:28 . 2010-02-02 14:16 -------- d-----w- c:\program files\Common Files\Apple
2009-11-21 21:01 . 2009-11-21 21:01 54772 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-21 13:34 . 2010-03-29 15:09 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-11-18 12:14 . 2009-11-18 12:20 -------- d-----w- c:\program files\Startup Faster
2009-11-18 11:54 . 2009-11-18 11:54 -------- d-----w- c:\program files\Reference Assemblies
2009-11-18 11:03 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-18 11:02 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-18 11:02 . 2010-02-25 06:18 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-18 11:02 . 2010-02-25 06:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-18 11:02 . 2010-02-25 06:18 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-18 11:02 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-18 11:02 . 2010-02-25 09:48 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-17 21:19 . 2009-11-17 21:20 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-11-17 21:00 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-11-17 21:00 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-17 20:57 . 2009-11-17 20:57 -------- d-----w- c:\program files\Microsoft Works
2009-11-17 20:56 . 2009-11-17 20:56 -------- d-----w- c:\program files\Microsoft.NET
2009-11-17 20:54 . 2009-11-17 20:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-17 20:53 . 2009-11-17 20:57 -------- d-----w- c:\windows\SHELLNEW
2009-11-17 11:51 . 2008-08-14 09:51 138368 -c----w- c:\windows\system32\dllcache\afd.sys
2009-11-17 11:51 . 2008-06-20 17:42 247296 -c----w- c:\windows\system32\dllcache\mswsock.dll
2009-11-17 09:58 . 2009-11-17 11:44 -------- d-----w- c:\windows\system32\wbem\Repository.002
2009-11-17 09:41 . 2009-11-17 09:42 -------- d-----w- C:\5d1c994c08196049e613ebe5690e
2009-11-16 13:16 . 2009-11-16 13:16 -------- d-----w- C:\fd3a5f783c43a358aef094c8eaa4
2009-11-16 12:57 . 2008-07-03 13:15 8458752 -c----w- c:\windows\system32\dllcache\shell32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 20:34 . 2009-01-23 17:48 -------- d-----w- c:\program files\CCleaner
2010-04-10 16:36 . 2009-01-23 15:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-03 22:55 . 2008-09-17 22:55 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2008-09-17 22:55 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-10 06:17 . 2002-09-23 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2009-11-15 22:29 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2002-09-23 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:34 . 2002-09-23 12:00 2183552 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:34 . 2002-09-20 17:12 2060544 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2002-09-23 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Exec ----
2010-03-11 14:37 . 2010-03-11 14:37 2107392 ----a-w- c:\program files\Exec\HeySmile Studio\HeySmile Studio.exe
2010-03-11 14:37 . 2010-03-11 14:37 2971 ----a-w- c:\program files\Exec\HeySmile Studio\HeySmile Studio.exe.config
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.Common.BusLa.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.Common.Data.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.Common.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.Common.ZLib.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 32768 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.Controls.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 90112 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.SQL.Module.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 49152 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.SQL.Phobo.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 6656 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboBusLa.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 774144 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboClient.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboConfig.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4608 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboDesigner.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboDesignerWPF.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4608 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboRemote.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboReplication.resources.dll
2010-03-11 14:07 . 2010-03-11 14:07 15872 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.BusLa.dll
2010-03-11 14:07 . 2010-03-11 14:07 81920 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.Data.dll
2010-03-11 14:07 . 2010-03-11 14:07 94208 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.dll
2010-03-11 14:07 . 2010-03-11 14:07 16384 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.ZLib.dll
2010-03-11 14:07 . 2010-03-11 14:07 77824 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Controls.dll
2010-03-11 14:07 . 2010-03-11 14:07 155648 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.SQL.Module.dll
2010-03-11 14:07 . 2010-03-11 14:07 274432 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.SQL.Phobo.dll
2010-03-11 14:07 . 2010-03-11 14:07 174080 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboBusLa.dll
2010-03-11 14:07 . 2010-03-11 14:07 23552 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboConfig.dll
2010-03-11 14:07 . 2010-03-11 14:07 507904 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboDesigner.dll
2010-03-11 14:07 . 2010-03-11 14:07 57344 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboDesignerWPF.dll
2010-03-11 14:07 . 2010-03-11 14:07 196608 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboRemote.dll
2010-03-11 14:07 . 2010-03-11 14:07 32768 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboReplication.dll
2010-03-11 14:07 . 2010-03-11 14:07 1103360 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboClient.pdb
2010-03-11 14:07 . 2010-03-11 14:07 255488 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboBusLa.pdb
2010-03-11 14:07 . 2010-03-11 14:07 298496 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboDesigner.pdb
2010-03-11 14:07 . 2010-03-11 14:07 32256 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.SQL.Phobo.pdb
2010-03-11 14:07 . 2010-03-11 14:07 38400 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboConfig.pdb
2010-03-11 14:07 . 2010-03-11 14:07 315392 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboRemote.XmlSerializers.dll
2010-03-11 14:07 . 2010-03-11 14:07 32256 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboReplication.pdb
2010-03-11 14:07 . 2010-03-11 14:07 167424 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.Data.pdb
2010-03-11 14:07 . 2010-03-11 14:07 13824 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.SQL.Module.pdb
2010-03-11 14:07 . 2010-03-11 14:07 50688 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboDesignerWPF.pdb
2010-03-11 14:07 . 2010-03-11 14:07 450048 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboRemote.pdb
2010-03-11 14:07 . 2010-03-11 14:07 42496 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.BusLa.pdb
2010-03-11 13:57 . 2010-03-11 13:57 124416 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Controls.pdb
2010-03-11 13:56 . 2010-03-11 13:56 11776 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.ZLib.pdb
2010-03-11 13:56 . 2010-03-11 13:56 173568 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.pdb
2007-10-24 12:47 . 2007-10-24 12:47 704512 ----a-w- c:\program files\Exec\HeySmile Studio\FirebirdSql.Data.FirebirdClient.dll
2007-09-03 14:14 . 2007-09-03 14:14 684032 ----a-w- c:\program files\Exec\HeySmile Studio\intl\fbintl.dll
2007-09-03 14:14 . 2007-09-03 14:14 9216 ----a-w- c:\program files\Exec\HeySmile Studio\udf\ib_udf.dll
2007-09-03 14:13 . 2007-09-03 14:13 10752 ----a-w- c:\program files\Exec\HeySmile Studio\udf\fbudf.dll
2007-09-03 14:09 . 2007-09-03 14:09 5632 ----a-w- c:\program files\Exec\HeySmile Studio\ib_util.dll
2007-09-03 14:05 . 2007-09-03 14:05 127696 ----a-w- c:\program files\Exec\HeySmile Studio\firebird.msg
2007-09-03 14:05 . 2007-09-03 14:05 2015232 ----a-w- c:\program files\Exec\HeySmile Studio\fbembed.dll
2007-09-03 13:56 . 2007-09-03 13:56 1114112 ----a-w- c:\program files\Exec\HeySmile Studio\icudt30.dll
2007-09-03 13:54 . 2007-09-03 13:54 200704 ----a-w- c:\program files\Exec\HeySmile Studio\icuin30.dll
2007-09-03 13:54 . 2007-09-03 13:54 548864 ----a-w- c:\program files\Exec\HeySmile Studio\icuuc30.dll
2007-03-06 07:21 . 2007-03-06 07:21 21541 ----a-w- c:\program files\Exec\HeySmile Studio\firebird.conf
2006-11-29 10:09 . 2006-11-29 10:09 172032 ----a-w- c:\program files\Exec\HeySmile Studio\ICSharpCode.SharpZipLib.dll
2006-06-05 00:17 . 2006-06-05 00:17 5057 ----a-w- c:\program files\Exec\HeySmile Studio\intl\fbintl.conf
2005-11-01 14:28 . 2005-11-01 14:28 884736 ----a-w- c:\program files\Exec\HeySmile Studio\Microsoft.Web.Services3.dll
2004-11-29 09:06 . 2004-11-29 09:06 499712 ----a-w- c:\program files\Exec\HeySmile Studio\msvcp71.dll
2004-11-29 09:06 . 2004-11-29 09:06 348160 ----a-w- c:\program files\Exec\HeySmile Studio\msvcr71.dll
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD_Display"="c:\program files\AMD\AMD Power Monitor\AMD_PwrMon.exe" [2009-11-08 1449984]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0autocheck smrgdf c:\documents and settings\kája\Data aplikací\iolo\\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2008-11-03 23:44 435096 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 20:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2004-08-17 14:49 159232 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-05 12:45 385856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
2010-02-18 23:23 26624 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupFaster]
2008-09-07 18:36 1402080 ----a-w- c:\program files\Startup Faster\StartupLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-10-12 20:24 2000112 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SEGA\\Vancouver 2010\\Vancouver.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [24.1.2009 10:11 30808]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.1.2009 19:48 114768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 22:24 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 22:24 74480]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.1.2009 21:03 20560]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [13.7.2009 11:38 592232]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [13.7.2009 11:38 592232]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [16.5.2009 12:17 219264]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [1.11.2009 21:50 98488]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 22:24 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\kája\Data aplikací\Mozilla\Firefox\Profiles\am89cmnq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\
---- NASTAVENÍ FIREFOXU ----
pref(icqtoolbar.suggestions, true);
pref(icqtoolbar.xmlEnableSuggestions, true);
pref(icqtoolbar.history, );
pref(icqtoolbar.shownElements, itb_people itb_zoom_in itb_zoom_out itb_zoom_default itb_games itb_highlight);
pref(icqtoolbar.hiddenElements, itb_options itb_send_url);
/*
pref(icqtoolbar.searchInSameTab, true);
pref(icqtoolbar.searchInNewWindow, false);
*/
// 0 - same tab; 1 - new tab; 2 - new window
pref(icqtoolbar.displayResultsIn, 1);
//-1 for infinite number of saved searches
pref(icqtoolbar.historyCapacity, 15);
pref(icqtoolbar.displayHistory, true);
pref(icqtoolbar.enableAutocomplete, false);
pref(icqtoolbar.searchOnDrop, true);
pref(icqtoolbar.searchOnSelect, true);
pref(icqtoolbar.searchBoxSize, 200);
pref(icqtoolbar.showBtnsText, false);
pref(icqtoolbar.allowSendURL, true);
pref(icqtoolbar.initSearchType, );
pref(icqtoolbar.uninstStatSent, false);
pref(icqtoolbar.installsource, 0);
pref(icqtoolbar.xmlLanguage, en-US);
pref(icqtoolbar.updateRetryTimeout, 600);
pref(icqtoolbar.showSitesPanel, true);
pref(icqtoolbar.showVoucher, true);
pref(icqtoolbar.searchInNewTab, true);
pref(icqtoolbar.displayResultsIn, 1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-12-31 23:07
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1897051121-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="706410BA350AE1AE84CDCCDB76D07BDF0E2525128E63177672521F09D1C03CBB391BBBBCB0E29C4CF6FD664C431FDB3C75211D5E1DA2B0B7B74F80907D764E46C78A9F7DBD92A2105D251FC82289E0B847F7324A6EBCDFCEAF17D6BA4FA2C63E2B2972F6129E86629ABDAED32F65AA1ADA4435809F7572774706B078891D3F79FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67949DB7CE019D40AA5C386C0E73075F3D512CC5E71CB10AEB2542AF82BAA95188765645EF6E098549A44CE48857F0AAE1E70A2EEC0CB87AEC8ACA13DB19E2FB2DB6C0F3D692E22C184E03D0153B3BB331D8CF014933622AB6F59B0CB53B7C729F7473001207E19A69E0AB623DA27CD72FB561B0435E698B9A96CCED3358F6551F975BBA418CEB42881B2990BD741D7BD3B839F5553D5B8F5C3B8BCF2C89264ADCA9FCC03A42379935DF739688FB5D038A3D614BAEE49C2F37D91B8FAA4B32F8FDD6ECEB05B1531920361470C369CB5BB4C07B6E314DE2E5D58ACDCBEF01968D1E73D5E05D439F3FF3C8AB61484FD071A6EABAE474D2B9345B0B0F6AEE6EA1B94A747602B445CF0D48E66DEE24A5A439A501E873C1367F1C5B3CDB134F3DF8B284739FF8AF6B6E092E0321641748552970706127181DE5A5DE22C4B0ECF9143043AE3A34A54BD7BBA7B5A1CF197546BA36C713CD290D76DD64E5EFF4D518BE6D7087BDE3255FBC342C37DC0253D0AAED1BBB847B5DF40952DBD495D2CF6B19AEE9843A7DEB86228327675892A1E20EC4B524CC87CD234E99AAE083834F2E153503CED13A7102DF3F77CAA95A1795CDC5147D980C494E48C8281C1B03837DFCCBFE36BA16DB792401EE06FC77F8B99BFB36E5A868D28C4E7BA3C2D110495A6ABD1A2ABD5489F6EDE5D6E5904EBF027CF50FA2CF40A05C89D25DAFB0AF35AB4EDB82C1BBF889E793906858B9829A844CC6861C777B9C1D7A728AE2D4AA8EB86B7C5937A4CC2120BCA5D2EE5DFE6A3FB604F8DC9B4465127380D304708DD0AF5BF5346700DC495667CF3A6378F243103EC83795CC88CEE59B2A565A47A62C2208269D55687CAD2363BC340F994FF0BA393404992F7E5FA3EC1EA3D2B38B0386B36D13270A3DAF86551DCC7064CA6F6650E818E17A9A4F3C3790BF7EA1946DB46F308824AA7B626137A702AB105E719E828C1F0AFB988F049B39249294DCB7EA23D7E2BD1DD18FFB5515C886E6CADA52A04BB9CF137941331253BD67204460CA0D51FA834D24337ECEA3866C498FC7D5D0537B9AB47D3BE6E51EEDF9EDEF1BD73A8BA0AC3A95FE799B1417EB2AF403608D566D70E82D889DB45E0A6B3C48CFFD11FC1512F30F565E02AD483891838F8DA28B8AFCCAD4673DF05BDA80"
"OODEFRAG12.00.00.01PROFESSIONAL"="1271FA57C74CD6DC49FC4625E70526A2F98C417847F19FE83EF21C5793298D2998D35FC8D44EDB8C51141E4607B2CCC5601DB280D132403F66E911724CF60B963968A0C8C67ADAEBFCADAB13BAE02FF94CEF60CC31A0DF08F95C5B2CCB7DB01ED4354C4DD34D7C9C02C31E1F6312678F6E95FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D1407FEBC9E127BECC74C51429BF98D48F26F1BA92CB6D78312C5929B7299E42F3F9C178ED41CCE5BBED37B2505D72AB0D75ABD1FAF9741CD3AE8BD9DA04355F67C1E8C3D919A790FA4D34FF47638F566455528CB606F415524DC3ADE70EF05AAF56934B35CC234652CD5EF617D11B144CA55A07DF5B80BA2D5A91167623EB79FCB39F65A9C797320AD6C47CF8C29A49A9B6130370CC2D530FD6A0DF8DB20B39EC35FFE4CA0F52F75A73C82D7F81F97AA8D14252D222EDAF0EAD03D8423DDC76547C23E5818C4E490BC0114C7FEE2572D9B1E92C81AEFD9C5912074AF67904025E0DA67049AC5150EB10AAE1FBB3836CA66C04EA8BD53948888B149D6362873024436F30421AB4401F0364D91B2BA0BA4AED4729D3675D2848BF098080667B71644759EC6887EFBED897F2C08C8542D4EDC455DAC9448DDF9FB5D8004ADE3E76DDACE6969131A47D1AA6E4DA0C9477CCB7A113090CA90061D5D8DE3C36B0A6509248A974164AE38172C21F52A64A7591B384B52B5B1691C1656A76A71DE97135FE10630D407BF6222094AAD2AA95F29A9E69C6D3E8441F700B469FE698A9F58D7F833815F68A4DE48DB30425710A9D65B7FBE6F00E1D7F46C6622D040D90921CFF09699D15A8A4AD2E92DC6A0F2194E071C818B034D43EF5E01B6D2BB180FDC9978C9CD4E116FC58197AF0D26101104F6FA48B6872EEECC4DBA9E3D57F4BF0077DFF8B52D27A8F5846DB8B13A8A4AE96B7F89AAFB5096712771E78A4085FC81269BE72EF919DC03041CDF8EE767517C95B0D2E708E2CD49C924B0F85942FEDC4FC4E9D77349879897F34FC76B9209B81FB9C02E84F87A438A762E8D3908D0919698E8150E7CFA6ACEEA45C033D924A0A06887847E8AD3D0B1B0280DAB9550240F78E18FF0DAD729AB1B1422666E2D37AAB06F35B8F26A68F8BE7C052D10AF1C42E7E63277749711244221DA5BE87E0A3F2AD2CD27F11E0614AF99C27100F7042E109C2D313985DCA142679BA0C2C9A4D58DA02175A9A628243885DADE5381ECC23EBBF661FE41CC82A1F558F55A9519D9BA5C467E230C50C230D6A310577C6966E49245807EBF279889ECCBCEF1387CA9361E15D5C7AC867A93B9B853C36B126F950294395547B32BC705F154AFE068982490ADC069B9D34C81F0F72BAE2582AD8C7FA5EB0574BE72"
"OOCC06.00.00.01WSSV"="E0D07F77553C5281E836E4F0B4D1A9A0CE99D4C567D3D11A14A8ACB61E504CE745C8B01B56B9FB34F4911456046E118E0FE54AD10D4E44BAF98530960C6166098547F86D6D913C3E2D4D799257E92614255DBA755EF4243EBEB65C8B149D9C0899074AB8DA297CFC9C64C53A0F3BA126505DAF2C037096D07A9AB81CC27CA16B8A874B2D2E6B9FEFE415D9C56360B05DE8866A5977ECB6C4555102B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D1407FEBC9E127BECC74C1C4966FA3530414C6F6976B7F8ADD71B78EC225DA0AC2F716082D92C3C154E70165A1791600B9B6E06FB60340BCB43BF232C8B0BCF9B6922BC67610DDEC62EAA2AE38AE5CC2C85C843AAC4473C5E575A243CF8BA465478CB4E4A8F15BFA0E94E07F8236A4A4A7595193BF71BAF9F072DD635CAEF192F6CDA7333EFC00B3FD091B0323BB1B66197F1D1F63DFD1B0B7C5EE4AD5450754B8B9DDDAB822F8001630BFC2B9F7688324ADE87A85061486313F7D046DA28990A504692C23AA5F509593995031014CA41A242AAA1DFDB16AD5B69EE9D9B65D792656EEC0C800AD1BE1EFA7B5D430D1AD567E47D380C26F7B11A05685CC39A994E3090981DB16A914C4D9500E1E106A5FB93F59AC26C9F72FC480039AA7800D9EB430C19109B7445A23CAF4ABB89C6B40658846B9E0B489FE19175B335CE6FA6DD6923430504FD11F370D7559C49BC20859708312DE3C72FF4D664FA30D16823D8207FC01EA3FC2C37257D6EB6287954D269D7FED16B67628EAD2E884E828D88D8192C9082A410E4A6C6753AC09DAFD48B1A33BC770715114DDC9A284BD0A5209AB896835A28F41BC3FA7830F7983C348E283A26878FE12391E1D17CE4A79B4BA099933FD7C190C15095A1989BF7189D01C6F2CAF4540597806D64F8DB5E7EFA31885A3E2BF9E96153A2F113EE13664DCA5F478F3496D78202E344E7F4C501B7D60806CC8BCCAD1818DFCD933A30EA95978B83AA3D8D588845DC47E37C21F99BDECC970F34A92B932E407EDFC70F8F5B581BD8A80DE028E33BA5285EBDA6E5585CC06FF8E374D61A686AAE9369DE61174013DD6825328D63183F059D0C02E0AE258157D45C0648035EB8F01C70C48F5648A80C208810F2E8D55D60383BD1B0775360FAC0652A3B3BEA39373C365B71BAACC9BFD4408264EB30E9A09DA529B99D456268AE49A110C22DAF5C8C952EFC7A6C14BBE3DA8215742A00900CAA8F88201C429262551E4BAC87919A776E3ED15D4C5C247CE57EDB2208EFDD19A97FCA123FECD2F85D4A1324A20914B9A58130C0542902237959B0A8D23F9BAD09E7D41C590363DD3841B46268764CE7A060FA17D136C32E2AE733CB5726C007B2AC9C"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2010-05-12 11:36:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-12 09:36
ComboFix2.txt 2010-05-11 09:18
Před spuštěním: Volných bajtů: 24 876 949 504
Po spuštění: Volných bajtů: 24 843 264 000
- - End Of File - - AE8613477795B404F14C0FC65E749FE4
zde je log,snad bude správně,vyndaval jsem i baterku ze základní desky,protože už jsem nevěděl,co udělat,aby se monitor zapl.
ComboFix 10-05-10.03 - kája 11.05.2010 23:39:27.6.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.783 [GMT 2:00]
Spuštěný z: c:\documents and settings\kája\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\kája\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100510-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\drivers\fidbox.dat"
"c:\windows\system32\ezsidmv.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\ezsidmv.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2005-11-28 do 2005-12-31 )))))))))))))))))))))))))))))))
.
2010-05-11 10:09 . 2010-05-11 10:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-10 20:35 . 2010-05-10 20:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-10 16:11 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-05-10 16:11 . 2010-04-03 22:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-05-10 16:11 . 2010-04-03 22:55 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-05-10 16:11 . 2010-04-03 22:55 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-05-10 16:11 . 2010-04-03 22:55 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-05-10 16:11 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-05-10 16:11 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-05-10 16:11 . 2010-04-03 22:55 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-05-10 16:11 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-05-10 16:11 . 2010-04-03 22:55 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-05-10 09:49 . 2010-05-10 09:49 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-04 14:04 . 2010-05-04 14:04 -------- d-----w- c:\program files\Conduit
2010-05-04 14:04 . 2010-05-04 14:04 -------- d-----w- c:\program files\Vuze_Remote
2010-04-15 13:20 . 2010-04-15 13:20 -------- d-----w- c:\program files\QuickTime
2010-04-13 12:55 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-10 16:35 . 2010-04-10 16:39 -------- d-----w- c:\program files\ICQ7.1
2010-04-09 19:23 . 2010-04-29 12:47 -------- d-----w- C:\Jitka a Kája
2010-04-07 12:49 . 2010-04-07 12:49 -------- d-----w- c:\program files\Exec
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:23 . 2010-04-03 17:23 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2010-04-03 17:23 . 2010-04-03 17:23 126976 ----a-w- c:\windows\system32\nvrszht.dll
2010-03-10 11:47 . 2009-10-23 14:27 3555328 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-07 18:18 . 2010-03-30 20:46 -------- d-----r- c:\program files\Skype
2010-02-26 16:05 . 2010-02-26 16:05 -------- d-----w- c:\program files\Common Files\Java
2010-02-25 22:12 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-25 22:12 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-25 22:12 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-25 22:12 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-25 22:12 . 2010-02-25 22:12 -------- d--h--w- c:\windows\msdownld.tmp
2010-02-18 23:21 . 2010-02-18 23:24 -------- d-----w- C:\TRANSLAT
2010-02-18 22:50 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-02-18 22:50 . 2010-02-18 22:50 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-18 22:49 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-02-18 22:49 . 2009-12-30 10:30 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-02-18 22:49 . 2009-12-30 10:30 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-02-18 22:49 . 2010-01-21 13:53 18048 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-02-18 22:49 . 2009-12-30 10:30 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-02-18 22:49 . 2009-10-06 10:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-02-10 15:03 . 2010-02-10 15:03 -------- d-----w- c:\program files\SEGA
2010-02-02 14:16 . 2010-02-02 14:16 -------- d-----w- c:\program files\iPod
2010-02-02 14:15 . 2010-02-02 14:16 -------- d-----w- c:\program files\iTunes
2010-01-19 15:41 . 2010-01-19 15:41 -------- d-----w- c:\program files\AxBx
2010-01-13 14:10 . 2010-01-13 14:10 85504 -c----w- c:\windows\system32\dllcache\cabview.dll
2010-01-13 13:35 . 2009-11-21 16:46 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-24 07:07 . 2009-12-24 07:07 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2009-12-17 08:00 . 2009-12-17 08:00 343552 -c----w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:37 . 2009-12-14 07:37 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-07 16:42 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-07 16:42 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 16:42 . 2010-05-10 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-07 15:32 . 2009-12-07 15:32 -------- d-----w- c:\program files\DVDCover+
2009-12-03 16:43 . 2009-12-03 17:32 -------- d-----w- c:\program files\Microsoft Games
2009-12-02 18:16 . 2009-12-02 18:19 23733 ----a-w- c:\windows\hpqins15.dat
2009-11-27 17:35 . 2009-11-27 17:35 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:40 . 2009-11-27 16:40 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:40 . 2009-11-27 16:40 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:40 . 2009-11-27 16:40 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2009-11-27 14:28 . 2009-11-27 14:28 -------- d-----w- c:\program files\Common Files\PCSuite
2009-11-27 14:25 . 2009-11-27 14:29 -------- d-----w- c:\program files\DIFX
2009-11-26 17:35 . 2009-11-26 17:41 19567 ----a-w- c:\windows\hpqins13.dat
2009-11-26 17:23 . 2009-11-26 17:28 78206 ----a-w- c:\windows\hpqins05.dat
2009-11-26 17:09 . 2009-11-26 17:09 -------- d-----w- c:\windows\Hewlett-Packard
2009-11-26 17:02 . 2008-01-24 21:22 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-26 17:02 . 2008-01-24 21:22 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-26 17:01 . 2008-01-24 21:23 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-11-26 17:01 . 2007-10-20 17:21 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2009-11-26 17:01 . 2007-10-20 17:25 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2009-11-26 17:01 . 2008-01-24 21:22 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-11-26 17:00 . 2008-01-24 21:22 729088 ----a-r- c:\windows\system32\hpowiax7.dll
2009-11-26 17:00 . 2008-01-24 21:22 303104 ----a-r- c:\windows\system32\hpovst15.dll
2009-11-26 17:00 . 2008-01-24 21:22 581632 ----a-r- c:\windows\system32\hpotscl6.dll
2009-11-26 17:00 . 2008-01-24 21:22 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-11-26 17:00 . 2008-01-24 21:22 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-11-26 16:53 . 2009-11-26 16:53 -------- d-----w- c:\program files\Common Files\HP
2009-11-26 16:53 . 2009-11-26 16:53 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-26 16:52 . 2009-11-26 16:52 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-11-26 16:50 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-26 16:50 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-26 16:47 . 2009-11-26 17:09 -------- d-----w- c:\program files\HP
2009-11-26 16:45 . 2009-11-26 17:03 186308 ----a-w- c:\windows\hpoins28.dat
2009-11-26 16:45 . 2008-07-01 04:02 796 ------w- c:\windows\hpomdl28.dat
2009-11-25 16:16 . 2009-11-25 16:17 -------- d-----w- c:\program files\hkSFV
2009-11-25 10:13 . 2009-11-25 10:13 -------- d-----w- c:\program files\MSXML 4.0
2009-11-24 09:00 . 2009-11-24 09:00 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-24 09:00 . 2009-11-24 09:00 -------- d-----w- c:\program files\Red Kawa
2009-11-24 08:40 . 2009-12-27 11:50 -------- d-----w- c:\program files\MediaCoder
2009-11-23 12:50 . 2009-11-23 12:50 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-11-22 16:35 . 2009-11-24 15:58 3532 ----a-w- C:\drmHeader.bin
2009-11-22 14:20 . 2009-11-22 14:20 0 ----a-w- c:\windows\nsreg.dat
2009-11-22 10:50 . 2009-12-02 17:31 -------- d-----w- c:\program files\HandBrake
2009-11-22 01:31 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-22 01:29 . 2009-11-22 01:29 -------- d-----w- c:\program files\Apple Software Update
2009-11-22 01:29 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-11-22 01:29 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-22 01:28 . 2010-02-02 14:16 -------- d-----w- c:\program files\Common Files\Apple
2009-11-21 21:01 . 2009-11-21 21:01 54772 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-21 13:34 . 2010-03-29 15:09 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-11-18 12:14 . 2009-11-18 12:20 -------- d-----w- c:\program files\Startup Faster
2009-11-18 11:54 . 2009-11-18 11:54 -------- d-----w- c:\program files\Reference Assemblies
2009-11-18 11:03 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-18 11:02 . 2010-02-25 06:18 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-18 11:02 . 2010-02-25 06:18 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-18 11:02 . 2010-02-25 06:18 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-18 11:02 . 2010-02-25 06:18 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-18 11:02 . 2010-02-25 06:18 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-18 11:02 . 2010-02-25 09:48 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-17 21:19 . 2009-11-17 21:20 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-11-17 21:00 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-11-17 21:00 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-11-17 20:57 . 2009-11-17 20:57 -------- d-----w- c:\program files\Microsoft Works
2009-11-17 20:56 . 2009-11-17 20:56 -------- d-----w- c:\program files\Microsoft.NET
2009-11-17 20:54 . 2009-11-17 20:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-17 20:53 . 2009-11-17 20:57 -------- d-----w- c:\windows\SHELLNEW
2009-11-17 11:51 . 2008-08-14 09:51 138368 -c----w- c:\windows\system32\dllcache\afd.sys
2009-11-17 11:51 . 2008-06-20 17:42 247296 -c----w- c:\windows\system32\dllcache\mswsock.dll
2009-11-17 09:58 . 2009-11-17 11:44 -------- d-----w- c:\windows\system32\wbem\Repository.002
2009-11-17 09:41 . 2009-11-17 09:42 -------- d-----w- C:\5d1c994c08196049e613ebe5690e
2009-11-16 13:16 . 2009-11-16 13:16 -------- d-----w- C:\fd3a5f783c43a358aef094c8eaa4
2009-11-16 12:57 . 2008-07-03 13:15 8458752 -c----w- c:\windows\system32\dllcache\shell32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 20:34 . 2009-01-23 17:48 -------- d-----w- c:\program files\CCleaner
2010-04-10 16:36 . 2009-01-23 15:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-03 22:55 . 2008-09-17 22:55 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2008-09-17 22:55 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-10 06:17 . 2002-09-23 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2009-11-15 22:29 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2002-09-23 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:34 . 2002-09-23 12:00 2183552 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:34 . 2002-09-20 17:12 2060544 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2002-09-23 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Exec ----
2010-03-11 14:37 . 2010-03-11 14:37 2107392 ----a-w- c:\program files\Exec\HeySmile Studio\HeySmile Studio.exe
2010-03-11 14:37 . 2010-03-11 14:37 2971 ----a-w- c:\program files\Exec\HeySmile Studio\HeySmile Studio.exe.config
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.Common.BusLa.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.Common.Data.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.Common.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.Common.ZLib.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 32768 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.Controls.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 90112 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.SQL.Module.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 49152 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\Exec.SQL.Phobo.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 6656 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboBusLa.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 774144 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboClient.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboConfig.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4608 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboDesigner.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboDesignerWPF.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4608 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboRemote.resources.dll
2010-03-11 14:21 . 2010-03-11 14:21 4096 ----a-w- c:\program files\Exec\HeySmile Studio\cs-CZ\PhoboReplication.resources.dll
2010-03-11 14:07 . 2010-03-11 14:07 15872 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.BusLa.dll
2010-03-11 14:07 . 2010-03-11 14:07 81920 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.Data.dll
2010-03-11 14:07 . 2010-03-11 14:07 94208 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.dll
2010-03-11 14:07 . 2010-03-11 14:07 16384 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.ZLib.dll
2010-03-11 14:07 . 2010-03-11 14:07 77824 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Controls.dll
2010-03-11 14:07 . 2010-03-11 14:07 155648 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.SQL.Module.dll
2010-03-11 14:07 . 2010-03-11 14:07 274432 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.SQL.Phobo.dll
2010-03-11 14:07 . 2010-03-11 14:07 174080 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboBusLa.dll
2010-03-11 14:07 . 2010-03-11 14:07 23552 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboConfig.dll
2010-03-11 14:07 . 2010-03-11 14:07 507904 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboDesigner.dll
2010-03-11 14:07 . 2010-03-11 14:07 57344 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboDesignerWPF.dll
2010-03-11 14:07 . 2010-03-11 14:07 196608 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboRemote.dll
2010-03-11 14:07 . 2010-03-11 14:07 32768 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboReplication.dll
2010-03-11 14:07 . 2010-03-11 14:07 1103360 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboClient.pdb
2010-03-11 14:07 . 2010-03-11 14:07 255488 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboBusLa.pdb
2010-03-11 14:07 . 2010-03-11 14:07 298496 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboDesigner.pdb
2010-03-11 14:07 . 2010-03-11 14:07 32256 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.SQL.Phobo.pdb
2010-03-11 14:07 . 2010-03-11 14:07 38400 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboConfig.pdb
2010-03-11 14:07 . 2010-03-11 14:07 315392 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboRemote.XmlSerializers.dll
2010-03-11 14:07 . 2010-03-11 14:07 32256 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboReplication.pdb
2010-03-11 14:07 . 2010-03-11 14:07 167424 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.Data.pdb
2010-03-11 14:07 . 2010-03-11 14:07 13824 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.SQL.Module.pdb
2010-03-11 14:07 . 2010-03-11 14:07 50688 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboDesignerWPF.pdb
2010-03-11 14:07 . 2010-03-11 14:07 450048 ----a-w- c:\program files\Exec\HeySmile Studio\PhoboRemote.pdb
2010-03-11 14:07 . 2010-03-11 14:07 42496 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.BusLa.pdb
2010-03-11 13:57 . 2010-03-11 13:57 124416 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Controls.pdb
2010-03-11 13:56 . 2010-03-11 13:56 11776 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.ZLib.pdb
2010-03-11 13:56 . 2010-03-11 13:56 173568 ----a-w- c:\program files\Exec\HeySmile Studio\Exec.Common.pdb
2007-10-24 12:47 . 2007-10-24 12:47 704512 ----a-w- c:\program files\Exec\HeySmile Studio\FirebirdSql.Data.FirebirdClient.dll
2007-09-03 14:14 . 2007-09-03 14:14 684032 ----a-w- c:\program files\Exec\HeySmile Studio\intl\fbintl.dll
2007-09-03 14:14 . 2007-09-03 14:14 9216 ----a-w- c:\program files\Exec\HeySmile Studio\udf\ib_udf.dll
2007-09-03 14:13 . 2007-09-03 14:13 10752 ----a-w- c:\program files\Exec\HeySmile Studio\udf\fbudf.dll
2007-09-03 14:09 . 2007-09-03 14:09 5632 ----a-w- c:\program files\Exec\HeySmile Studio\ib_util.dll
2007-09-03 14:05 . 2007-09-03 14:05 127696 ----a-w- c:\program files\Exec\HeySmile Studio\firebird.msg
2007-09-03 14:05 . 2007-09-03 14:05 2015232 ----a-w- c:\program files\Exec\HeySmile Studio\fbembed.dll
2007-09-03 13:56 . 2007-09-03 13:56 1114112 ----a-w- c:\program files\Exec\HeySmile Studio\icudt30.dll
2007-09-03 13:54 . 2007-09-03 13:54 200704 ----a-w- c:\program files\Exec\HeySmile Studio\icuin30.dll
2007-09-03 13:54 . 2007-09-03 13:54 548864 ----a-w- c:\program files\Exec\HeySmile Studio\icuuc30.dll
2007-03-06 07:21 . 2007-03-06 07:21 21541 ----a-w- c:\program files\Exec\HeySmile Studio\firebird.conf
2006-11-29 10:09 . 2006-11-29 10:09 172032 ----a-w- c:\program files\Exec\HeySmile Studio\ICSharpCode.SharpZipLib.dll
2006-06-05 00:17 . 2006-06-05 00:17 5057 ----a-w- c:\program files\Exec\HeySmile Studio\intl\fbintl.conf
2005-11-01 14:28 . 2005-11-01 14:28 884736 ----a-w- c:\program files\Exec\HeySmile Studio\Microsoft.Web.Services3.dll
2004-11-29 09:06 . 2004-11-29 09:06 499712 ----a-w- c:\program files\Exec\HeySmile Studio\msvcp71.dll
2004-11-29 09:06 . 2004-11-29 09:06 348160 ----a-w- c:\program files\Exec\HeySmile Studio\msvcr71.dll
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD_Display"="c:\program files\AMD\AMD Power Monitor\AMD_PwrMon.exe" [2009-11-08 1449984]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0autocheck smrgdf c:\documents and settings\kája\Data aplikací\iolo\\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2008-11-03 23:44 435096 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 20:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 09:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 18:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2004-08-17 14:49 159232 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-02-05 12:45 385856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-03 17:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-03 17:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
2010-02-18 23:23 26624 ----a-w- c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupFaster]
2008-09-07 18:36 1402080 ----a-w- c:\program files\Startup Faster\StartupLoader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-10-12 20:24 2000112 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SEGA\\Vancouver 2010\\Vancouver.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 hotcore2;hotcore2;c:\windows\system32\drivers\hotcore2.sys [24.1.2009 10:11 30808]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.1.2009 19:48 114768]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12.10.2009 22:24 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12.10.2009 22:24 74480]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.1.2009 21:03 20560]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [13.7.2009 11:38 592232]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [13.7.2009 11:38 592232]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [16.5.2009 12:17 219264]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17.6.2009 14:20 12648]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [1.11.2009 21:50 98488]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12.10.2009 22:24 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
2010-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\kája\Data aplikací\Mozilla\Firefox\Profiles\am89cmnq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences\
---- NASTAVENÍ FIREFOXU ----
pref(icqtoolbar.suggestions, true);
pref(icqtoolbar.xmlEnableSuggestions, true);
pref(icqtoolbar.history, );
pref(icqtoolbar.shownElements, itb_people itb_zoom_in itb_zoom_out itb_zoom_default itb_games itb_highlight);
pref(icqtoolbar.hiddenElements, itb_options itb_send_url);
/*
pref(icqtoolbar.searchInSameTab, true);
pref(icqtoolbar.searchInNewWindow, false);
*/
// 0 - same tab; 1 - new tab; 2 - new window
pref(icqtoolbar.displayResultsIn, 1);
//-1 for infinite number of saved searches
pref(icqtoolbar.historyCapacity, 15);
pref(icqtoolbar.displayHistory, true);
pref(icqtoolbar.enableAutocomplete, false);
pref(icqtoolbar.searchOnDrop, true);
pref(icqtoolbar.searchOnSelect, true);
pref(icqtoolbar.searchBoxSize, 200);
pref(icqtoolbar.showBtnsText, false);
pref(icqtoolbar.allowSendURL, true);
pref(icqtoolbar.initSearchType, );
pref(icqtoolbar.uninstStatSent, false);
pref(icqtoolbar.installsource, 0);
pref(icqtoolbar.xmlLanguage, en-US);
pref(icqtoolbar.updateRetryTimeout, 600);
pref(icqtoolbar.showSitesPanel, true);
pref(icqtoolbar.showVoucher, true);
pref(icqtoolbar.searchInNewTab, true);
pref(icqtoolbar.displayResultsIn, 1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-12-31 23:07
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1897051121-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="706410BA350AE1AE84CDCCDB76D07BDF0E2525128E63177672521F09D1C03CBB391BBBBCB0E29C4CF6FD664C431FDB3C75211D5E1DA2B0B7B74F80907D764E46C78A9F7DBD92A2105D251FC82289E0B847F7324A6EBCDFCEAF17D6BA4FA2C63E2B2972F6129E86629ABDAED32F65AA1ADA4435809F7572774706B078891D3F79FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D67949DB7CE019D40AA5C386C0E73075F3D512CC5E71CB10AEB2542AF82BAA95188765645EF6E098549A44CE48857F0AAE1E70A2EEC0CB87AEC8ACA13DB19E2FB2DB6C0F3D692E22C184E03D0153B3BB331D8CF014933622AB6F59B0CB53B7C729F7473001207E19A69E0AB623DA27CD72FB561B0435E698B9A96CCED3358F6551F975BBA418CEB42881B2990BD741D7BD3B839F5553D5B8F5C3B8BCF2C89264ADCA9FCC03A42379935DF739688FB5D038A3D614BAEE49C2F37D91B8FAA4B32F8FDD6ECEB05B1531920361470C369CB5BB4C07B6E314DE2E5D58ACDCBEF01968D1E73D5E05D439F3FF3C8AB61484FD071A6EABAE474D2B9345B0B0F6AEE6EA1B94A747602B445CF0D48E66DEE24A5A439A501E873C1367F1C5B3CDB134F3DF8B284739FF8AF6B6E092E0321641748552970706127181DE5A5DE22C4B0ECF9143043AE3A34A54BD7BBA7B5A1CF197546BA36C713CD290D76DD64E5EFF4D518BE6D7087BDE3255FBC342C37DC0253D0AAED1BBB847B5DF40952DBD495D2CF6B19AEE9843A7DEB86228327675892A1E20EC4B524CC87CD234E99AAE083834F2E153503CED13A7102DF3F77CAA95A1795CDC5147D980C494E48C8281C1B03837DFCCBFE36BA16DB792401EE06FC77F8B99BFB36E5A868D28C4E7BA3C2D110495A6ABD1A2ABD5489F6EDE5D6E5904EBF027CF50FA2CF40A05C89D25DAFB0AF35AB4EDB82C1BBF889E793906858B9829A844CC6861C777B9C1D7A728AE2D4AA8EB86B7C5937A4CC2120BCA5D2EE5DFE6A3FB604F8DC9B4465127380D304708DD0AF5BF5346700DC495667CF3A6378F243103EC83795CC88CEE59B2A565A47A62C2208269D55687CAD2363BC340F994FF0BA393404992F7E5FA3EC1EA3D2B38B0386B36D13270A3DAF86551DCC7064CA6F6650E818E17A9A4F3C3790BF7EA1946DB46F308824AA7B626137A702AB105E719E828C1F0AFB988F049B39249294DCB7EA23D7E2BD1DD18FFB5515C886E6CADA52A04BB9CF137941331253BD67204460CA0D51FA834D24337ECEA3866C498FC7D5D0537B9AB47D3BE6E51EEDF9EDEF1BD73A8BA0AC3A95FE799B1417EB2AF403608D566D70E82D889DB45E0A6B3C48CFFD11FC1512F30F565E02AD483891838F8DA28B8AFCCAD4673DF05BDA80"
"OODEFRAG12.00.00.01PROFESSIONAL"="1271FA57C74CD6DC49FC4625E70526A2F98C417847F19FE83EF21C5793298D2998D35FC8D44EDB8C51141E4607B2CCC5601DB280D132403F66E911724CF60B963968A0C8C67ADAEBFCADAB13BAE02FF94CEF60CC31A0DF08F95C5B2CCB7DB01ED4354C4DD34D7C9C02C31E1F6312678F6E95FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D1407FEBC9E127BECC74C51429BF98D48F26F1BA92CB6D78312C5929B7299E42F3F9C178ED41CCE5BBED37B2505D72AB0D75ABD1FAF9741CD3AE8BD9DA04355F67C1E8C3D919A790FA4D34FF47638F566455528CB606F415524DC3ADE70EF05AAF56934B35CC234652CD5EF617D11B144CA55A07DF5B80BA2D5A91167623EB79FCB39F65A9C797320AD6C47CF8C29A49A9B6130370CC2D530FD6A0DF8DB20B39EC35FFE4CA0F52F75A73C82D7F81F97AA8D14252D222EDAF0EAD03D8423DDC76547C23E5818C4E490BC0114C7FEE2572D9B1E92C81AEFD9C5912074AF67904025E0DA67049AC5150EB10AAE1FBB3836CA66C04EA8BD53948888B149D6362873024436F30421AB4401F0364D91B2BA0BA4AED4729D3675D2848BF098080667B71644759EC6887EFBED897F2C08C8542D4EDC455DAC9448DDF9FB5D8004ADE3E76DDACE6969131A47D1AA6E4DA0C9477CCB7A113090CA90061D5D8DE3C36B0A6509248A974164AE38172C21F52A64A7591B384B52B5B1691C1656A76A71DE97135FE10630D407BF6222094AAD2AA95F29A9E69C6D3E8441F700B469FE698A9F58D7F833815F68A4DE48DB30425710A9D65B7FBE6F00E1D7F46C6622D040D90921CFF09699D15A8A4AD2E92DC6A0F2194E071C818B034D43EF5E01B6D2BB180FDC9978C9CD4E116FC58197AF0D26101104F6FA48B6872EEECC4DBA9E3D57F4BF0077DFF8B52D27A8F5846DB8B13A8A4AE96B7F89AAFB5096712771E78A4085FC81269BE72EF919DC03041CDF8EE767517C95B0D2E708E2CD49C924B0F85942FEDC4FC4E9D77349879897F34FC76B9209B81FB9C02E84F87A438A762E8D3908D0919698E8150E7CFA6ACEEA45C033D924A0A06887847E8AD3D0B1B0280DAB9550240F78E18FF0DAD729AB1B1422666E2D37AAB06F35B8F26A68F8BE7C052D10AF1C42E7E63277749711244221DA5BE87E0A3F2AD2CD27F11E0614AF99C27100F7042E109C2D313985DCA142679BA0C2C9A4D58DA02175A9A628243885DADE5381ECC23EBBF661FE41CC82A1F558F55A9519D9BA5C467E230C50C230D6A310577C6966E49245807EBF279889ECCBCEF1387CA9361E15D5C7AC867A93B9B853C36B126F950294395547B32BC705F154AFE068982490ADC069B9D34C81F0F72BAE2582AD8C7FA5EB0574BE72"
"OOCC06.00.00.01WSSV"="E0D07F77553C5281E836E4F0B4D1A9A0CE99D4C567D3D11A14A8ACB61E504CE745C8B01B56B9FB34F4911456046E118E0FE54AD10D4E44BAF98530960C6166098547F86D6D913C3E2D4D799257E92614255DBA755EF4243EBEB65C8B149D9C0899074AB8DA297CFC9C64C53A0F3BA126505DAF2C037096D07A9AB81CC27CA16B8A874B2D2E6B9FEFE415D9C56360B05DE8866A5977ECB6C4555102B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A9C6AECB7A5D1407FEBC9E127BECC74C1C4966FA3530414C6F6976B7F8ADD71B78EC225DA0AC2F716082D92C3C154E70165A1791600B9B6E06FB60340BCB43BF232C8B0BCF9B6922BC67610DDEC62EAA2AE38AE5CC2C85C843AAC4473C5E575A243CF8BA465478CB4E4A8F15BFA0E94E07F8236A4A4A7595193BF71BAF9F072DD635CAEF192F6CDA7333EFC00B3FD091B0323BB1B66197F1D1F63DFD1B0B7C5EE4AD5450754B8B9DDDAB822F8001630BFC2B9F7688324ADE87A85061486313F7D046DA28990A504692C23AA5F509593995031014CA41A242AAA1DFDB16AD5B69EE9D9B65D792656EEC0C800AD1BE1EFA7B5D430D1AD567E47D380C26F7B11A05685CC39A994E3090981DB16A914C4D9500E1E106A5FB93F59AC26C9F72FC480039AA7800D9EB430C19109B7445A23CAF4ABB89C6B40658846B9E0B489FE19175B335CE6FA6DD6923430504FD11F370D7559C49BC20859708312DE3C72FF4D664FA30D16823D8207FC01EA3FC2C37257D6EB6287954D269D7FED16B67628EAD2E884E828D88D8192C9082A410E4A6C6753AC09DAFD48B1A33BC770715114DDC9A284BD0A5209AB896835A28F41BC3FA7830F7983C348E283A26878FE12391E1D17CE4A79B4BA099933FD7C190C15095A1989BF7189D01C6F2CAF4540597806D64F8DB5E7EFA31885A3E2BF9E96153A2F113EE13664DCA5F478F3496D78202E344E7F4C501B7D60806CC8BCCAD1818DFCD933A30EA95978B83AA3D8D588845DC47E37C21F99BDECC970F34A92B932E407EDFC70F8F5B581BD8A80DE028E33BA5285EBDA6E5585CC06FF8E374D61A686AAE9369DE61174013DD6825328D63183F059D0C02E0AE258157D45C0648035EB8F01C70C48F5648A80C208810F2E8D55D60383BD1B0775360FAC0652A3B3BEA39373C365B71BAACC9BFD4408264EB30E9A09DA529B99D456268AE49A110C22DAF5C8C952EFC7A6C14BBE3DA8215742A00900CAA8F88201C429262551E4BAC87919A776E3ED15D4C5C247CE57EDB2208EFDD19A97FCA123FECD2F85D4A1324A20914B9A58130C0542902237959B0A8D23F9BAD09E7D41C590363DD3841B46268764CE7A060FA17D136C32E2AE733CB5726C007B2AC9C"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Celkový čas: 2010-05-12 11:36:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-12 09:36
ComboFix2.txt 2010-05-11 09:18
Před spuštěním: Volných bajtů: 24 876 949 504
Po spuštění: Volných bajtů: 24 843 264 000
- - End Of File - - AE8613477795B404F14C0FC65E749FE4
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43291
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o pomoc a kontrola logu
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.
+nový log z HJT.
Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.
+nový log z HJT.
Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
Kód: Vybrat vše
:Processes
explorer.exe
:Services
:Reg
:Files
C:\WINDOWS\System32\*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
c:\windows\Tasks\*.job /s
c:\windows\system32\d3d9caps.dat
c:\windows\msdownld.tmp
C:\drmHeader.bin
c:\windows\system32\mlfcache.dat
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o pomoc a kontrola logu
vůbec se mi nepodařilo zapnout pc,tak nevim co s tím už,jak to nastartovat,odpojil jsem vše,ale vůbec nic už nepomáhá,ted píšu z jiného.jak to jen bude možné a zapne se mi monitor,tak to udělám.Takže nevim,nebo to vemu někam zkusit.Hned dám vědět.
Re: prosím o pomoc a kontrola logu
Zdravím všechny,
mám problém s vypalováním. Při vypalování datového DVD například s .avi soubory se zastaví procenta stavu procesu a po několika minutách dojde k chybě. Avšak třeba audio CD to vypálí normálně.... Do nedávna všechno šlapalo tak jak má. Mohl by mi někdo pomoci či poradit???? Sjel jsem snad všechny fóra, vyzkoušel x možností od updatu driverů až po reinstal systému......POMOC please..... :(
přikládám log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:01:26, on 14.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ACDSee32\ACDSee32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HiJackThis.exe
C:\Program Files\Winamp\winamp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O3 - Toolbar: Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3554 bytes
mám problém s vypalováním. Při vypalování datového DVD například s .avi soubory se zastaví procenta stavu procesu a po několika minutách dojde k chybě. Avšak třeba audio CD to vypálí normálně.... Do nedávna všechno šlapalo tak jak má. Mohl by mi někdo pomoci či poradit???? Sjel jsem snad všechny fóra, vyzkoušel x možností od updatu driverů až po reinstal systému......POMOC please..... :(
přikládám log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:01:26, on 14.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ACDSee32\ACDSee32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HiJackThis.exe
C:\Program Files\Winamp\winamp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O2 - BHO: CentrumczToolbar BHO - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O3 - Toolbar: Centrum.cz Toolbar - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí &BitSpiritu - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 3554 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43291
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o pomoc a kontrola logu
To shearer79: Pokud se nedostaneš do BIOSu bude závada v HW. Zkus ještě reset BIOS ,nebo vyndat na 5 min baterii.
To daftkrys: prosím Tě založ si vlastní nové téma.
To daftkrys: prosím Tě založ si vlastní nové téma.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o pomoc a kontrola logu
ok zkusim to,je možný tedy špatnej harddisk,nebo tak něco?
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů