prosím o kotrolu logu Vyřešeno

[milosb]

ComboFix 10-07-28.01 - michal 29.07.2010 11:23:38.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1673 [GMT 2:00]
Spuštěný z: c:\documents and settings\michal\Plocha\ComboFix-NESPUSTAT.exe
Použité ovládací přepínače :: c:\documents and settings\michal\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\temp\Perflib_Perfdata_5ac.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\temp\Perflib_Perfdata_5ac.dat
c:\windows\system32\1029 . . . . nemohl být smazán

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ETERLOGICVIRTUALSERIALDRIVER
-------\Service_EterlogicVirtualSerialDriver


((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-29 )))))))))))))))))))))))))))))))
.

2010-07-29 09:01 . 2010-07-29 09:01 -------- d-----w- C:\3dmark2000
2010-07-28 18:21 . 2010-07-28 18:22 -------- d-----w- c:\program files\Veetle
2010-07-28 13:30 . 2010-07-28 13:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-28 10:02 . 2010-07-28 10:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-28 10:02 . 2010-07-28 10:02 -------- d-----w- c:\program files\Spyware Terminator
2010-07-27 21:21 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 21:21 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 21:21 . 2010-07-27 21:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 15:01 . 2010-07-27 15:01 -------- d-----w- c:\program files\Driver Robot
2010-07-27 07:50 . 2010-07-27 07:50 -------- d-----w- c:\program files\hj
2010-07-26 18:50 . 2010-07-26 18:54 -------- d-----w- c:\program files\Air Aces Pacific
2010-07-26 15:06 . 2010-07-27 22:14 -------- d-----w- c:\program files\SpeedFan
2010-07-26 12:03 . 2010-07-26 12:03 -------- d-----w- c:\windows\system32\Futuremark
2010-07-26 12:03 . 2004-10-25 18:02 21664 ----a-w- c:\windows\system32\drivers\Entech.sys
2010-07-26 12:03 . 2001-11-19 16:05 3972 ------w- c:\windows\system32\drivers\PciBus.sys
2010-07-26 12:02 . 2010-07-26 12:12 -------- d-----w- c:\program files\Futuremark
2010-07-26 09:36 . 2010-07-26 10:41 -------- d-----w- C:\Panzer Elite Action
2010-07-25 19:24 . 2010-07-25 19:24 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-25 19:24 . 2010-07-25 19:24 -------- d-----w- c:\windows\system32\AGEIA
2010-07-25 19:24 . 2010-07-25 19:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-24 21:01 . 2010-07-24 21:01 -------- d-----w- c:\program files\SSI
2010-07-24 21:00 . 2001-10-17 17:43 507904 ------w- c:\windows\Silent Hunter II remove.exe
2010-07-24 21:00 . 2000-12-15 21:58 44544 ----a-r- c:\windows\dsetup.dll
2010-07-24 21:00 . 2000-12-15 15:46 1772544 ----a-r- c:\windows\dsetup32.dll
2010-07-24 19:00 . 2010-07-24 19:00 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-24 19:00 . 2010-07-24 19:00 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-24 19:00 . 2010-07-24 19:00 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-24 19:00 . 2010-07-24 19:00 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-24 18:59 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-24 18:59 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-24 18:59 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-24 18:59 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-24 18:59 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-07-24 18:59 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-24 17:32 . 2001-08-18 04:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-07-24 17:32 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-24 17:32 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-24 17:32 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-24 17:32 . 2008-02-29 10:00 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-07-24 17:32 . 2008-02-29 09:12 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2010-07-24 16:32 . 2010-07-24 16:32 -------- d-----w- c:\program files\Stentec
2010-07-23 18:09 . 2010-07-23 18:25 -------- d-----w- C:\foto kami
2010-07-23 17:55 . 2010-07-23 17:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-23 16:14 . 2010-07-23 16:14 -------- d-----w- c:\windows\Sun
2010-07-23 16:14 . 2010-07-23 16:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-19 11:15 . 2010-07-26 14:11 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-19 11:15 . 2010-07-26 14:11 214592 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-19 11:14 . 2010-07-19 11:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-18 19:32 . 2010-07-18 19:32 -------- d-----w- c:\windows\system32\LogFiles
2010-07-18 19:32 . 2010-07-18 19:32 -------- d-----w- c:\program files\EA Sports
2010-07-18 15:28 . 2010-07-18 15:28 -------- d-----w- C:\EVEREST Ultimate Edition 5.00.1652
2010-07-10 17:37 . 2010-07-10 17:37 -------- d-----w- c:\documents and settings\michal\dwhelper
2010-07-10 14:55 . 2010-07-12 16:12 -------- d-----w- c:\windows\system32\Adobe
2010-07-09 19:47 . 2010-07-09 19:47 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-07-09 14:24 . 2006-06-01 15:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24 . 2006-06-01 15:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24 . 2006-06-01 15:22 229376 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24 . 2006-06-01 15:22 7618560 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:24 . 2006-06-01 15:22 155715 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24 . 2006-06-01 15:22 147456 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-04 11:50 . 2010-07-04 11:50 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-03 17:52 . 2010-07-04 11:03 -------- d-----w- c:\program files\Yamicsoft
2010-07-03 13:08 . 2004-05-04 10:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2010-07-03 08:25 . 2010-07-03 08:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-29 10:40 . 2010-06-29 10:42 -------- d-----w- C:\uprava fotiek
2010-06-29 10:35 . 2010-06-29 10:35 -------- d-----w- c:\windows\SHELLNEW
2010-06-29 10:35 . 2010-06-29 10:35 -------- d-----w- c:\program files\Microsoft.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 09:48 . 2010-06-02 17:50 -------- d-----r- c:\program files\Skype
2010-07-26 19:06 . 2010-06-05 20:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 17:33 . 2010-07-24 17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-07-24 17:33 . 2010-07-24 17:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-20 13:00 . 2010-06-28 18:19 -------- d-----w- c:\program files\BSplayerPro
2010-07-09 22:38 . 2010-06-02 17:14 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-07 11:46 . 2010-06-02 17:14 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-04 13:06 . 2010-06-03 18:11 -------- d-----w- c:\program files\Internet Download Manager
2010-06-29 09:55 . 2010-06-28 10:21 -------- d-----w- c:\program files\VS Revo Group
2010-06-28 08:55 . 2010-06-02 17:40 -------- d-----w- c:\program files\ESET
2010-06-28 08:42 . 2010-06-28 08:42 -------- d-----w- c:\program files\Common Files\Java
2010-06-28 08:41 . 2010-06-28 08:41 -------- d-----w- c:\program files\Java
2010-06-26 17:20 . 2010-06-26 17:18 -------- d-----w- c:\program files\LEGO Company
2010-06-20 16:52 . 2010-06-20 16:52 -------- d-----w- c:\program files\AIMP2
2010-06-19 17:10 . 2010-06-19 17:10 -------- d-----w- c:\program files\Intel
2010-06-19 17:08 . 2010-06-19 17:08 -------- d-----w- c:\program files\Uniblue
2010-06-19 14:56 . 2010-06-19 14:56 1324940 ----a-w- C:\netstumblerinstaller_0_4_0.exe
2010-06-18 16:21 . 2010-06-18 16:19 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-18 16:20 . 2010-06-18 16:19 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-18 14:43 . 2010-06-18 14:33 -------- d-----w- c:\program files\CD to MP3 Freeware
2010-06-17 18:48 . 2010-06-17 18:47 -------- d-----w- c:\program files\iTunes
2010-06-17 18:47 . 2010-06-17 18:47 -------- d-----w- c:\program files\iPod
2010-06-17 18:47 . 2010-06-17 18:46 -------- d-----w- c:\program files\Common Files\Apple
2010-06-17 18:46 . 2010-06-17 18:46 -------- d-----w- c:\program files\Apple Software Update
2010-06-17 18:46 . 2010-06-17 18:46 -------- d-----w- c:\program files\Bonjour
2010-06-14 17:02 . 2010-06-13 14:45 -------- d-----w- c:\program files\nLite
2010-06-13 14:44 . 2001-10-25 12:00 68916 ----a-w- c:\windows\system32\perfc005.dat
2010-06-13 14:44 . 2001-10-25 12:00 389938 ----a-w- c:\windows\system32\perfh005.dat
2010-06-07 18:14 . 2010-06-07 18:14 -------- d-----w- c:\program files\Redsystem
2010-06-07 18:10 . 2010-06-07 18:05 -------- d-----w- c:\program files\radioPlayer
2010-06-07 12:26 . 2010-06-07 12:26 -------- d-----w- c:\program files\Conduit
2010-06-07 12:26 . 2010-06-07 12:26 -------- d-----w- c:\program files\Ashampoo
2010-06-07 11:24 . 2010-06-07 11:24 -------- d-----w- c:\program files\Elaborate Bytes
2010-06-07 09:08 . 2010-06-07 09:08 -------- d-----w- c:\program files\iMesh Applications
2010-06-05 20:48 . 2010-06-05 20:48 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-06-05 20:48 . 2010-06-05 20:48 737280 ----a-w- c:\windows\iun6002.exe
2010-06-05 20:47 . 2010-06-05 20:47 -------- d-----w- c:\program files\CyberLink
2010-06-02 19:34 . 2010-06-02 19:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-02 17:50 . 2010-06-02 17:50 -------- d-----w- c:\program files\Common Files\Skype
2010-06-02 17:14 . 2010-06-02 17:14 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-02 10:18 . 2010-06-02 09:36 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-06-02 10:18 . 2010-06-02 09:36 2426 ----a-w- c:\windows\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
2010-06-02 10:17 . 2010-06-02 09:36 8972 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cntstore.bin
2010-06-02 09:55 . 2010-06-02 09:55 -------- d-----w- c:\program files\Common Files\LightScribe
2010-06-02 09:45 . 2010-06-02 09:45 0 ----a-w- c:\windows\nsreg.dat
2010-06-02 09:37 . 2010-06-02 09:37 -------- d-----w- c:\program files\microsoft frontpage
2010-06-02 09:34 . 2010-06-02 09:34 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\michal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-06-29 136176]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-07-04 3037696]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-07-29 2610608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\michal\\Data aplikací\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Sports\\FIFA Online\\NFE.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Panzer Elite Action\\pea.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.7.2010 13:50 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 731840]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\everest ultimate edition 5.00.1652\EVEREST Ultimate Edition\kerneld.wnt [18.7.2010 17:28 26224]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [28.6.2010 12:21 27064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.6.2010 21:34 691696]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-03 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\michal\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\t9uih8of.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\documents and settings\michal\Data aplikací\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\t9uih8of.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\t9uih8of.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\t9uih8of.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - plugin: c:\docume~1\michal\DATAAP~1\POWERC~1\nppowerloader.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-OEXPRESS - (no file)
HKCU-Run-WEBTRAN - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 11:29
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\everest ultimate edition 5.00.1652\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f2,fa,f2,d4,65,eb,51,4a,4a,37,d9,22,a3,8a,ea,64,e0,6b,7a,66,96,
2d,b0,7a,a4,10,d5,95,58,2d,43,0c,98,38,8a,ca,0c,05,8d,40,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e0008418-c107-4391-bfb8-a2d5d272d1b0}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d1
"Therad"=dword:00000001
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,0c,72,36,fe,e9,66,82,03,18,55,4b,be,d8,34,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2860)
c:\windows\system32\msi.dll
c:\program files\Internet Download Manager\idmmkb.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\devldr32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2010-07-29 11:32:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-07-29 09:31

Před spuštěním: Volných bajtů: 75 886 231 552
Po spuštění: Volných bajtů: 75 850 571 776

- - End Of File - - FE00632BD712DE2C50D67945195522C1

[Reklama]

[milosb]

ahoj,spustil som HJ prebehol sken,ale neukazalo ho.tak neviem,či ho niekde uložilo,alebo čo.len sa ukazala tá tabulka,kde su v predu tie prázne čtvorčeky

[jaro3]

Tuto složku (program) znáš:
c:\program files\hj ??


Tento program znáš:
c:\program files\SSI

Odinstaluj:
Spyware Terminator

Tohle znamená co:
Spuštěný z: c:\documents and settings\michal\Plocha\ComboFix-NESPUSTAT.exe ??

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\ezsidmv.dat

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{e0008418-c107-4391-bfb8-a2d5d272d1b0}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Odinstaluj , smaž HJT a stáhni nový a proveď sken.

[milosb]

to som len premenoval súbor,aby to náhodou nikto nespustil a niečo nepokazil.vadí?

[milosb]

ComboFix 10-07-28.01 - michal 29.07.2010 13:06:29.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1710 [GMT 2:00]
Spuštěný z: c:\documents and settings\michal\Plocha\ComboFix-NESPUSTAT.exe
Použité ovládací přepínače :: c:\documents and settings\michal\Plocha\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

FILE ::
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-06-28 do 2010-07-29 )))))))))))))))))))))))))))))))
.

2010-07-29 09:01 . 2010-07-29 09:01 -------- d-----w- C:\3dmark2000
2010-07-28 18:21 . 2010-07-28 18:22 -------- d-----w- c:\program files\Veetle
2010-07-28 10:02 . 2010-07-28 10:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-28 10:02 . 2010-07-29 10:54 -------- d-----w- c:\program files\Spyware Terminator
2010-07-27 21:21 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 21:21 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-27 21:21 . 2010-07-27 21:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 15:01 . 2010-07-27 15:01 -------- d-----w- c:\program files\Driver Robot
2010-07-27 07:50 . 2010-07-27 07:50 -------- d-----w- c:\program files\hj
2010-07-26 18:50 . 2010-07-26 18:54 -------- d-----w- c:\program files\Air Aces Pacific
2010-07-26 15:06 . 2010-07-27 22:14 -------- d-----w- c:\program files\SpeedFan
2010-07-26 12:03 . 2010-07-26 12:03 -------- d-----w- c:\windows\system32\Futuremark
2010-07-26 12:03 . 2004-10-25 18:02 21664 ----a-w- c:\windows\system32\drivers\Entech.sys
2010-07-26 12:03 . 2001-11-19 16:05 3972 ------w- c:\windows\system32\drivers\PciBus.sys
2010-07-26 12:02 . 2010-07-26 12:12 -------- d-----w- c:\program files\Futuremark
2010-07-26 09:36 . 2010-07-26 10:41 -------- d-----w- C:\Panzer Elite Action
2010-07-25 19:24 . 2010-07-25 19:24 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-25 19:24 . 2010-07-25 19:24 -------- d-----w- c:\windows\system32\AGEIA
2010-07-25 19:24 . 2010-07-25 19:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-24 21:00 . 2001-10-17 17:43 507904 ------w- c:\windows\Silent Hunter II remove.exe
2010-07-24 21:00 . 2000-12-15 21:58 44544 ----a-r- c:\windows\dsetup.dll
2010-07-24 21:00 . 2000-12-15 15:46 1772544 ----a-r- c:\windows\dsetup32.dll
2010-07-24 19:00 . 2010-07-24 19:00 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-24 19:00 . 2010-07-24 19:00 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-24 19:00 . 2010-07-24 19:00 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-24 19:00 . 2010-07-24 19:00 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-24 18:59 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-24 18:59 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-24 18:59 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-24 18:59 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-24 18:59 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-07-24 18:59 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-24 17:32 . 2001-08-18 04:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-07-24 17:32 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-24 17:32 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-24 17:32 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-24 17:32 . 2008-02-29 10:00 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-07-24 17:32 . 2008-02-29 09:12 35472 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2010-07-24 16:32 . 2010-07-24 16:32 -------- d-----w- c:\program files\Stentec
2010-07-23 18:09 . 2010-07-23 18:25 -------- d-----w- C:\foto kami
2010-07-23 17:55 . 2010-07-23 17:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-23 16:14 . 2010-07-23 16:14 -------- d-----w- c:\windows\Sun
2010-07-23 16:14 . 2010-07-23 16:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-19 11:15 . 2010-07-26 14:11 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-19 11:15 . 2010-07-26 14:11 214592 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-19 11:14 . 2010-07-19 11:14 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-18 19:32 . 2010-07-18 19:32 -------- d-----w- c:\windows\system32\LogFiles
2010-07-18 19:32 . 2010-07-18 19:32 -------- d-----w- c:\program files\EA Sports
2010-07-18 15:28 . 2010-07-18 15:28 -------- d-----w- C:\EVEREST Ultimate Edition 5.00.1652
2010-07-10 17:37 . 2010-07-10 17:37 -------- d-----w- c:\documents and settings\michal\dwhelper
2010-07-10 14:55 . 2010-07-12 16:12 -------- d-----w- c:\windows\system32\Adobe
2010-07-09 19:47 . 2010-07-09 19:47 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-07-09 14:24 . 2006-06-23 14:49 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24 . 2006-06-23 14:49 86016 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24 . 2006-06-23 14:49 229376 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24 . 2006-06-23 14:49 7626752 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:24 . 2006-06-23 14:49 155715 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24 . 2006-06-23 14:49 147456 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-04 11:50 . 2010-07-04 11:50 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-07-03 17:52 . 2010-07-04 11:03 -------- d-----w- c:\program files\Yamicsoft
2010-07-03 13:08 . 2004-05-04 10:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2010-07-03 08:25 . 2010-07-03 08:25 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 09:48 . 2010-06-02 17:50 -------- d-----r- c:\program files\Skype
2010-07-26 19:06 . 2010-06-05 20:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-24 17:33 . 2010-07-24 17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-07-24 17:33 . 2010-07-24 17:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-07-20 13:00 . 2010-06-28 18:19 -------- d-----w- c:\program files\BSplayerPro
2010-07-09 22:38 . 2010-06-02 17:14 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-07 11:46 . 2010-06-02 17:14 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-04 13:06 . 2010-06-03 18:11 -------- d-----w- c:\program files\Internet Download Manager
2010-06-29 10:35 . 2010-06-29 10:35 -------- d-----w- c:\program files\Microsoft.NET
2010-06-29 09:55 . 2010-06-28 10:21 -------- d-----w- c:\program files\VS Revo Group
2010-06-28 08:55 . 2010-06-02 17:40 -------- d-----w- c:\program files\ESET
2010-06-28 08:42 . 2010-06-28 08:42 -------- d-----w- c:\program files\Common Files\Java
2010-06-28 08:41 . 2010-06-28 08:41 -------- d-----w- c:\program files\Java
2010-06-26 17:20 . 2010-06-26 17:18 -------- d-----w- c:\program files\LEGO Company
2010-06-20 16:52 . 2010-06-20 16:52 -------- d-----w- c:\program files\AIMP2
2010-06-19 17:10 . 2010-06-19 17:10 -------- d-----w- c:\program files\Intel
2010-06-19 17:08 . 2010-06-19 17:08 -------- d-----w- c:\program files\Uniblue
2010-06-19 14:56 . 2010-06-19 14:56 1324940 ----a-w- C:\netstumblerinstaller_0_4_0.exe
2010-06-18 16:21 . 2010-06-18 16:19 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-18 16:20 . 2010-06-18 16:19 -------- d-----w- c:\program files\DVDVideoSoft
2010-06-18 14:43 . 2010-06-18 14:33 -------- d-----w- c:\program files\CD to MP3 Freeware
2010-06-17 18:48 . 2010-06-17 18:47 -------- d-----w- c:\program files\iTunes
2010-06-17 18:47 . 2010-06-17 18:47 -------- d-----w- c:\program files\iPod
2010-06-17 18:47 . 2010-06-17 18:46 -------- d-----w- c:\program files\Common Files\Apple
2010-06-17 18:46 . 2010-06-17 18:46 -------- d-----w- c:\program files\Apple Software Update
2010-06-17 18:46 . 2010-06-17 18:46 -------- d-----w- c:\program files\Bonjour
2010-06-14 17:02 . 2010-06-13 14:45 -------- d-----w- c:\program files\nLite
2010-06-13 14:44 . 2001-10-25 12:00 68916 ----a-w- c:\windows\system32\perfc005.dat
2010-06-13 14:44 . 2001-10-25 12:00 389938 ----a-w- c:\windows\system32\perfh005.dat
2010-06-07 18:14 . 2010-06-07 18:14 -------- d-----w- c:\program files\Redsystem
2010-06-07 18:10 . 2010-06-07 18:05 -------- d-----w- c:\program files\radioPlayer
2010-06-07 12:26 . 2010-06-07 12:26 -------- d-----w- c:\program files\Conduit
2010-06-07 12:26 . 2010-06-07 12:26 -------- d-----w- c:\program files\Ashampoo
2010-06-07 11:24 . 2010-06-07 11:24 -------- d-----w- c:\program files\Elaborate Bytes
2010-06-07 09:08 . 2010-06-07 09:08 -------- d-----w- c:\program files\iMesh Applications
2010-06-05 20:48 . 2010-06-05 20:48 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-06-05 20:48 . 2010-06-05 20:48 737280 ----a-w- c:\windows\iun6002.exe
2010-06-05 20:47 . 2010-06-05 20:47 -------- d-----w- c:\program files\CyberLink
2010-06-02 19:34 . 2010-06-02 19:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-02 17:50 . 2010-06-02 17:50 -------- d-----w- c:\program files\Common Files\Skype
2010-06-02 17:14 . 2010-06-02 17:14 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-02 10:18 . 2010-06-02 09:36 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-06-02 10:18 . 2010-06-02 09:36 2426 ----a-w- c:\windows\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
2010-06-02 10:17 . 2010-06-02 09:36 8972 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cntstore.bin
2010-06-02 09:55 . 2010-06-02 09:55 -------- d-----w- c:\program files\Common Files\LightScribe
2010-06-02 09:45 . 2010-06-02 09:45 0 ----a-w- c:\windows\nsreg.dat
2010-06-02 09:37 . 2010-06-02 09:37 -------- d-----w- c:\program files\microsoft frontpage
2010-06-02 09:34 . 2010-06-02 09:34 21812 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-07-29_09.29.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-29 11:04 . 2010-07-29 11:04 16384 c:\windows\temp\Perflib_Perfdata_388.dat
+ 2010-07-29 09:54 . 2006-06-01 15:22 81920 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvwddi.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 86016 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvmctray.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 35840 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvcod.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 45056 c:\windows\system32\nvmccsrs.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 45056 c:\windows\system32\nvmccsrs.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 35840 c:\windows\system32\nvcodins.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 35840 c:\windows\system32\nvcodins.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 35840 c:\windows\system32\nvcod.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 35840 c:\windows\system32\nvcod.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 155715 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvsvc32.exe
+ 2010-07-29 09:54 . 2006-06-01 15:22 286720 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvnt4cpl.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 888832 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvmobls.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 462848 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvmccssr.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 188416 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvmccss.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 229376 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvmccs.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 581632 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvhwvid.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 196608 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvapi.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 167936 c:\windows\system32\nvwrszht.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 163840 c:\windows\system32\nvwrszhc.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 303104 c:\windows\system32\nvwrstr.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 294912 c:\windows\system32\nvwrssv.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 303104 c:\windows\system32\nvwrssl.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 299008 c:\windows\system32\nvwrssk.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 315392 c:\windows\system32\nvwrsru.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 319488 c:\windows\system32\nvwrsptb.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 323584 c:\windows\system32\nvwrspt.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 294912 c:\windows\system32\nvwrspl.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 299008 c:\windows\system32\nvwrsno.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 319488 c:\windows\system32\nvwrsnl.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 196608 c:\windows\system32\nvwrsko.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 212992 c:\windows\system32\nvwrsja.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 323584 c:\windows\system32\nvwrsit.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 315392 c:\windows\system32\nvwrshu.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 278528 c:\windows\system32\nvwrshe.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 327680 c:\windows\system32\nvwrsfr.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 303104 c:\windows\system32\nvwrsfi.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 327680 c:\windows\system32\nvwrsesm.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 335872 c:\windows\system32\nvwrses.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 286720 c:\windows\system32\nvwrseng.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 335872 c:\windows\system32\nvwrsel.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 311296 c:\windows\system32\nvwrsde.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 294912 c:\windows\system32\nvwrsda.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 286720 c:\windows\system32\nvwrscs.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 282624 c:\windows\system32\nvwrsar.dll
- 2006-06-01 15:22 . 2006-06-01 15:22 466944 c:\windows\system32\nvshell.dll
+ 2006-06-01 15:22 . 2006-06-23 14:49 466944 c:\windows\system32\nvshell.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 122880 c:\windows\system32\nvrszht.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 221184 c:\windows\system32\nvrszhc.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 249856 c:\windows\system32\nvrstr.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 245760 c:\windows\system32\nvrssv.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 249856 c:\windows\system32\nvrssl.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 249856 c:\windows\system32\nvrssk.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 262144 c:\windows\system32\nvrsru.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 262144 c:\windows\system32\nvrsptb.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 266240 c:\windows\system32\nvrspt.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 249856 c:\windows\system32\nvrspl.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 249856 c:\windows\system32\nvrsno.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 266240 c:\windows\system32\nvrsnl.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 258048 c:\windows\system32\nvrsko.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 262144 c:\windows\system32\nvrsja.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 274432 c:\windows\system32\nvrsit.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 249856 c:\windows\system32\nvrshu.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 323584 c:\windows\system32\nvrshe.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 278528 c:\windows\system32\nvrsfr.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 241664 c:\windows\system32\nvrsfi.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 266240 c:\windows\system32\nvrsesm.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 274432 c:\windows\system32\nvrses.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 241664 c:\windows\system32\nvrseng.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 274432 c:\windows\system32\nvrsel.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 270336 c:\windows\system32\nvrsde.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 245760 c:\windows\system32\nvrsda.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 241664 c:\windows\system32\nvrscs.dll
+ 2006-06-23 14:49 . 2006-06-23 14:49 323584 c:\windows\system32\nvrsar.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 286720 c:\windows\system32\nvnt4cpl.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 286720 c:\windows\system32\nvnt4cpl.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 888832 c:\windows\system32\nvmobls.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 888832 c:\windows\system32\nvmobls.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 462848 c:\windows\system32\nvmccssr.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 462848 c:\windows\system32\nvmccssr.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 188416 c:\windows\system32\nvmccss.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 188416 c:\windows\system32\nvmccss.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 581632 c:\windows\system32\nvhwvid.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 581632 c:\windows\system32\nvhwvid.dll
+ 2006-06-01 15:22 . 2006-06-23 14:49 442368 c:\windows\system32\nvappbar.exe
- 2006-06-01 15:22 . 2006-06-01 15:22 442368 c:\windows\system32\nvappbar.exe
- 2006-10-22 10:22 . 2006-06-01 15:22 196608 c:\windows\system32\nvapi.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 196608 c:\windows\system32\nvapi.dll
+ 2006-06-01 15:22 . 2006-06-23 14:49 425984 c:\windows\system32\keystone.exe
- 2006-06-01 15:22 . 2006-06-01 15:22 425984 c:\windows\system32\keystone.exe
+ 2010-07-29 09:56 . 2010-07-29 10:54 262144 c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat
+ 2010-07-29 09:54 . 2006-06-01 15:22 1740800 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvwssr.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 1257472 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvwss.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 2977792 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvvitvsr.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 2924544 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvvitvs.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 5632000 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvoglnt.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 2859008 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvmoblsr.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 2916352 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvgamesr.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 3100672 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvgames.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 5246976 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvdispsr.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 5652480 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvdisps.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 7618560 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nvcpl.dll
+ 2010-07-29 09:54 . 2006-06-01 15:22 3925920 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nv4_mini.sys
+ 2010-07-29 09:54 . 2006-06-01 15:22 4529408 c:\windows\system32\ReinstallBackups\0008\DriverFiles\nv4_disp.dll
+ 2006-06-01 15:22 . 2006-06-23 14:49 1519616 c:\windows\system32\nwiz.exe
- 2006-06-01 15:22 . 2006-06-01 15:22 1519616 c:\windows\system32\nwiz.exe
+ 2006-10-22 10:22 . 2006-06-23 14:49 1740800 c:\windows\system32\nvwssr.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 1740800 c:\windows\system32\nvwssr.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 1257472 c:\windows\system32\nvwss.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 1257472 c:\windows\system32\nvwss.dll
+ 2006-06-01 15:22 . 2006-06-23 14:49 1019904 c:\windows\system32\nvwimg.dll
- 2006-06-01 15:22 . 2006-06-01 15:22 1019904 c:\windows\system32\nvwimg.dll
+ 2006-06-01 15:22 . 2006-06-23 14:49 1662976 c:\windows\system32\nvwdmcpl.dll
- 2006-06-01 15:22 . 2006-06-01 15:22 1662976 c:\windows\system32\nvwdmcpl.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 2977792 c:\windows\system32\nvvitvsr.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 2977792 c:\windows\system32\nvvitvsr.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 2924544 c:\windows\system32\nvvitvs.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 2924544 c:\windows\system32\nvvitvs.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 5632000 c:\windows\system32\nvoglnt.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 5632000 c:\windows\system32\nvoglnt.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 2859008 c:\windows\system32\nvmoblsr.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 2859008 c:\windows\system32\nvmoblsr.dll
+ 2006-06-01 15:22 . 2006-06-23 14:49 1466368 c:\windows\system32\nview.dll
- 2006-06-01 15:22 . 2006-06-01 15:22 1466368 c:\windows\system32\nview.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 2887680 c:\windows\system32\nvgamesr.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 3026944 c:\windows\system32\nvgames.dll
- 2006-06-01 15:22 . 2006-06-01 15:22 1339392 c:\windows\system32\nvdspsch.exe
+ 2006-06-01 15:22 . 2006-06-23 14:49 1339392 c:\windows\system32\nvdspsch.exe
+ 2006-10-22 10:22 . 2006-06-23 14:49 5246976 c:\windows\system32\nvdispsr.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 5246976 c:\windows\system32\nvdispsr.dll
+ 2006-10-22 10:22 . 2006-06-23 14:49 5652480 c:\windows\system32\nvdisps.dll
- 2006-10-22 10:22 . 2006-06-01 15:22 5652480 c:\windows\system32\nvdisps.dll
+ 2010-06-02 10:16 . 2006-06-23 14:49 4492160 c:\windows\system32\nv4_disp.dll
+ 2010-06-02 10:16 . 2006-06-23 14:49 3928832 c:\windows\system32\drivers\nv4_mini.sys
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\michal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-06-29 136176]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-07-29 2610608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"nwiz"="nwiz.exe" [2006-06-23 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-23 7626752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-23 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\michal\\Data aplikací\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\EA Sports\\FIFA Online\\NFE.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Panzer Elite Action\\pea.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.4.2009 15:18 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [4.7.2010 13:50 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16.11.2009 9:04 731840]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\everest ultimate edition 5.00.1652\EVEREST Ultimate Edition\kerneld.wnt [18.7.2010 17:28 26224]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [28.6.2010 12:21 27064]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2.6.2010 21:34 691696]
.
Obsah adresáře 'Naplánované úlohy'

2010-07-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-03 20:18]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\michal\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
FF - ProfilePath - c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\t9uih8of.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\documents and settings\michal\Data aplikací\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\t9uih8of.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - component: c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\t9uih8of.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\michal\Data aplikací\Mozilla\Firefox\Profiles\t9uih8of.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components\RadioWMPCore.dll
FF - plugin: c:\docume~1\michal\DATAAP~1\POWERC~1\nppowerloader.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 13:10
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\everest ultimate edition 5.00.1652\EVEREST Ultimate Edition\kerneld.wnt"
.
Celkový čas: 2010-07-29 13:11:27
ComboFix-quarantined-files.txt 2010-07-29 11:11

Před spuštěním: Volných bajtů: 75 462 148 096
Po spuštění: Volných bajtů: 75 452 813 312

- - End Of File - - 1A3CA24CA95C483F6617C47591627C2F

[milosb]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:15:28, on 29.7.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60342
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60342
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\michal\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\michal\Data aplikací\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\Program Files\Spyware Terminator\sp_rsser.exe (file missing)

--
End of file - 8133 bytes

[sht.sozium]

//příspěvek smazán, přečti si pravidla sekce HiJackThis jaro3

[milosb]

to čo je?

[jaro3]

Takže popáté:

Tuto složku (program) znáš:
c:\program files\hj ??


Tento program znáš:
c:\program files\SSI

Odinstaluj:
Spyware Terminator

[milosb]

čo mám urobiť s tymi zložkami na C-čku?terminatora som odinštaloval.

[jaro3]

Ptal jsem se jestli ty programy znáš:
c:\program files\hj ??
c:\program files\SSI

Pokud je neznáš , odinstaluj je..

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Vypni rez.ochrany a firewall.

Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

[milosb]

Scanning Report
Thursday, July 29, 2010 19:31:22 - 20:03:13

Computer name: DOMA-63CD7ZPZCY
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\
4 malware found
TrackingCookie.Atdmt (spyware)

* System (Disinfected)

TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

Backdoor.Generic.358364 (spyware)

* System (Disinfected)

Backdoor.Generic.358364 (virus)

* C:\MOJE\T-CLEANER.EXE (Not cleaned)

Statistics
Scanned:

* Files: 33243
* System: 2908
* Not scanned: 8

Actions:

* Disinfected: 3
* Renamed: 0
* Deleted: 0
* Not cleaned: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\MICHAL\LOCAL SETTINGS\TEMP\HSPERFDATA_MICHAL\3424
* C:\DOCUMENTS AND SETTINGS\MICHAL\LOCAL SETTINGS\TEMP\HSPERFDATA_MICHAL\3728

Options
Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.