prosim o kontrolu logu Vyřešeno

[martin.efres]

Prosím můžete mi někdo zkontrolovat log? Kontrola byla provedena na radu El Diabla (viz tema viewtopic.php?f=7&t=50310&start=12 )
Děkuji za kontrolu.

Logfile of HijackThis v1.99.1
Scan saved at 14:10:14, on 14.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Documents and Settings\Butterfly\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Butterfly\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Butterfly\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Butterfly\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities

[Reklama]

[jaro3]

novější verzi HJT (2.0.2.,nebo 2.0.3Beta):
http://www.trendsecure.com/portal/en-US ... s/download

[martin.efres]

Kontrola logu s novější verzí HijackThis pls o kontrolu

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 16:11:09, on 14.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Butterfly\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 5284 bytes

[jaro3]

Odinstaluj cracklý NOD32..

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Butterfly\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[martin.efres]

Kontrola logu z Malwarebytes' Anti-Malware 1.44 :

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3738
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

14.2.2010 17:17:40
mbam-log-2010-02-14 (17-17-40).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 109733
Uplynulý čas: 2 minute(s), 29 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

PS Jaky je dalsi postup ? Hele ,kdyz si mi rekl ,že mam odinstalovat NOD 32 ..tak jakej jinej Antivirus mam pouzivat? Neni to nebezpecne? Ja myslim ,že NOD32 mi chránil PC lepe nez kterykoli antivirus co existuje. Zcela ti důvěřuji ..tak snad víš co děláš.

[jaro3]

Zkus Aviru:
http://free-av.de/
a anpsyware--SpywareTerminator, Spybot, spywareDoctor atd.

Vypni rez. ochranu antiviru , popř. antispywaru.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[martin.efres]

Log z Combofix

ComboFix 10-02-12.01 - Butterfly 14.02.2010 19:27:12.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.736 [GMT 1:00]
Spuštěný z: c:\documents and settings\Butterfly\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AVSredirect.dll
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-14 16:09 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 16:09 . 2010-02-14 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 16:09 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 15:06 . 2010-02-14 15:06 -------- d-----w- c:\program files\TrendMicro
2010-02-14 09:03 . 2010-02-14 09:03 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-02-14 08:00 . 2009-10-23 17:53 41984 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-02-14 07:27 . 2010-02-14 07:27 -------- d-----w- c:\program files\VIA
2010-02-13 18:07 . 2010-02-13 18:07 -------- d-----w- c:\program files\ICQ6.5
2010-02-13 17:34 . 2010-02-13 17:34 -------- d-----w- c:\program files\ICQ6.519_07_27
2010-02-13 17:30 . 2010-02-13 17:31 -------- d-----w- c:\program files\Yahoo!
2010-02-13 17:30 . 2010-02-14 15:58 -------- d-----w- c:\windows\SxsCaPendDel
2010-02-12 21:53 . 2010-02-12 21:53 -------- d-----w- c:\program files\QIP
2010-02-12 16:23 . 2010-02-12 21:15 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-12 16:23 . 2010-02-12 21:15 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-12 16:05 . 2009-10-30 14:31 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-12 16:05 . 2009-10-30 14:24 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-12 16:04 . 2010-02-12 20:59 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-12 14:33 . 2010-02-12 14:33 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-02-12 13:49 . 2010-02-12 13:49 0 ----a-w- c:\windows\nsreg.dat
2010-02-12 13:43 . 2010-02-12 13:43 -------- d-----w- c:\program files\MSECache
2010-02-12 13:38 . 2007-07-03 15:58 106792 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-02-12 13:38 . 2007-07-03 15:57 11944 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-02-12 13:38 . 2007-07-03 15:56 9256 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-02-12 13:38 . 2007-07-03 15:56 9256 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-02-12 13:38 . 2007-07-03 16:00 9256 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-02-12 13:38 . 2007-07-03 16:00 9256 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-02-12 13:38 . 2007-07-03 15:54 80552 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-02-12 13:38 . 2010-02-12 13:38 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-02-12 13:38 . 2010-02-12 13:38 -------- d-----w- c:\program files\Samsung
2010-02-12 13:33 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-12 13:33 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-02-12 13:31 . 2010-02-12 13:31 -------- d-----w- c:\program files\Microsoft Works
2010-02-12 13:31 . 2010-02-12 13:31 -------- d-----w- c:\program files\MSBuild
2010-02-12 13:26 . 2010-02-12 13:30 -------- d-----w- c:\windows\SHELLNEW
2010-02-12 13:26 . 2010-02-12 13:26 -------- d-----r- C:\MSOCache
2010-02-12 04:39 . 2010-02-12 04:39 -------- d-----w- c:\program files\Opera
2010-02-11 19:56 . 2010-02-12 21:10 -------- d-----w- c:\program files\Common Files\BinarySense
2010-02-11 17:49 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-02-11 17:49 . 2004-08-17 14:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-02-11 17:49 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-11 17:49 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-11 17:47 . 2010-02-14 14:05 -------- d-----w- c:\program files\Valve
2010-02-11 16:04 . 2010-02-14 13:06 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-02-11 15:47 . 2010-02-12 14:33 737280 ----a-w- c:\windows\iun6002.exe
2010-02-11 15:47 . 2010-02-11 15:47 -------- d-----w- c:\program files\MediaCoder
2010-02-11 15:45 . 2010-02-11 15:46 -------- d-----w- c:\program files\QuickTime
2010-02-11 15:45 . 2010-02-11 15:45 -------- d-----w- c:\program files\Common Files\Apple
2010-02-11 15:45 . 2010-02-11 15:45 -------- d-----w- c:\program files\Apple Software Update
2010-02-11 15:32 . 2010-02-11 15:57 -------- d-----w- c:\program files\Common Files\Real
2010-02-10 22:42 . 2010-02-10 22:42 -------- d-----w- c:\program files\CCleaner
2010-02-10 20:12 . 2010-02-10 20:12 -------- d-----w- c:\program files\ICQ6Toolbar
2010-02-10 19:37 . 2010-02-10 19:37 -------- d-----w- c:\program files\ESET
2010-02-10 19:21 . 2008-11-01 13:13 684 ----a-w- c:\windows\SetupNodTrialReset.reg
2010-02-10 19:21 . 2008-11-01 12:23 280 ----a-w- c:\windows\NodTrialReset.reg
2010-02-10 18:53 . 2010-02-10 18:53 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-02-10 18:47 . 2010-02-10 18:48 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-10 18:37 . 2010-02-10 18:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-10 18:37 . 2010-02-10 18:37 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-10 18:28 . 2010-02-10 18:46 -------- d-----w- C:\NVIDIA
2010-02-10 06:05 . 2004-08-03 22:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-10 06:01 . 2010-02-10 06:01 -------- d-s---w- c:\documents and settings\Butterfly\UserData
2010-02-09 22:06 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-02-09 22:05 . 2004-08-17 15:43 58240 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-02-09 22:05 . 2004-08-03 22:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-02-09 22:04 . 2004-08-17 15:44 52352 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-02-09 22:04 . 2004-08-03 23:07 44672 ----a-w- c:\windows\system32\drivers\UAGP35.SYS
2010-02-09 22:03 . 2001-08-17 20:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2010-02-09 22:03 . 2004-08-17 15:49 75264 ----a-w- c:\windows\system32\usbui.dll
2010-02-09 22:02 . 2010-02-14 15:47 -------- d-sh--w- c:\windows\Installer
2010-02-09 22:02 . 2001-10-25 14:00 61440 -c--a-w- c:\windows\system32\dllcache\spcplui.dll
2010-02-09 22:02 . 2001-10-25 14:00 77824 -c--a-w- c:\windows\system32\dllcache\spcommon.dll
2010-02-09 22:02 . 2001-10-25 14:00 774144 -c--a-w- c:\windows\system32\dllcache\spttseng.dll
2010-02-09 22:02 . 2001-10-25 14:00 36864 -c--a-w- c:\windows\system32\dllcache\sapisvr.exe
2010-02-09 22:02 . 2004-08-17 13:49 741376 -c--a-w- c:\windows\system32\dllcache\sapi.dll
2010-02-09 22:02 . 2010-02-14 16:09 -------- d-----r- C:\Program Files
2010-02-09 22:02 . 2001-10-25 14:00 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2010-02-09 22:00 . 2010-02-14 18:27 -------- d-----w- c:\windows\system32\CatRoot2
2010-02-09 22:00 . 2010-02-14 07:44 -------- d-----w- c:\windows\system32\CatRoot
2010-02-09 22:00 . 2010-02-14 16:00 -------- d--h--r- c:\documents and settings\All Users\Data aplikací
2010-02-09 22:00 . 2010-02-09 22:01 -------- d--h--r- c:\documents and settings\Default User\Data aplikací
2010-02-09 22:00 . 2010-02-09 21:23 -------- d-----w- C:\Documents and Settings
2010-02-09 22:00 . 2010-02-09 21:23 -------- d--h--w- c:\documents and settings\Default User
2010-02-09 22:00 . 2010-02-09 21:15 -------- d-----w- c:\documents and settings\All Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 18:07 . 2010-02-09 21:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-10 18:07 . 2010-02-09 21:16 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-10 18:06 . 2010-02-09 21:16 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2006-05-03 09:06 . 2010-02-12 21:14 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-02-12 21:14 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-02-12 21:14 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Valve\\cstrike.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9.2.2010 22:30 13696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/12 22:17];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:28 1021256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [19.8.2009 19:04 822936]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [10.2.2010 19:53 23456]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-14 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 14:35]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll
FF - ProfilePath - c:\documents and settings\Butterfly\Data aplikací\Mozilla\Firefox\Profiles\r22ydh4a.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Celkový čas: 2010-02-14 19:33:11
ComboFix-quarantined-files.txt 2010-02-14 18:33

Před spuštěním: Volných bajtů: 95 234 555 904
Po spuštění: Volných bajtů: 95 206 121 472

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BCDAEB8C409F25AB75EA29A276653EC0

[jaro3]

Odinstaluj cracklý ESET a pořiď si free antivir ( Avira, Avast či AVG).

Odinstaluj:
ICQ6Toolbar

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\NodTrialReset.reg
c:\windows\system32\d3d9caps.dat
c:\windows\system32\d3d8caps.dat
c:\windows\nsreg.dat
c:\windows\iun6002.exe

Folder::
c:\windows\SxsCaPendDel
c:\program files\ICQ6Toolbar

Firefox::
FF - ProfilePath - c:\documents and settings\Butterfly\Data aplikací\Mozilla\Firefox\Profiles\r22ydh4a.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[martin.efres]

ESET mám už dávno smazaný je to jen složka v ProgramFiles a Aviru jsem si už nainstaloval!!
Jinak když mi SpywareTerminator zamítl spustění ComboFix překrytím mám ho vypnout?

[jaro3]

Jo , vypni u něj rez. štít, dnes konec, zítra

[martin.efres]

LOG Z COMBOFIX DNE 15.UNORA 2010

ComboFix 10-02-12.01 - Butterfly 15.02.2010 12:31:31.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1022.727 [GMT 1:00]
Spuštěný z: c:\documents and settings\Butterfly\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Butterfly\Plocha\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\iun6002.exe"
"c:\windows\NodTrialReset.reg"
"c:\windows\nsreg.dat"
"c:\windows\system32\d3d8caps.dat"
"c:\windows\system32\d3d9caps.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\iun6002.exe
c:\windows\NodTrialReset.reg
c:\windows\nsreg.dat
c:\windows\SxsCaPendDel
c:\windows\system32\AVSredirect.dll
c:\windows\system32\d3d8caps.dat
c:\windows\system32\d3d9caps.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-15 do 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-14 18:55 . 2010-02-15 09:22 -------- d-----w- c:\program files\WinClamAVShield
2010-02-14 18:52 . 2010-02-14 18:52 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-02-14 18:52 . 2010-02-15 11:19 -------- d-----w- c:\program files\Spyware Terminator
2010-02-14 18:41 . 2010-02-14 20:47 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-14 18:41 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-14 18:41 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-14 18:41 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-14 18:41 . 2010-02-14 18:41 -------- d-----w- c:\program files\Avira
2010-02-14 16:09 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 16:09 . 2010-02-14 16:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 16:09 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 15:06 . 2010-02-14 15:06 -------- d-----w- c:\program files\TrendMicro
2010-02-14 09:03 . 2010-02-14 09:03 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-02-14 08:00 . 2009-10-23 17:53 41984 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-02-14 07:27 . 2010-02-14 07:27 -------- d-----w- c:\program files\VIA
2010-02-13 17:30 . 2010-02-13 17:31 -------- d-----w- c:\program files\Yahoo!
2010-02-12 21:53 . 2010-02-12 21:53 -------- d-----w- c:\program files\QIP
2010-02-12 16:23 . 2010-02-12 21:15 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-12 16:23 . 2010-02-12 21:15 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-02-12 14:33 . 2010-02-14 20:47 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-02-12 13:43 . 2010-02-12 13:43 -------- d-----w- c:\program files\MSECache
2010-02-12 13:38 . 2007-07-03 15:58 106792 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-02-12 13:38 . 2007-07-03 15:57 11944 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-02-12 13:38 . 2007-07-03 15:56 9256 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-02-12 13:38 . 2007-07-03 15:56 9256 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-02-12 13:38 . 2007-07-03 16:00 9256 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-02-12 13:38 . 2007-07-03 16:00 9256 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-02-12 13:38 . 2007-07-03 15:54 80552 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-02-12 13:38 . 2010-02-12 13:38 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-02-12 13:38 . 2010-02-12 13:38 -------- d-----w- c:\program files\Samsung
2010-02-12 13:33 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-12 13:33 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-02-12 13:31 . 2010-02-12 13:31 -------- d-----w- c:\program files\Microsoft Works
2010-02-12 13:31 . 2010-02-12 13:31 -------- d-----w- c:\program files\MSBuild
2010-02-12 13:26 . 2010-02-12 13:30 -------- d-----w- c:\windows\SHELLNEW
2010-02-12 13:26 . 2010-02-12 13:26 -------- d-----r- C:\MSOCache
2010-02-12 04:39 . 2010-02-12 04:39 -------- d-----w- c:\program files\Opera
2010-02-11 19:56 . 2010-02-12 21:10 -------- d-----w- c:\program files\Common Files\BinarySense
2010-02-11 17:49 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-02-11 17:49 . 2004-08-17 14:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-02-11 17:49 . 2004-08-03 21:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-02-11 17:49 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-02-11 17:47 . 2010-02-14 14:05 -------- d-----w- c:\program files\Valve
2010-02-11 16:04 . 2010-02-14 13:06 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-02-11 15:47 . 2010-02-11 15:47 -------- d-----w- c:\program files\MediaCoder
2010-02-11 15:45 . 2010-02-11 15:46 -------- d-----w- c:\program files\QuickTime
2010-02-11 15:45 . 2010-02-11 15:45 -------- d-----w- c:\program files\Common Files\Apple
2010-02-11 15:45 . 2010-02-11 15:45 -------- d-----w- c:\program files\Apple Software Update
2010-02-11 15:32 . 2010-02-11 15:57 -------- d-----w- c:\program files\Common Files\Real
2010-02-10 22:42 . 2010-02-10 22:42 -------- d-----w- c:\program files\CCleaner
2010-02-10 19:21 . 2008-11-01 13:13 684 ----a-w- c:\windows\SetupNodTrialReset.reg
2010-02-10 18:53 . 2010-02-10 18:53 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-02-10 18:47 . 2010-02-10 18:48 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-10 06:05 . 2004-08-03 22:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-02-10 06:01 . 2010-02-10 06:01 -------- d-s---w- c:\documents and settings\Butterfly\UserData
2010-02-09 22:06 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-02-09 22:05 . 2004-08-17 15:43 58240 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-02-09 22:05 . 2004-08-03 22:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-02-09 22:04 . 2004-08-17 15:44 52352 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-02-09 22:04 . 2004-08-03 23:07 44672 ----a-w- c:\windows\system32\drivers\UAGP35.SYS
2010-02-09 22:03 . 2001-08-17 20:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2010-02-09 22:03 . 2004-08-17 15:49 75264 ----a-w- c:\windows\system32\usbui.dll
2010-02-09 22:02 . 2010-02-14 21:45 -------- d-sh--w- c:\windows\Installer
2010-02-09 22:02 . 2001-10-25 14:00 61440 -c--a-w- c:\windows\system32\dllcache\spcplui.dll
2010-02-09 22:02 . 2001-10-25 14:00 77824 -c--a-w- c:\windows\system32\dllcache\spcommon.dll
2010-02-09 22:02 . 2001-10-25 14:00 774144 -c--a-w- c:\windows\system32\dllcache\spttseng.dll
2010-02-09 22:02 . 2001-10-25 14:00 36864 -c--a-w- c:\windows\system32\dllcache\sapisvr.exe
2010-02-09 22:02 . 2004-08-17 13:49 741376 -c--a-w- c:\windows\system32\dllcache\sapi.dll
2010-02-09 22:02 . 2010-02-15 11:14 -------- d-----r- C:\Program Files
2010-02-09 22:02 . 2001-10-25 14:00 19456 -c--a-w- c:\windows\system32\dllcache\agt041f.dll
2010-02-09 22:00 . 2010-02-15 11:31 -------- d-----w- c:\windows\system32\CatRoot2
2010-02-09 22:00 . 2010-02-14 07:44 -------- d-----w- c:\windows\system32\CatRoot
2010-02-09 22:00 . 2010-02-14 18:52 -------- d--h--r- c:\documents and settings\All Users\Data aplikací
2010-02-09 22:00 . 2010-02-09 22:01 -------- d--h--r- c:\documents and settings\Default User\Data aplikací
2010-02-09 22:00 . 2010-02-14 18:33 -------- d--h--w- c:\documents and settings\Default User
2010-02-09 22:00 . 2010-02-09 21:23 -------- d-----w- C:\Documents and Settings
2010-02-09 22:00 . 2010-02-09 21:15 -------- d-----w- c:\documents and settings\All Users

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 08:00 . 2010-02-09 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-14 07:27 . 2010-02-09 21:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-12 21:28 . 2001-10-25 14:00 59866 ----a-w- c:\windows\system32\perfc005.dat
2010-02-12 21:28 . 2001-10-25 14:00 333898 ----a-w- c:\windows\system32\perfh005.dat
2010-02-12 21:17 . 2010-02-12 16:23 -------- d-----w- c:\program files\CyberLink
2010-02-12 21:17 . 2010-02-12 21:17 -------- d-----w- c:\program files\Common Files\CyberLink
2010-02-12 21:15 . 2010-02-12 21:17 29480 ----a-w- c:\windows\system32\msxml3a.dll
2010-02-12 21:14 . 2010-02-12 21:14 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-12 21:14 . 2010-02-12 21:14 -------- d-----w- c:\program files\eRightSoft
2010-02-12 21:12 . 2010-02-12 21:12 -------- d-----w- c:\program files\Google
2010-02-10 18:07 . 2010-02-09 21:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-10 18:07 . 2010-02-09 21:16 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-02-10 18:06 . 2010-02-09 21:16 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-02-09 21:17 . 2010-02-09 21:17 -------- d-----w- c:\program files\microsoft frontpage
2010-02-09 21:12 . 2010-02-09 21:12 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-12 04:03 . 2010-02-10 18:46 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03 . 2010-02-10 18:46 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 04:03 . 2010-02-10 18:46 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2010-02-10 18:46 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2010-02-10 18:46 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2010-02-10 18:46 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2010-02-10 18:46 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2010-02-10 18:46 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2010-02-10 18:46 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03 . 2010-02-10 18:46 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2010-02-10 18:46 2283526 ----a-w- c:\windows\system32\nvdata.bin
2006-05-03 09:06 . 2010-02-12 21:14 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-02-12 21:14 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-02-12 21:14 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-14_18.31.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-11 19:54 . 2009-07-11 19:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 19:32 . 2009-07-11 19:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 00:07 . 2009-07-12 00:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 00:19 . 2009-07-12 00:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 18:41 . 2009-07-11 18:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2010-02-14 18:41 . 2009-05-11 08:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-07-12 00:12 . 2009-07-12 00:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 00:09 . 2009-07-12 00:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 00:08 . 2009-07-12 00:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2010-02-14 18:39 . 2010-02-14 18:39 228352 c:\windows\Installer\1a4cde.msi
+ 2010-02-14 21:45 . 2010-02-14 21:45 424960 c:\windows\Installer\1889e1.msi
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2009-07-11 19:46 . 2009-07-11 19:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 19:46 . 2009-07-11 19:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-02-15 3037696]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-02-15 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Valve\\cstrike.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [9.2.2010 22:30 13696]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [14.2.2010 19:52 142592]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/12 22:17];c:\program files\CyberLink\PowerDVD9\000.fcl [28.2.2009 19:40 87536]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14.2.2010 19:41 108289]
S2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\Common Files\BinarySense\hldasvc.exe [19.8.2009 19:04 822936]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [10.2.2010 19:53 23456]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\program files\Common Files\BinarySense\hlAPP.dll
FF - ProfilePath - c:\documents and settings\Butterfly\Data aplikací\Mozilla\Firefox\Profiles\r22ydh4a.default\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-15 12:38
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(136)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-02-15 12:39:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-15 11:39
ComboFix2.txt 2010-02-14 18:33

Před spuštěním: Volných bajtů: 94 802 690 048
Po spuštění: Volných bajtů: 94 770 970 624

- - End Of File - - 7567509E545C71942894B3F56F1A236C

[martin.efres]

LOG Z HIJACKTHIS DNE 15.UNORA 2010

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:45:21, on 15.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4693 bytes