Neustálý upload a download

[raskar89]

jeste k tomu uploade, jak sem psal ze to kazdou 2-3. sekundu posilalo 208B/s nekam pryc, tak sem to zablokoval pres firewall a chodilo to z procesu scvhost.exe, nevite nekdo co to je?

[Rudy]

Spusťte CF ještě jednou tímto skriptem:

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-

[raskar89]

ComboFix 10-05-20.A4 - Eduard Palíšek 22.05.2010 18:58:46.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3071.1946 [GMT 2:00]
Spuštěný z: c:\users\Eduard Palíšek\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Eduard Palíšek\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-22 do 2010-05-22 )))))))))))))))))))))))))))))))
.

2010-05-22 17:05 . 2010-05-22 17:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-22 17:05 . 2010-05-22 17:05 -------- d-----w- c:\users\EDUARD~2\AppData\Local\temp
2010-05-22 17:05 . 2010-05-22 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-22 15:01 . 2010-05-22 15:01 -------- d-----w- C:\$AVG
2010-05-22 12:09 . 2010-05-22 12:09 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-05-22 12:09 . 2010-05-22 12:09 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-05-22 12:09 . 2010-05-22 12:09 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-05-22 12:09 . 2010-05-22 12:09 161800 ----a-w- c:\programdata\avg9\update\backup\avgrkx86.sys
2010-05-22 12:09 . 2010-05-22 12:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-22 11:58 . 2010-05-22 12:09 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-05-22 11:58 . 2010-05-22 12:09 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-22 11:58 . 2010-05-22 12:09 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-22 11:58 . 2010-05-22 12:09 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-22 11:58 . 2010-05-22 12:00 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-22 11:58 . 2010-05-22 12:05 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-05-22 11:57 . 2010-05-22 11:57 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-05-22 11:55 . 2010-05-22 16:57 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-05-22 09:29 . 2010-05-22 11:57 1007896 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-05-22 09:29 . 2010-05-22 11:57 800536 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-05-22 09:29 . 2010-05-22 11:57 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-05-22 09:29 . 2010-05-22 11:57 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-05-21 20:38 . 2010-05-21 20:38 -------- d-----w- c:\windows\system32\Wat
2010-05-21 18:48 . 2010-05-22 12:33 -------- d-----w- c:\program files\trend micro
2010-05-21 18:48 . 2010-05-21 18:55 -------- d-----w- C:\rsit
2010-05-21 16:00 . 2010-05-21 16:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-21 15:55 . 2010-05-21 22:53 -------- d-----w- c:\programdata\Lavasoft
2010-05-21 10:48 . 2010-05-21 10:48 -------- d-----w- c:\users\EDUARD~2\AppData\Roaming\Vidalia
2010-05-21 10:48 . 2010-05-21 10:48 -------- d-----w- c:\users\Eduard Palí?ek
2010-05-15 13:44 . 2010-05-15 13:44 -------- d-sh--w- c:\programdata\SecuROM
2010-05-15 13:43 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-05-15 13:43 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-15 13:41 . 2010-05-15 13:43 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-05-15 13:41 . 2010-05-15 13:41 -------- d-----w- c:\windows\system32\xlive
2010-05-15 11:54 . 2010-05-15 13:39 -------- d-----w- c:\program files\Grand Theft Auto IV - Episodes From Liberty City
2010-05-12 08:34 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-29 17:39 . 2010-04-29 17:39 -------- d-----w- c:\program files\Core Design
2010-04-29 17:39 . 1999-08-03 08:50 172032 ----a-w- c:\windows\system32\binkw32.dll
2010-04-29 17:38 . 1998-10-02 17:00 327168 ----a-w- c:\windows\IsUninst.exe
2010-04-29 17:38 . 2010-04-29 17:39 -------- d-----w- c:\windows\_ISTMP1.DIR
2010-04-28 15:10 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-28 15:10 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-04-28 11:45 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 11:45 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 11:45 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 11:57 . 2009-12-25 14:22 -------- d-----w- c:\programdata\avg9
2010-05-22 08:44 . 2009-07-14 08:44 622660 ----a-w- c:\windows\system32\perfh005.dat
2010-05-22 08:44 . 2009-07-14 08:44 118810 ----a-w- c:\windows\system32\perfc005.dat
2010-05-21 23:07 . 2009-12-25 14:44 -------- d-----w- c:\program files\CCleaner
2010-05-21 23:07 . 2009-12-25 19:30 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-21 14:43 . 2010-01-05 14:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-21 04:58 . 2009-12-25 14:48 -------- d-----w- c:\program files\uTorrent
2010-05-17 18:16 . 2009-12-29 11:47 -------- d-----w- c:\program files\Google
2010-05-13 10:39 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-13 10:39 . 2009-12-25 13:44 -------- d-----w- c:\programdata\Microsoft Help
2010-04-29 18:06 . 2010-01-30 22:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 10:19 . 2010-01-30 22:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 10:19 . 2010-01-30 22:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 14:09 . 2010-03-14 12:36 -------- d-----w- c:\program files\Diablo II
2010-04-20 18:26 . 2010-04-20 18:26 -------- d-----w- c:\program files\VideoLAN
2010-04-17 22:34 . 2010-01-05 14:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-04 13:04 . 2009-12-25 20:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-01 09:33 . 2010-03-19 21:17 -------- d-----w- c:\program files\ICQ7.0
2010-03-31 23:46 . 2010-03-31 23:45 -------- d-----w- c:\program files\QuickTime
2010-03-31 23:45 . 2010-03-31 23:45 -------- d-----w- c:\programdata\Apple Computer
2010-03-14 14:01 . 2010-03-14 12:40 36520 ----a-w- c:\windows\DIIUnin.dat
2010-03-14 12:40 . 2010-03-14 12:40 94208 ----a-w- c:\windows\DIIUnin.exe
2010-03-14 12:40 . 2010-03-14 12:40 2829 ----a-w- c:\windows\DIIUnin.pif
2010-03-08 21:33 . 2010-04-14 12:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 12:07 . 2010-04-14 12:56 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-14 12:56 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-14 12:56 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 12:56 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 12:56 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:56 . 2010-03-31 23:55 977920 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2006-10-12 03:09 . 2009-12-25 17:06 94208 --sh--w- c:\windows\System32\SalaatTime.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 11:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SalaatTime"="c:\program files\Salaat Time\SalaatTime.exe" [2008-05-16 13496320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2009-12-25 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-12-25 33136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-07-13 33304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=c:\windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Eduard Palíšek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Eduard Palíšek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 10:19 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-10-26 16:26 753664 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-05-05 10:01 1466368 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-30 13:51 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-25 23:32 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-09 691696]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 135664]
R3 kvpndev;Kerio VPN adapter;c:\windows\system32\DRIVERS\kvpndrv.sys [2008-01-16 62464]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-05-22 52872]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-07-01 232472]
S0 NIAPBootClean;NIAPBootClean;c:\windows\system32\Drivers\niapbc.sys [2010-02-05 11776]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-05-22 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-05-22 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-05-22 242896]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-05-22 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-22 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-05-22 2325816]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-06-20 49664]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.
Obsah adresáře 'Naplánované úlohy'

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 11:47]

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 11:47]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Eduard Palíšek\AppData\Roaming\Mozilla\Firefox\Profiles\ljl9jlb2.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.cz/nwshp?client=firefox-a&rls=org.mozilla:cs:official&hl=cs&tab=wn
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2010-05-22 19:06:50
ComboFix-quarantined-files.txt 2010-05-22 17:06
ComboFix2.txt 2010-05-22 10:35
ComboFix3.txt 2010-05-22 10:15
ComboFix4.txt 2010-05-21 21:43
ComboFix5.txt 2010-05-22 16:57

Před spuštěním: Volných bajtů: 37 086 822 400
Po spuštění: Volných bajtů: 37 045 641 216

- - End Of File - - 9B41F7A02B6B4DD216CAF8DD5FFC2578

[Rudy]

OK, smazáno. Jak to vypadá nyní?

[raskar89]

ted to vypada v pohode, upload a download de jenom v cyklech ale to uz muze byt aji kvuli nejakemu programu, ktery ma povoleny firewall. moc dekuju za pomoc. sice sem naposledy vypnul rezidentni ochranu u AVG ale zase to zmizelo, vypada to jak kdyby se smazal vzdycky jenom proces po spusteni tak sem ho manualne pridal a po restartu AVG nabehne, snad to takto staci. jeste bych se zepta, co to bylo za problem?

mockrat dekuju za pomoc

[Rudy]

Měl jste tam trojan Backdoor, který se vracel. Registry hodnota, která byl naposledy mazána, souvisí s nějakým blíže nespecifikovaným AdWare. Nemáte zač!