2.díl
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\stahuj.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\stream.bmp
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\stream.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\studivz.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\subito.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\supercz.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\superhry.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\svejo.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\t-online.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\tapuz.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\taringa.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\telecinco.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\terra.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\tf1.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\themarker.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\tiscali.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\topky.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\torrents.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\travian.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\tv.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\twitter.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ucoz.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ukr.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\vbox7.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\vesti.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\vimeo.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\virgilio.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\vkontakte.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\vodafone.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\walla.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wallmart.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\walmart.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wamba.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wat.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\weather.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\web.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wer-kennt-wen.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wetter.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wikipedia.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\wolframalpha.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\yad2.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\yahoo.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\ynet.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\youtube.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\zamunda.bmp
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\zap.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\zena.ico
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\hide.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\icons.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\logo_small.gif
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\menu.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_r.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\more_vouchers_y.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\options.css
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\peoplesearch.css
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\pin.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\pinc.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\powerd1.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\remove.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\reset.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\search_arrow.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\search_bg.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\unpin.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\voucher_bg_y.png
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\install.rdf
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\manifest.mf
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.rsa
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF\zigbert.sf
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.gif
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.src
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine\icqplugin.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\blacklist.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_11.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_22.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_33.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_34.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_359.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_380.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_39.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_42.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_4201.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_49.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_7.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_90.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\local_sites_972.xml
c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites\voucher_list.xml
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\regedit.exe . . . je infikován!!
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-01-09 do 2011-02-09 )))))))))))))))))))))))))))))))
.
2011-02-09 15:02 . 2011-02-09 15:02 -------- d-----w- C:\regedit
2011-01-27 22:12 . 2011-01-27 22:13 -------- d-----w- c:\documents and settings\oem\Local Settings\Data aplikací\QuickStores
2011-01-27 22:12 . 2011-01-27 22:13 -------- d-----w- c:\program files\aTube Catcher
2011-01-22 20:28 . 2011-01-22 20:28 -------- d-----w- C:\CEZAR
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.
------- Sigcheck -------
[-] 2008-07-30 08:09 . A825F4181AEC077D8DCA1053DC015265 . 1542656 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-07-30 . 12A799AD9415AE9C8ABCC5F75E9CF034 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-07-30 . 97BF1C54DAF9FF61E897846DC7329CEF . 647680 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-07-30 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-07-30 . DD7E25E20AEBD672DAE7E1D911C2D824 . 1589760 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-08-01 . 4904E891E6C814DE9225400C8DAD494D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-07-30 . 94927BB89A6825C4A5952A2BF78F027B . 40960 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViOrb"="c:\program files\Vista Components\ViOrb\ViOrb.exe" [2008-06-13 167936]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2011-01-05 133432]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-07-30 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Visual Task Tips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-03-09 61440]
"DrvIcon"="c:\program files\Vista Components\Vista Drive Icon\DrvIcon.exe" [2007-07-04 45056]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"ViOrb"="c:\program files\Vista Components\ViOrb\ViOrb.exe" [2008-06-13 167936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-07-30 40960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-12-20 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-07 18:49 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
2004-06-22 23:15 729088 ----a-w- c:\program files\Corel\Corel Graphics 12\Languages\CZ\Programs\registration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-02-22 14:17 1226024 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TO2SSM_McciTrayApp]
2008-08-15 16:33 1473536 ----a-w- c:\program files\TO2SSM\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.7.2010 19:51 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22.12.2008 11:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22.12.2008 11:05 74480]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21.12.2007 8:21 468224]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [18.2.2010 13:01 462632]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.6.2010 15:41 92008]
R3 V0010bVd;Creative WebCam Vista #2;c:\windows\system32\drivers\V0010bVd.sys [25.2.2009 21:23 186551]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.9.2010 21:00 136176]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22.12.2008 11:06 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2008-12-20 23:03 124928 ----a-w- c:\windows\system32\advpack.dll
.
Obsah adresáře 'Naplánované úlohy'
2011-02-09 c:\windows\Tasks\User_Feed_Synchronization-{74F1AB91-84DF-4C50-BEF7-2898602DC0C4}.job
- c:\windows\system32\msfeedssync.exe [2008-04-27 10:09]
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.seznam.cz/IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem
IE: Stáhnout video Free Download Managerem
IE: Stáhnout vybrané Free Download Managerem
IE: Stáhnout vše Free Download Managerem
FF - ProfilePath - c:\documents and settings\oem\Data aplikací\Mozilla\Firefox\Profiles\ar2uqxoq.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.seznam.cz/FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: ÄŚeskĂ© slovnĂky pro kontrolu pravopisu:
cs@dictionaries.addons.mozilla.org - %profile%\extensions\cs@dictionaries.addons.mozilla.org
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-02-09 16:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\SETUPAPI.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1040)
c:\windows\system32\SETUPAPI.dll
- - - - - - - > 'explorer.exe'(664)
c:\windows\system32\SHDOCVW.dll
c:\program files\VisualTaskTips\VttHooks.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\program files\Vista Components\ViOrb\StartHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\SETUPAPI.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-02-09 16:35:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-09 15:34
ComboFix2.txt 2011-02-08 21:19
Před spuštěním: Volných bajtů: 10 572 165 120
Po spuštění: Volných bajtů: 10 594 603 008
- - End Of File - - E71829A0A8E3A3C343240FBFF8492DB4
