Stránka 1 z 1

Problém aplikací iexplorer.exe a acrotray.exe

Napsal: sob 30. led 2010, 14:27
od buchannan
Dobrý den všem,

obávám se, že se mi do systému něco dostalo a nevím si s tím rady. Pořád na mě skáčou dvě okna s chybou aplikace iexplorer.exe a acrotray.exe s tím, že aplikace systém musí zavřít. SKáče to na mne v minutových intervalech.

Odnistaloval jsem adobe reader a smazal soubor acrotray.exe a znovu nainstaloval adobe reader, ale chybová hláška se mi znovu začala objevovat. Hláška s iexplorer.exe se mi objevuje pořád.

Zde je výpis HiJack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:14, on 30.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\herza\ynbow.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pidgin\pidgin.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15161&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\herza\ynbow.exe \s
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Click here to support the xp-AntiSpy project. - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Program Files\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Support for xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Program Files\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: app_dll.dll
O21 - SSODL: TTOGVhIB - {9837CBE6-329D-614C-5C21-0EAC95B1E8C5} - C:\WINDOWS\system32\pi.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--
End of file - 5328 bytes

Děkuji všem za pomoc

S pozdravem
Tomáš

Re: Problém aplikací iexplorer.exe a acrotray.exe

Napsal: sob 30. led 2010, 17:06
od buchannan
Výpis z combofixu

ComboFix 10-01-29.09 - herza 30.01.2010 16:56:00.1.1 - x86
Spuštěný z: c:\documents and settings\herza\Dokumenty\Stažené soubory\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\herza\secupdat.dat
c:\documents and settings\herza\xrw.exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\aynq .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\ieuinit.inf
c:\windows\system32\oem3.inf
c:\windows\system32\secupdat.dat
c:\windows\system32\sshnas21.dll

Nakažená kopie c:\windows\system32\midimap.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 13:52 . 2010-01-30 14:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-30 13:19 . 2010-01-30 13:19 -------- d-----w- c:\program files\Trend Micro
2010-01-29 20:46 . 2010-01-29 20:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-29 16:05 . 2010-01-30 12:36 59904 ----a-w- c:\windows\system32\app_dll.dll
2010-01-29 16:05 . 2010-01-29 20:12 39440 ----a-w- c:\windows\system32\aynq.exe
2010-01-29 16:05 . 2010-01-29 16:05 59392 ---h--w- c:\documents and settings\herza\ynbow.exe
2010-01-28 23:52 . 2010-01-29 00:04 -------- d--h--w- c:\windows\NiwradSoft Shell Pack
2010-01-28 23:04 . 2010-01-28 23:06 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-28 22:58 . 2010-01-28 22:58 54376 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-28 22:26 . 2010-01-28 22:26 -------- d-----w- c:\documents and settings\herza\WINDOWS
2010-01-28 16:18 . 2010-01-29 20:12 -------- d-----w- c:\program files\uTorrent
2010-01-25 12:19 . 2010-01-25 12:19 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-25 12:19 . 2010-01-25 12:19 -------- d-----w- c:\program files\Nero
2010-01-24 19:54 . 2010-01-24 19:54 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-24 19:52 . 2010-01-24 19:52 -------- d-----w- c:\program files\Common Files\Skype
2010-01-24 19:52 . 2010-01-24 19:52 -------- d-----r- c:\program files\Skype
2010-01-24 19:49 . 2010-01-24 19:49 -------- d-----w- c:\program files\Pidgin
2010-01-24 19:49 . 2010-01-24 19:49 -------- d-----w- c:\program files\Common Files\GTK
2010-01-24 19:48 . 2010-01-24 19:48 -------- d-----w- c:\program files\MSECache
2010-01-24 19:45 . 2010-01-29 23:30 -------- d-----w- c:\windows\system32\NtmsData
2010-01-24 19:30 . 2008-08-12 09:58 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2010-01-24 19:30 . 2008-08-12 09:58 314880 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp082.dll
2010-01-24 19:30 . 2001-10-24 11:02 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-01-24 19:30 . 2001-10-24 11:02 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-01-24 19:08 . 2010-01-24 20:06 -------- d-----w- c:\windows\system32\oodag
2010-01-24 19:05 . 2010-01-24 19:05 0 ----a-w- c:\windows\nsreg.dat
2010-01-24 19:04 . 2010-01-24 19:04 -------- d-----w- c:\program files\mozilla.org
2010-01-24 19:00 . 2010-01-24 19:00 -------- d-----w- c:\program files\xp-AntiSpy
2010-01-24 18:56 . 2010-01-24 18:56 -------- d-----w- c:\program files\OO Software
2010-01-24 18:52 . 2010-01-24 19:15 -------- d-----w- c:\program files\Eset
2010-01-24 18:38 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-01-24 18:38 . 2006-10-26 18:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-24 18:37 . 2010-01-24 18:37 -------- d-----w- c:\program files\Microsoft Works
2010-01-24 18:37 . 2010-01-24 18:37 -------- d-----w- c:\program files\MSBuild
2010-01-24 18:36 . 2010-01-24 18:36 -------- d-----w- c:\program files\Winamp
2010-01-24 18:33 . 2010-01-24 18:33 -------- d-----w- c:\program files\Purrint
2010-01-24 18:33 . 2010-01-24 18:36 -------- d-----w- c:\windows\SHELLNEW
2010-01-24 18:32 . 2010-01-24 18:32 -------- d-----w- c:\program files\mplayerc
2010-01-24 18:32 . 2010-01-24 18:32 -------- d-----r- C:\MSOCache
2010-01-24 18:30 . 2010-01-24 18:30 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-01-24 18:30 . 2010-01-24 18:30 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-01-24 18:30 . 2010-01-24 18:30 129248 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-01-24 18:30 . 2010-01-24 18:30 368736 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-01-24 18:30 . 2010-01-24 18:30 -------- d-----w- c:\program files\Common Files\Acronis
2010-01-24 18:30 . 2010-01-24 18:30 -------- d-----w- c:\program files\Acronis
2010-01-24 18:23 . 2010-01-24 18:23 -------- d-----w- c:\windows\hpoj6500e709
2010-01-24 18:19 . 2010-01-24 19:34 212356 ----a-w- c:\windows\hpwins23.dat
2010-01-24 18:19 . 2008-10-25 09:30 1847 ------w- c:\windows\hpwmdl23.dat
2010-01-24 18:14 . 2004-08-17 14:45 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-24 18:14 . 2004-08-17 14:45 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-24 18:14 . 2006-06-28 08:54 9472 ----a-w- c:\windows\system32\drivers\CPQBttn.sys
2010-01-24 18:14 . 2007-06-18 15:12 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2010-01-24 18:14 . 2007-06-08 12:46 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
2010-01-24 18:14 . 2006-11-02 05:09 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2010-01-24 18:14 . 2006-06-30 04:46 1560576 ----a-w- c:\windows\system32\BttnCmns.dll
2010-01-24 18:14 . 2005-10-31 13:30 987136 ----a-w- c:\windows\system32\BttnCmn.dll
2010-01-24 18:13 . 2010-01-24 18:13 -------- d-----w- c:\program files\Synaptics
2010-01-24 18:13 . 2008-01-18 10:30 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-01-24 18:13 . 2008-01-18 10:03 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-01-24 18:13 . 2008-01-18 09:52 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2010-01-24 18:13 . 2008-01-18 09:51 163840 ----a-w- c:\windows\system32\SynCOM.dll
2010-01-24 18:13 . 2008-01-18 09:49 220640 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-01-24 18:12 . 2006-04-28 15:07 9728 ------w- c:\windows\HPModemVersion.dll
2010-01-24 18:12 . 2010-01-24 18:12 -------- d-----w- c:\windows\Options
2010-01-24 18:12 . 2006-08-28 13:40 68096 ----a-w- c:\windows\agrsmdel.exe
2010-01-24 18:12 . 2006-08-28 13:40 1160320 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2010-01-24 18:11 . 2010-01-24 18:11 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-01-24 18:11 . 2010-01-24 18:11 1123328 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-01-24 18:10 . 2010-01-24 18:10 -------- d-----w- c:\program files\HPQ
2010-01-24 18:10 . 2010-01-24 18:11 -------- d-----w- c:\program files\Broadcom
2010-01-24 18:07 . 2008-02-15 12:49 176128 ----a-w- c:\windows\system32\igfxres.dll
2010-01-24 10:29 . 2004-08-17 14:44 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-01-24 10:29 . 2004-08-17 14:44 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-01-24 10:29 . 2010-01-24 10:29 -------- d-----w- c:\program files\Intel
2010-01-24 10:26 . 2004-08-03 22:07 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2010-01-24 10:24 . 2006-10-08 20:51 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-24 10:24 . 2010-01-24 18:14 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-24 10:24 . 2010-01-24 18:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-24 10:24 . 2010-01-24 18:12 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-24 10:24 . 2010-01-24 18:14 -------- d-----w- C:\SWSetup
2010-01-23 22:37 . 2007-09-05 06:02 545 ----a-w- c:\windows\UC.PIF
2010-01-23 22:37 . 2007-09-05 06:02 545 ----a-w- c:\windows\RAR.PIF
2010-01-23 22:37 . 2007-09-05 06:02 545 ----a-w- c:\windows\PKZIP.PIF
2010-01-23 22:37 . 2007-09-05 06:02 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-01-23 22:37 . 2007-09-05 06:02 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-01-23 22:37 . 2007-09-05 06:02 545 ----a-w- c:\windows\LHA.PIF
2010-01-23 22:37 . 2007-09-05 06:02 545 ----a-w- c:\windows\ARJ.PIF
2010-01-23 22:37 . 2010-01-23 22:39 -------- d-----w- C:\totalcmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 20:45 . 2001-10-25 14:00 47584 ----a-w- c:\windows\system32\perfc005.dat
2010-01-29 20:45 . 2001-10-25 14:00 313482 ----a-w- c:\windows\system32\perfh005.dat
2010-01-28 23:52 . 2004-08-17 13:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-01-24 18:25 . 2010-01-24 18:20 -------- d-----w- c:\program files\HP
2010-01-24 18:20 . 2010-01-24 18:20 -------- d-----w- c:\program files\Common Files\HP
2010-01-24 18:20 . 2010-01-24 18:20 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-01-24 18:15 . 2010-01-24 18:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-01-24 18:15 . 2010-01-24 18:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-24 10:26 . 2010-01-24 10:26 -------- d-----w- c:\program files\Analog Devices
2010-01-23 21:49 . 2010-01-23 21:02 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-23 21:49 . 2010-01-23 21:02 2426 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-23 21:48 . 2010-01-23 21:02 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-01-23 21:03 . 2010-01-23 21:03 -------- d-----w- c:\program files\microsoft frontpage
2010-01-23 20:59 . 2010-01-23 20:59 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2004-08-17 13:49 . 2010-01-28 23:55 60416 --sha-w- c:\windows\NiwradSoft Shell Pack\Backup\msimn.exe
.

Kód: Vybrat vše

<pre>
c:\program files\Adobe\acrotray .exe
c:\program files\Common Files\Ahead\Lib\nerocheck .exe
c:\program files\Common Files\Ahead\Lib\nmbgmonitor .exe
c:\program files\uTorrent\utorrent   .exe
c:\program files\uTorrent\utorrent  .exe
c:\program files\uTorrent\utorrent .exe
c:\windows\pchealth\helpctr\binaries\msconfig .exe
</pre>
------- Sigcheck -------

[-] 2004-08-17 . D41D8CD98F00B204E9800998ECF8427E . 14848 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe

[-] 2004-08-17 . D41D8CD98F00B204E9800998ECF8427E . 110592 . . [5.1.2600.2180] . . c:\windows\system32\services.exe

[-] 2004-08-17 . D41D8CD98F00B204E9800998ECF8427E . 58880 . . [5.1.2600.2180] . . c:\windows\system32\spoolsv.exe

[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2004-08-17 . D41D8CD98F00B204E9800998ECF8427E . 543232 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[7] 2004-08-17 . E9F9CD3C7F2E56505A0AC166580120E3 . 111104 . . [5.4.3790.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2004-08-17 . 2A7DE1DDA6445D19C66E4D5510DD5430 . 115712 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-17 . 2A7DE1DDA6445D19C66E4D5510DD5430 . 115712 . . [5.4.3790.2180] . . c:\windows\system32\dllcache\wuauclt.exe

[7] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2004-08-17 . D1C758D6B44D3E7CD32822B6D59611C9 . 636928 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2004-08-17 . D1C758D6B44D3E7CD32822B6D59611C9 . 636928 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[7] 2004-08-17 . EF74351C9098210CC9C1A3679DB62041 . 3003392 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2004-08-17 . BA6D78A56067ECC121B45B2736F97903 . 3331584 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2004-08-17 . BA6D78A56067ECC121B45B2736F97903 . 3331584 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\mshtml.dll

[7] 2004-08-17 . 12C80E46DCEC9B82473D1B1B9DA1F16B . 2183168 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-17 . 400FFE8B2F1EC725B9107488A9E0FA60 . 2344320 . . [5.1.2600.2180] . . c:\windows\system32\ntoskrnl.exe

[-] 2004-08-17 . D41D8CD98F00B204E9800998ECF8427E . 17408 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe

[7] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-17 . CA2BE87B92496E69BC62EFD69F6084B1 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\user32.dll
[-] 2004-08-17 . CA2BE87B92496E69BC62EFD69F6084B1 . 577024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\user32.dll

[7] 2004-08-17 . 50D263E3454E8357D13BB598129185AD . 657408 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2004-08-17 . C63D825FA2DD977470185B0481201E29 . 767488 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2004-08-17 . C63D825FA2DD977470185B0481201E29 . 767488 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\wininet.dll

[-] 2004-08-17 . D41D8CD98F00B204E9800998ECF8427E . 1542144 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

[7] 2004-08-17 . E86DD06F2B8F919DDF23F78A3BF2AA23 . 2059008 . . [5.1.2600.2180] . . c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-17 . 4D81C816786CF0C9EAFB2E8CB1728602 . 2220160 . . [5.1.2600.2180] . . c:\windows\system32\ntkrnlpa.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Pidgin.lnk - c:\program files\Pidgin\pidgin.exe [2010-1-8 45603]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"TTOGVhIB"= {9837CBE6-329D-614C-5C21-0EAC95B1E8C5} - c:\windows\system32\pi.dll [2004-08-17 32768]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aynq]
c:\windows\system32\aynq.exe \u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-10-23 15:10 140568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-10-23 16:58 906648 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_Reader]
c:\program files\internet explorer\wmpscfgs.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2010-01-29 20:12 39440 ----a-w- c:\program files\Common Files\Ahead\Lib\nmbgmonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMIMZMHMFM]
c:\docume~1\herza\locals~1\temp\vxj .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-17 13:49 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-08-20 09:05 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2006-02-14 09:49 454656 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-08-20 09:06 141848 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2010-01-29 16:05 39440 ----a-w- c:\program files\Common Files\Ahead\Lib\nerocheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2007-05-11 01:08 2512392 ----a-w- c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-08-20 09:06 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2007-10-19 12:05 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 07:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 16:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-01-18 10:04 1028096 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-10-23 15:05 2615624 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-01-28 16:18 289584 ----a-w- c:\program files\uTorrent\utorrent .exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\_UTIL\\HP OfficeJet 6500W\\setup\\hpznui01.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\aynq.exe"=
"c:\\Documents and Settings\\herza\\ynbow.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\herza\Data aplikací\Mozilla\Firefox\Profiles\w9cxyyh5.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 17:01
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="4E5130ADA7DE9EFAEA3AB57B638928E8B04B1C98A64CAC9EB8E2644D41C3B479143EF47D3AB4DB65BE2E8ECDEA42B0C6605212D66337E26F59EA13E2A8D6BCB1A635BEC633CA71F314D80E3FD492B9DDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D8EDD5E5BE2F6E667A9C6AECB7A5D140773D39BB9B26212EDEDEBF41DBA4556B43F60EBA62688B21F3E1032450F2652D3E341DB97926115B8800C124C2BC0A69B37DA1618D00EEAEECF7996357BF6BC135933D4F7E2A8F9B0158199EF9E0F5E24BFC8781D0A9332F599A864AE7C7AC269CC5B93D5534637919920B62CCCAEA2815B3F7A232BA6F702D294DD86B07142DC4E2ED70FE84CB7BB93FDC4063EA40A0D2315B578E25B21814AF2FC760E1F0E9600E41666FBCED9AF18F3D66BD074A141C36479D3354A888CDF40EB9BD9CCEA6697FBF6023BE87096D3A1B229352CE9BFFB8CC7CAF60EF9D888BD8AF7B1C713BBDE36D7ECA43743B884E75075F3D7564AA231575CD54736C54F6FEB7005E0342DB418C8940EDB0E087FED5EE5E40A4E499DB99268CD99F2524F1C57CE976BF1768C6A8E4C217D7F95AA9C3EF536DAADCAE9509831B2ABD8A5BC51C8C00041E0F2EA3920CADA43391782A3068469E446FB9865BAE1AB2A05075ADE70D62C3F0B26E9D72C290A5DD36A15F4FDD655C5DA32CDAB8006B34387638258B086D944EF35B9DA92E6D4FB598C05C5A493232123E54099238D98AC674C2196A12A9D36FEEA1B9AE76534D5C9210C902A454F9CCB30BDE9934D7D9D9C763AB50FFEDFFD21B46535726C742397EEF293765C2DE3F454279D72FCD850943A6094F725DA082E24028BB224362329609B51212C62A433B4EEF617BA7684AF15BD5A8F23A0C4F5EE6EC1D51E6F16D984F60FF86B68120C599DFC8B05747F43A790EBBE621329B8EF3FC1C24AE6C2F98F0D587E358D637EEDD0FA8E40C48897B629F6202F6A2D2EA499B81000BAF24B567879670AF152F8C2B7801236B0E96BAC6DEB82BCB24E7F2EB6988C79DBF20654EA879C4D0D1E604B17DEBD1350F46E1455FD6A1FCB8C4A53661536540E94D22AA4D4BD45A9880B9F47AF6BE5937CC59F6FA68F50686DA0FD0AA843956B2ED218FEFD1A1FE159C67C34CC2925BDD68BA2DC215D2D91F80ABB980F1CA05F1A1987E46138E7AA5AD340DED53BA7E4E24B18526DF2F7A3BBFE3F9BCA5B41ABB4AA01D49F521549DAE46F5AAD96A9737D869A1A4F23D5CCC66DDC31A0D325E4E005B56220537DD52EA233507B65CCA80C33EC1051F74F112EB88F8D198ADFF3839577B58DE05CBFA8A855FBA9071597743973273C2A52498B36F5F481B567940640BB09D34CCF48268747ACE88E6AA624F5B5E2232B319FF92F50"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WININET.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1048)
c:\windows\system32\WININET.dll
c:\windows\system32\relog_ap.dll
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(3500)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\oodag.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-01-30 17:05:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-30 16:05

Před spuštěním: 3 680 243 712
Po spuštění: 3 593 773 056

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BA72C5625C489E9DFBC43E7A7BBEAD93

Re: Problém aplikací iexplorer.exe a acrotray.exe

Napsal: sob 30. led 2010, 17:31
od buchannan
Tak to vypadá, že combofixem jsem to zřejmě vyřešil :-)

Re: Problém aplikací iexplorer.exe a acrotray.exe

Napsal: sob 30. led 2010, 17:40
od zombux
vypadá to že jo, průmazů tam bylo na můj vkus docela dost... ComboFix je první pomoc v případě podezření na nákazu ;-)